ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-clear] Re. CLEAR Charter (Forwarded At Request)

2004-10-02 06:37:30
from [John Glube] [Permanent Link] 
From: Chris Haynes Sent: October 2, 2004 4:56 AM 
To: John Glube 
Subject: CLEAR WG post problem

John,

I've been trying for several days now to post to the CLEAR
list, without success.  Can you please post the message
below on my behalf, as part of the CLEAR Charter thread.

Thanks, Chris

------------------------------------

I think there is a useful function which needs to be done,
but I can't work out if it is within the scope of the
proposed charter.

My interpretation of the charter is that it works at the
domain level, i.e. it considers the accountability of each
host in isolation.

I can see the need to:

1) Identify some entity (non-terminal domain node) as
accepting responsibility for a collection of domain nodes
(incl. hosts)

2) Associating policies, reputations etc. with this
responsible entity, rather than with the individual domains.

Just to make it clear, let me give an example. This is
*not* the proposed solution, so please don't hack it to
bits yet. I'm just illustrating the kind of scheme I
mean....

There is a set of domains

a.example.com 
b.example.com 
c.example.com
d.mail.example.com 
e.example.co.uk 
f.example.com.fr
g.japaneseforexample.jp

and so on.

Individually they have some means of asserting "I am
accountable to example.com".

Example.com has a DNS record which confirms: "I accept
responsibility for the actions of  (here follows the above
list)".

'example.com' may now publish policies etc. which are
applicable to all its domains (even ones not directly below
it in the DNS 'tree').

The actions of any one of the hosts at its domains now
affect the reputation of all of its domains, and so on.

Does the charter provide for any such scheme as this -
which permits responsibility & accountability to be grouped?

I can't see that it does, yet I think such pooling would
have benefits within the problem-space that the charter is
addressing.

The reason I have raised it now is that I can immediately
think of two possible ways for the individual host to
assert its affiliation:

- The less-efficient one is for its domain's DNS record to
have a separate record, which would have to be fetched - a
close cousin of SPF's 'include'.

-  A more efficient one would be to extend the syntax of
HELO/EHLO to permit the affiliation to be asserted,
something like:

EHLO g.japaneseforexample.jp PARTOF example.com

and then, of course, one would get confirmation of the
assertion from 'example.com' itself.

If we are to do work on RFCs associated with HELO/EHLO, it
would be useful to know in advance if consideration of the
mechanisms for pooling / aggregation of responsibility is
in scope for CLEAR.

Chris Haynes

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.767 / Virus Database: 514 - Release Date: 21/09/2004
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-clear] Re. CLEAR Charter, wayne
Next by Date:  [ietf-clear] Re. CLEAR Charter, Dave Crocker
Previous by Thread:  [ietf-clear] No callbacks, please, was Re. CLEAR Charter, James Couzens
Next by Thread:  [ietf-clear] Re. CLEAR Charter (Forwarded At Request), Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]