ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 3b. SMTP Verification - Reputation Systems and their Problems (Modified by Anne P. Mitchell, Esq.)

2004-03-05 18:40:41
On Fri, Mar 05, 2004 at 07:20:59AM -0500, Daniel Feenberg wrote:
There is a difference between "centralized" and "cooperative". There is
nothing in the plan that I can see that suggests that they should be the

Where on the web site do you find the word "cooperative"?
All I can detect has the "centralized" direction, like in
    ADDITIONAL REQUIREMENTS FOR LISTING OF ORGANIZATIONS NOT PERSONALLY
    KNOWN TO ISIPP (NON-VOUCHED LISTINGS)

And I surely don't want a service that has worldwide operating ambitions
and that is dependant on US law (I wouldn't like to have one that solely
is dependant on German law, either, no antiamericanism here).

NSI had their monopoly handed to them by an inattentive government agency.
These guys will have to earn their market share - a completely different
matter.

And as soon as you have 4 or 5 of them you'd have to register with all
of them.
Just like with new TLDs which you have to register your trademark with,
if you don't want to loose it (in some countries) or want to risk that
some nerd registers e.g. ibm.biz and puts up a "homepage" with "you all
suck" on it.

In June we had this mega thread about "Mark McCarron" and his "solution
to spam" which was pretty close and a bit more strictly than the ISIPP
Accreditation Database and IIRC not one on this list thought it was a
good idea. Such a database has to be neutral with unemotional terms.

And it has to be free of political influences of one country.
And what will happen, if that country decides that each and everyone from
another country is suddenly untrusted, because the whole other country
is a big danger for the security of the homeland and politically or
through legislation forces the database to remove all the entries
of entities from this specific bad country from their database? Is the
reputation these entities have bought from an organisation like the
ISIPP then suddenly non existant? Do they get their money back? Will the
organisation immediately shut down their service because they (IMHO)
failed? And if not, what is then the worth of such a service?

This is nothing personal against ISIPP, but I think databases like 
IADB are inappropriate and they trick users into a trust situation that
they can't provide.
It's a bit like the "Thawte Secure Site" seal. They encourage https sites
to put it on their pages (and of course make advertising for them).
But the drawback is that people start to think as they see the seal
that the site is a "good" one. So if you are a "bad" one you can add
the seal and people will think they're save.
So basically with the seal Thawte - surely without deliberateness -
tricks the people in a trust feeling they can't control and into
(wrong) trust situations they can't provide.
        
        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>