ietf-mailsig
[Top] [All Lists]

RE: MASS Security Review document

2005-02-11 08:50:26


[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew 
Newton

If it will be inequitable for reputations, then it isn't a meaningful 
reputation check.  Though, I'm unclear as to the importance of this 
secondary feature.

There are multiplue uses for reputation here.

Reputation is useful for stopping spam, it has other users. In the context
of spam we get good reputation data for enterprises, education and ISPs who
serve closed communities. ISPs who serve large open communities are subject
to replay issues. These are not dealt with in the MASS component but can be
readily controlled in the context of the system as a whole.

Reputation is also usefull to establish trust. Companies who provide trusted
products are going to control access to domain names that carry trustworthy
data. Big bank is not going to use bigbank(_at_)yahoo(_dot_)com as its 
communication
channel.


This is not traditional DARPA style security where one break ruins the
systems, this is practical security where we take an actuarial approach.

Replay attack is a significant issue but there will be controls elsewhere in
the network


<Prev in Thread] Current Thread [Next in Thread>