[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew
Newton
If it will be inequitable for reputations, then it isn't a meaningful
reputation check. Though, I'm unclear as to the importance of this
secondary feature.
There are multiplue uses for reputation here.
Reputation is useful for stopping spam, it has other users. In the context
of spam we get good reputation data for enterprises, education and ISPs who
serve closed communities. ISPs who serve large open communities are subject
to replay issues. These are not dealt with in the MASS component but can be
readily controlled in the context of the system as a whole.
Reputation is also usefull to establish trust. Companies who provide trusted
products are going to control access to domain names that carry trustworthy
data. Big bank is not going to use bigbank(_at_)yahoo(_dot_)com as its
communication
channel.
This is not traditional DARPA style security where one break ruins the
systems, this is practical security where we take an actuarial approach.
Replay attack is a significant issue but there will be controls elsewhere in
the network