On 1/26/11 9:16 AM, Chris Lewis wrote:
Everybody gets to define what a reputation means to them. It does in
the non-online world, the on-line world should be no different. Other
than that, you rely on the dictionary for what a reputation _is_,
which leaves virtually infinite scope for details.
Chris,
Allow me to disagree. As an industry, the goal should be to fairly
assess identifiers that are tightly associated with accountable resource
administrators. In the case of an SMTP client, this could be an IP
address known to be statically assigned, or a cryptographically verified
host name of the server providing the service. While it might not be
practical to verify every connection using cryptography, the receiver
can develop their own IP address ACLs based upon their view of
connections from acceptable domains. At this time, it is not practical,
nor desirable, to base reputations on individual users of a resource
being evaluated. When there is abuse, administrators of that resource
should be contacted, and be expected to correct the problem. Since
there is virtually an unlimited supply of domain names and now IP
addresses, there is now a need to vet introductions of new domains
(vouching). IMHO, a good role for MAAWG and its members.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg