ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 4d. Consent Framework - Protocols and Formats

2003-08-15 04:05:17
from [Andrew Akehurst] [Permanent Link] 


Consent based systems don't exist. 


They do exist, just not in a standardised form.

Every time I set up a MUA filter to remove certain messages from 
my mail or use something like SpamAssassin, I'm making a decision
about what e-mail I consent to receive. Just because I'm not
sharing those preferences with anyone else and because there is
no standard way to write out those rules doesn't mean they're 
not an expression of consent.


Challenge response systems do exist...though often broken. 


I see challenge response systems as a subclass of consent based
systems. They seem to implement a policy which says "I only want
to receive e-mail from people who are prepared to follow a certain 
protocol (or who use software which supports it)."

There's nothing wrong with that in principle, although as you 
note there are problems with it.


Rather than create something new, let's
try to fix what we have..then understand how to design it better.


The value in creating something new is that we're creating 
something more general than challenge response systems. Consent
based systems could include several different methods for
expressing and enforcing consent.


In other words, I have yet to receive a single comment on the CRI
draft.


Until recently I've been very busy. I'll take a look at it later
today. I'm not opposed to challenge response systems, I just think
that there's an opportunity to create something broader.

There are problems with each type of consent system, none of them
is perfect. But using a combination of such systems within a 
broader framework can help to overcome the limitations of each. I 
agree that we should work to improve CRI and indeed all such
systems as far as possible. But I doubt that relying on a single
approach will yield effective results for everyone.

There are so many groups of users who use mailing lists, roaming
network access, NAT, DHCP and many other uses and configurations.
Few solutions are suitable for all of these types of user and so
they should be free to use whatever system(s) work for them. In
which case they need some way to tie everything together.

If we can improve CRI to the point where it will work well on 
its own for 99.9% of e-mail users then I'd be happy to admit I
was wrong. Until then, other research efforts are equally
valuable and can continue in parallel.

Andrew

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] RE: 2.a.1 Analysis of Actual Spam Data - Titan Key re duces spam attacks, Selby Hatch
Next by Date:  Re: [Asrg] 4d. Consent Framework - Protocols and Formats, Andrew Akehurst
Previous by Thread:  RE: [Asrg] 4d. Consent Framework - Protocols and Formats (was Re: [Asrg] SMTP level unsubscribe), Yakov Shafranovich
Next by Thread:  RE: [Asrg] RE: 2.a.1 Analysis of Actual Spam Data - Titan Key re duces spam attacks, Peter Kay
Indexes:  [Date] [Thread] [Top] [All Lists]