ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 0. General - Review of the CRI subgroup

2003-12-10 12:18:25
from [Eric Dean] [Permanent Link] 
Yes, there is a general consensus that consent-based methods are
prefered; however, CRI is low hanging fruit and can be used to validate
some assumptions of consent-based.  In short, CRI is a subset of
consent-based...but a bit more widely deployed (though not much)

If you are willing to hack code..so am I.


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] 
On 
Behalf Of J C Lawrence
Sent: Tuesday, December 09, 2003 6:56 PM
To: Eric Dean
Cc: 'Yakov Shafranovich'; 'ASRG'
Subject: Re: [Asrg] 0. General - Review of the CRI subgroup 


On Tue, 9 Dec 2003 17:02:14 -0500 
Eric Dean <eric(_at_)purespeed(_dot_)com> wrote:


Where we left off was in the process of building an interworking 
between two or more interested parties.



I have a general concern around the amount of chatter in 

this RTF vs 

actual work being performed.  It's quite frustrating to produce a 
document for the benefit of the group to have it swept aside as 
yesterday's news.


I have been absent from this list for some months.  CRI 
appears to be based on/inspired by a consent token protocol I 
noodled in May of this
year:


  http://article.gmane.org/gmane.ietf.asrg/3303

The current CRI protocol has moved away from binding tokens into email
addresses and message IDs apparently on the grounds of mail header
length limits.  However cursory scanning of the archives didn't reveal
identified cases where header length limits would be a problem, or a
clear assertion of why a consent token might need to be long/complex
enough to exceed RFC 2822 header lengths.  Was there a substantial
reason for moving to an abstract MIME type?

More significantly to my mind CRI clouds the distinction between consent
determination/maintenance and challenge/response (C/R is one method of
obtaining consent, but by no means need be the only one).  Was there a
substantial reason for narrowing the problem specification explicitly to
C/R from the more general question of consent definition and
manipulation?

I will have some free cycles in the new year.  If there is interest I'm
willing to move my prior noodles into draft form as well as to assist in
producing a TMDA patch which implements the protocol as a
sample/reference implementation (note that TMDA is a mail filter which
may be used for C/R and which implements a C/R system as a default
case).

-- 
J C Lawrence
---------(*)                Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu               He lived as a devil, eh?
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 6. Proposals: MTA MARK vs port 25 filtering?, David Maxwell
Next by Date:  Re: [Asrg] 6. Proposals: MTA MARK vs port 25 filtering?, Alan DeKok
Previous by Thread:  Re: [Asrg] 0. General - Review of the CRI subgroup, J C Lawrence
Next by Thread:  Re: [Asrg] 0. General - Review of the CRI subgroup, J C Lawrence
Indexes:  [Date] [Thread] [Top] [All Lists]