ietf-asrg
[Top] [All Lists]

RE: [Asrg] RE: 2a. Blacklists, collateral damage and anonymity

2004-05-05 13:45:35
Let us say I block mail from certain network blocks, depending ov
criteria of my choosing.
This step is definitely not illegal.

I choose to share this information with the world via a DNS based
mechanism. Not illegal.

If you do so for the purpose of interferring with a contract or
legitimate commerce you just crossed the line here.

The fact you publish means that you expect the information to 
be read and acted on.

It is not a question of what *you* wish to believe in. Just 
to clarify a
point, I would trust the anonymous maintainer(s) of SPEWS 
before I trust
Verisign (ref: the false certificates issued to people claiming to be 
Microsoft). As yet, SPEWS has not given me justification to 
withdraw my
trust. Verisign has.

Lets see, that was one incident out of about 400,000 certs issued each year.

The error was picked up by VeriSign and the certificate was immediately
revoked. It was VeriSign who reported the issue to Microsoft. The cert
expired several years ago and has not actually been used as far as anyone is
aware.

You can't stop people from making mistakes. You can develop processes that
detect them and correct them. In the case of the CA center procedures a
check that was believed to have been interlocked was not. That coding error
has since been corrected. But even if the error had not been corrected the
error rate of the CA center would be better than five nines which is
exceptional for a process that is human operated.


I don't think you can seriously claim that your comparison to SPEWS is
anything other than partisan.


If blacklists are going to demand accountability they must accept
accountability - from all parties they affect, not just the 
ones they
choose.
Given that the service is optional and free, I doubt that 
accountability to anyone else is even a question.

If you affect someone the courts may decide to hold you accountable
to them.

I do not believe that it should be legal for a public service ISP to
use any anonymous blacklist service to filter customer's mail.

Is there a contract guarantee that email will be delivered? 

There is an expctation. I suspect that it is currently legal to use
an anonymous blacklist, but I don't think it should be legal for anyone
other than the mailbox owner to do so. 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg