Doug,
On Mar 8, 2005, at 8:27 AM, Douglas Otis wrote:
On Tue, 2005-03-08 at 07:04 -0800, Mark Baugher wrote:
On Mar 5, 2005, at 8:10 AM, Andrew Newton wrote:
...
I was discussing the making and revoking of reputation assertions.  At
least that's what I wanted to discuss.  I think you're talking about
revoking account keys.
The revocation records signal the rejection of revocation-identifiers
within the signature (content).  Currently deployed reputation services
use nearly identical signaling for remote IP addresses reject by
returning an A record (127.0.0.1/8).
Are you convinced that currently deployed black list services will meet 
mail-signing requirements?
There is a good reason why a
record is not returned when reputation is good.  It is desired that the
recipient make no-records results TTLs short (negative caching) to
indicate acceptance, but at their discretion, to adjust their network
and cache loads.
When using a record to be an indication of acceptance, to then allow
rapid revocation, the A records would need to have relatively short
TTLs.  Some positive reputation services do this by using 0 TTL.
Is a "positive reputation service" an accreditation service?
About
25% of the IP space is excluded with a bad reputation, and the database
for asserting a bad reputation is still smaller than a good.  (This
information still needs to be propagated.)  The domain name space is a
bit different.  It looks to be a closer split of good and bad, no doubt
driven by a need to evade filtering.  It still seems to be a better
choice to have a record express a bad reputation, however.
Is it the consensus of DNS experts that this is good or safe for the 
DNS?  I wonder about that because I don't believe that the DNS can 
safely incorporate features for any application on the Internet.
I'm speculating, and the following opinion is an entirely personal one: 
 Once we get beyond anti-forgery, the DNS does not seem to me to be a 
good place for any sort of reputation service.  A domain might have a 
very good reputation for some applications and a very bad reputation 
for others, for example.
Described as a DoS database, use of HELO-domain combined with
message-signature-domain could make a common database that guards the
recipient at both phases (HELO & Signature).  Larger domains with a few
bad accounts would be handled by the revocation-identifier after the
domain is accepted at the HELO and the signature check.  When the
HELO-domain is within the Signature-domain, the revocation-identifier
check can be skipped, in this situation a reputation check on the HELO
should also allow the skipping of a signature reputation check.  In
other words, sub-domains for a domain with a bad reputation should also
return a bad reputation.
Reputation is on the order of consumer electronics numbers, e.g.
broadcast key management systems on the scale of digital versatile 
disc
players or even individual discs.
Agreed.  Looking at how the number of queries can be reduced is an
important aspect of meeting these requirements.  There are examples 
that
indicate DNS style query techniques scale to reporting on billions of
entities. (Not easily, but well beyond the entire domain name space.)  
A
reputation service is still at a larger scale than the
revocation-identifier query would ever be.  The revocation-identifier 
is
also distributed whereas a reputation query would be for all domains.
What if we screw up?  How would this affect the global DNS?
There are some ideas how reputation services can be better implemented,
but this will require a development process.  For now, using DNS seems
like a good starting point that should be able to meet immediate needs
of a new mechanism.
Would it also be a good starting point for telephony reputation?  What 
about for IM reputation? Etc.?
Mark
Tony Finch has suggested within the Clear WG to combine the IP address
with the domain. i.e.
d.c.b.a._ip4.<domain-query>.<domain-service>
-Doug