ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

7. BCP - Default Settings (was Re: [Asrg] 0. - General - Consent and SoBig)

2003-08-23 22:13:29
from [Yakov Shafranovich] [Permanent Link]
[Moderator: This discussion is more relevant to the BCP area, and so the subject has been changed] 

At 09:54 PM 8/23/2003, gep2(_at_)terabites(_dot_)com wrote:

....



>       This entire problem would have been a non-event even without a
>consent framework system, if the dominant monopoly application vendor
>actually paid any attention whatsoever to the issue of security from
>a user perspective.
Actually, even if Outlook and IE and Windows were all "secure", I think one can 
fairly argue that there are 'enough' clueness users of AOL's insecure client
software that there would still be a problem.  The consent framework, and
default to removing (or better, intercepting entirely) HTML and attachments on a 
per-sender, per-addressee basis, really ought to be done at the ISP or domain
provider level.
Within the consent framework - this can be done. The consent framework allows any level of control beginning with the user. The user's consent policies can be combined with the ISPs, and the ISPs with their upstream provider, etc. In many cases the ISP may decide that their rules are more important, and thus the ISPs consent rules will override the user's. 


......

>       A consent framework system is neither a necessary condition nor
>sufficient,
Nor is anything else, when you get right down to it. If there were an obvious, 100% watertight, 100% effective solution to these problems we wouldn't have to have this list and be discussing all these different ideas... the problem would 
have been fixed a long time ago.

But the consent framework that I proposed is still a simple, cost-effective,
user-comprehensible, surprisingly effective system that will put a serious dent in BOTH spam AND malware, and moreover will do so in a way that is incrementally 
implementable and that offers a near-immediate payback to those who go to the
effort to put it in.  That sounds to me like it covers a lot of the requisite
bases, and while avoiding nearly all the 'headaches' and implementation barriers 
that most of these other systems we've proposed are afflicted with.
.........
What you are suggesting is default consent rules to be used within the consent framework. This is something that is best addressed within the BCP area - BCP for mail administrators or users. If anyone would like to volunteer, please stand up. 

Yakov




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  7. BCP - Default Settings (was Re: [Asrg] 0. - General - Consent and SoBig), Yakov Shafranovich
Next by Date:  Re: [Asrg] 7. BCP - Consent and SoBig, Kee Hinckley
Previous by Thread:  0. General - IPR (was Re: [Asrg] US Spam patents: Partial list), Yakov Shafranovich
Next by Thread:  Re: 7. BCP - Default Settings (was Re: [Asrg] 0. - General - Consent and SoBig), Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]