Paul Judge <paul(_dot_)judge(_at_)ciphertrust(_dot_)com> wrote:
It is most desirable to block unwanted traffic as close to the
source as possible. There is some difficulty in moving the solution
closer to the source in that you are enforcing a policy for all
downstream receivers. Careful policy expression helps here.
I've previously discussed pushing consent upstream, in:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00898.html
while this works in theory, there are issues with implementation
and use that will make it problematic. e.g. You tell your upstream
provider to block an ip/mask because it's a spamhaus, and 3 months
later when it's your buddy's company, your upstream provider is
unwilling (or unable) to enfore your change of that consent.
That is, consent-based systems should be fail-safe. This probably
means that consent MUST be re-stated after some timeout, otherwise you
will be deemed to implicitely consent to *all* traffic.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg