ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 6. Proposals - Reputation systems - Project Lumos (was Re: [Asrg] NAI/ESPC Project Lumos whitepaper & request for comment)

2003-10-28 12:36:33
from [Liudvikas Bukys] [Permanent Link] 

For what it's worth, since ESPC Project Lumos is asking for feedback,
    http://www.networkadvertising.org/espc/project_lumos.asp
here is what I sent them:

-----

I have the following feedback regarding the Project Lumos proposal:

- Protocol and header improvements to support sender reputation are a
  good thing.
- Maintaining sender reputation data is hard -- there are often incentives
  that present conflicts of interest to the operators of a sytem, especially
  when pretty-clean senders push into grey areas.
- It is problematic to use a single reputation metric to describe the
  behavior of a sender that potentially sends on behalf of many clients
  for many purposes.
- Acceptance at any time by the system of anything weaker than confirmed
  opt-in hurts the reputation of Lumos itself.  It may be that, if
  widely adopted, end-users may invert the meaning and declare that
  Lumos-approved is a "negative score".

- Sender reputation systems are, necessarily, sender-oriented.  It is
  good that they improve the chances of getting a definitive answer to
  the questions "Did this sender send this" and "What is the reputation
  of this sender?".
- It is BETTER to definitely answer the user-oriented questions "Did
  I authorize this sender to send this email?" and "How do I revoke this
  authorization now?"

I suggest that extending the Lumos work:
        - from definitive proof of sender reputation,
        - to definitive proof of individual consent,
would be an even stronger approach, and would lessen the problem of
having only one metric that describes all the behaviour of a sender (a
metric that may be not useful to many recipients, may involve undesirable
spillover when one sender represents many clients, or may be used by
recipients differently than intended by the project or its participants).

Liudvikas Bukys
University of Rochester
Computer Science Department
734 Computer Studies Building
Rochester, NY 14627-0226

tel# 585-275-7747
fax# 585-273-4556

<bukys(_at_)cs(_dot_)rochester(_dot_)edu>

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: 6. Proposals - Reputation systems - Project Lumos (was Re: [Asrg] NAI/ESPC Project Lumos whitepaper & request for comment), Liudvikas Bukys <=
Previous by Date:  [Asrg] 6. Proposals - DNS-Based - RMX, Yakov Shafranovich
Next by Date:  Re: 3. Requirements - Anonimity (was Re: FW: [Asrg] 0. General), David Maxwell
Previous by Thread:  [Asrg] 6. Proposals - DNS-Based - RMX, Yakov Shafranovich
Next by Thread:  [Asrg] Source Tracking and Authentication idea, Frank McCoy
Indexes:  [Date] [Thread] [Top] [All Lists]