On Tue, 2004-10-05 at 09:28, Dave Crocker wrote:
I was attempting to describe a means of indicating an
affiliation with a group ensuring adherence to some level of
practice.
ahh. ok.
listee (sending smtp client) explicitly cites the accreditation
service. hence, receiving smtp server knows there will be an
entry at that service.
For now, the entry would be set to zero indicating no level of practice
is being claimed. Simply declare the field to act as an invitation for
a subsequent work group to define these BCP levels. In other words,
recognize the need, but make no attempt to define what these
desired/required levels of practice are.
This would be useful when attempting to ensure compliance for differing
standards set by various countries, or to allow an assertion of an
elevated expectation of practice which may help with respect to
filtering.
This group could be the reputation service or some other entity.
I think you are trying to create a more general mechanism than I
had assumed we were doing. In effect, what you are describing
leaves ALL the semantics to each reporting agency. That might be
useful but it is also going to be more ambiguous.
I am not hoping to do anything more than declare the field and leave it
defined to hold zero, meaning no assertion. Putting a foot in the door
is not an ambiguous. It says a follow-on document is required, perhaps
by the ASRG.
I have been assuming that this initial reporting mechanism needs
to be as simple and straight-forward as we can make it. In order
to reduce ambiguity, make utility straightforward and, hopefully,
gain quick adoption and use.
I have been suggesting a 5-value range, rather than 3-value, only
because my guess is that 3-value is to Procrustean. That is, I
suspect this space needs a bit more flexibility than an ATM
transaction approval mechanism.
Again, I am also suggesting the use of a 5 value range. Rather than
some obscure and undefined rating having the recipient contemplate the
action they should take, I am suggesting the 5 value range provide 5
different recommended actions. The rating service must be proactive and
this allows a greater range of actions to enable more aggressive
techniques to deal with abuse. This will also help elicit
communications between the rating service and the provider.
'A' Accept (In good standing)
'B' Temp Refuse or Filter (Was in good standing, but problem pending)
'C' Accept with a limit (New so apply a cap)
'D' Temp Refuse (New and a problem pending)
'E' Reject (Known bad)
This provides 5 values for 5 explicit actions. No thinking required.
Once the BCP assertion becomes possible, then there can be finer
distinctions made (a type of rating that means something).
-Doug