For what it's worth, since ESPC Project Lumos is asking for feedback,
http://www.networkadvertising.org/espc/project_lumos.asp
here is what I sent them:
-----
I have the following feedback regarding the Project Lumos proposal:
- Protocol and header improvements to support sender reputation are a
good thing.
- Maintaining sender reputation data is hard -- there are often incentives
that present conflicts of interest to the operators of a sytem, especially
when pretty-clean senders push into grey areas.
- It is problematic to use a single reputation metric to describe the
behavior of a sender that potentially sends on behalf of many clients
for many purposes.
- Acceptance at any time by the system of anything weaker than confirmed
opt-in hurts the reputation of Lumos itself. It may be that, if
widely adopted, end-users may invert the meaning and declare that
Lumos-approved is a "negative score".
- Sender reputation systems are, necessarily, sender-oriented. It is
good that they improve the chances of getting a definitive answer to
the questions "Did this sender send this" and "What is the reputation
of this sender?".
- It is BETTER to definitely answer the user-oriented questions "Did
I authorize this sender to send this email?" and "How do I revoke this
authorization now?"
I suggest that extending the Lumos work:
- from definitive proof of sender reputation,
- to definitive proof of individual consent,
would be an even stronger approach, and would lessen the problem of
having only one metric that describes all the behaviour of a sender (a
metric that may be not useful to many recipients, may involve undesirable
spillover when one sender represents many clients, or may be used by
recipients differently than intended by the project or its participants).
Liudvikas Bukys
University of Rochester
Computer Science Department
734 Computer Studies Building
Rochester, NY 14627-0226
tel# 585-275-7747
fax# 585-273-4556
<bukys(_at_)cs(_dot_)rochester(_dot_)edu>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg