[Top] [All Lists]

[Asrg] 3. Requirements - Consent Framework

2003-09-30 22:42:28
I think I have got a handle on Yakov's proposed Consent Framework, or at least what it attempts to achieve. The actual document remains sadly opaque to me. I'll try to summarise my understanding below. Yakov, feel free to correct me if I'm completely off-base.

The "Consent Framework", while presently documented in an extremely formal and opaque manner, is nothing more than a "system of systems", aimed at combining the best-of-breed proposals (the exact ones to be determined at some time in the future) into a single, cohesive, implementable e-mail system. Preferably, of course, leveraging the existing SMTP infrastructure, because that makes implementation several orders of magnitude easier.

I believe another goal is for additional components to be added to the framework as and when necessary, and therefore the system will be governed by some extensible protocol and/or message formatting standards.

The main components of the framework might be:

- Sender identification
- Whitelist for stable sender/recipient relationships
- Monetary payment (using tokens issued by trusted authorities, eg e-stamps)
- Computational payment (generating tokens autonomously, eg hashcash)
- Trust directories (identifying which payment and/or authentication authorities are trustworthy)
- Message category labelling
- BCPs for effective recipient filtering based on above facilities
- BCPs for senders (of various categories) for efficient use of above facilities

Based on the above, it might be a good idea to split my own "E-mail Authentication" paper into two parts, one dealing with the authentication itself, and one dealing with establishing the trustworthiness of the MAA (Mail Authentication Agent). Then both would fit neatly into positions in the above list, along with other people's hashcash, stamp authority, labelling, and whitelist schemes.

With any luck, that should make things a heap clearer for everyone (myself included), unless of course Yakov is going to point out how incorrect I am. :-)

from:     Jonathan "Chromatix" Morton
mail:     chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
tagline:  The key to knowledge is not to rely on people to teach you it.

Asrg mailing list