ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Consent-based Systems

2003-06-23 09:39:37
from [Yakov Shafranovich] [Permanent Link]
Considering the HTML discussion that has been going on,. I would like to start a new thread on discussing consent systems as per our charter (Gordon's proposal seeks to create a specific consent-based system). The charter (http://www.irtf.org/charters/asrg.html) states: 

---snip---
The Anti-Spam Research Group (ASRG) focuses on the problem of unwanted email messages, loosely referred to as spam. The scale, growth, and effect of spam on the Internet have generated considerable interest in addressing this problem. Once considered a nuisance, spam has grown to account for a large percentage of the mail volume on the Internet. This unwanted traffic stands to affect local networks, the infrastructure, and the way that people use email.
The definition of spam messages is not clear and is not consistent across different individuals or organizations. Therefore, we generalize the problem into "consent-based communication". This means that an individual or organization should be able to express consent or lack of consent for certain communication and have the architecture support those desires. Expressing consent is more straightforward on an individual basis; as the solution is moved closer to the source, it is more difficult to express a policy that satisfies all downstream receivers. The research group will investigate the feasibility of: (1) a single architecture that supports this and (2) a framework that allows different systems to be plugged in to provide different pieces of the solution. 

Possible components of such a framework may include:
Consent Expression Component: This involves recipients expressing a policy that gives consent or non-consent for certain types of communications
Policy Enforcement Component: This involves subsystems within the communication system that enforce the policy. The overall framework may involve multiple subsystems within the policy enforcement component. This may involve fail-open or fail-closed approaches. With a fail-open approach, the system must identify messages that do not have consent. For example, this may include approaches that determine the nature of a message based on its characteristics or input from a collaborative filtering system. With a fail-closed approach, the system must identify messages that do have consent and only allow those to be delivered. For example, consent may be expressed by a policy, by a "consent token" within the message, or by some payment that essentially purchases consent or delivery rights.
Source Tracking Component: This component provides deterrence to parties that consider violating the policy by facilitating identification and tracking of senders that violate the policy. This may require non-repudiation at the original sender, the sender's ISP, or some other entities involved in the communication system. Note that "consent" need not necessarily be in advance. It is within scope for ASRG to consider frameworks in which receivers express their lack of consent only after having received a message.
The purpose of the ASRG is to understand the problem and collectively propose and evaluate solutions to the problem. While some techniques focus on local text classification approaches, many traditional and evolving techniques include approaches that involve new network architectures or changes to the existing applications and protocols.
ASRG will investigate the spam problem as a large-scale network problem. The ASRG will begin its work by developing a taxonomy of the problem and the proposed solutions. This taxonomy should involve casting the spam problem into different perspectives, such as examining the similarities between spam and denial-of-service; spam and intrusion detection/prevention; and spam and authentication, authorization, and accounting.
ASRG will consider the issues of deployment for proposed solutions, emphasizing the investigation of methods that have a realistic chance of wide-scale deployment.
The work of the ASRG will also include investigating techniques to evaluate the usefulness and cost of proposed solutions. Usefulness is described by the effectiveness, accuracy, and incentive structure of the system. The cost of the system refers to the burden imposed on users and operators of the communications system. These costs include any changes to the normal use of the system or actual changes in the monetary costs of using the system. The group will investigate evaluation infrastructures such as public trace data archives and research tools to measure and analyze the problem and the solutions.
ASRG will not pursue research into legal issues of spam, other than the extent to which these issues affect, support, or constrain the technology. 
---snip---


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] Consent-based Systems, Yakov Shafranovich <=
Previous by Date:  Re: [Asrg] Grouped reply on permissions lists, Yakov Shafranovich
Next by Date:  [Asrg] EarthLink releases "spamBlocker", Bob Wyman
Previous by Thread:  [Asrg] News Article - The ease of hijacking domain names, Yakov Shafranovich
Next by Thread:  [Asrg] EarthLink releases "spamBlocker", Bob Wyman
Indexes:  [Date] [Thread] [Top] [All Lists]