Ok, I will accept that (although somehow whenever I think
"accreditation" I am getting a knee-jerk reaction that it will
automatically cost money).
I think that there will automatically be a cost. But that may be borne by
the sender, the recipient, the accreditor or even a charitable basis.
Its like the root servers, they are important, they are volunteer run, but
they are not cost-free by any stretch of the imagination.
So what we have is as follows (I think):
1. MTA identity.
2. Domain identity.
3. Sender's identity.
People start to argue over 'identity'
I think we have hooks we can hang the accreditation on. email addresses are
one type of 'identity'.
I would relabel the rest 'intersubjective agreement between the accreditors
as to the party signified by the name'.
Yeas, it sounds horrible, and it is not likely many folk here read semiotics
and hermenetics. The basic insight I got from the hermeneutic stuff was that
if you get picky you can claim any statement is subjective, you just attack
the axioms. Black is white if you refuse to believe the evidence to the
contrary.
I think that a lot of the argumentation on identity ends up as this sort of
issue. Yes every name is inherently subjective, they are all assigned at
random (according to the trichotemy of Sebok that is what makes it a name).
But even though there is no objective definition of 'Microsoft' there is a
community reality, what could be called an intersubjective agreement as to
who Microsoft is.
Yes, the name is only given in the first place by government decree, another
government could disagree. The folks in Sealand could declare that Microsoft
was somebody else and if you look at it from a strict philosophical point of
view they could say that their definition is correct with the same degree of
certainty, even though no other country recognises them as a country. But it
violates the intersubjective definition that the other 99.999% of the planet
who live in the real world agree on.
Third, checking accreditation on per sender basis slows
things down even
more and allows for a DDOS attack against the accredidation authority
and the receiver.
Better have some fat pipes :-)
Yes, these are issues but they are soluble. If we cannot protect DNS from
DoS we are sunk in any of these schemes.
The whole point of introducing the term was to serve as a
more illustrative
name for what in SAML are called 'attribute assertions'.
An interesting thought - can we use SAML for exchanging
reputation and
accreditation info?
Yes, absolutely. That is one of the things I designed it to do. But the
anti-spam world is not very keen on XML. I think you would find it very
heavy for a first line of defense.
I believe we will end up with a multilayer defense. On the outside we will
use lightweight DNS based schemes to decide 'do I want these packets at
all'. Then we can do more detailed analysis, taking in more data, doing more
work.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg