ietf
[Top] [All Lists]

Re: The Value of Reputation

2006-01-03 14:49:18
John Leslie wrote:

Nathaniel Borenstein <nsb(_at_)guppylake(_dot_)com> wrote:
 

On Dec 24, 2005, at 4:09 PM, Douglas Otis wrote:

   

Reputation remains the only solution able to abate the bulk of abuse.
     

... I think most of us pretty much agree about the critical role of
reputation.
   


  I've noticed a lot of what I call "lip service" about the critical
role of reputation. To say this differently, many folks seem to think
you can choose a "reputation system" almost at random, and it's sure
to improve your signal/noise ratio, "unless you've chosen the wrong one".
(which, I suppose, is a tautology...)

  But, in my view, we have no basis to choose the "right" one unless
we have a good understanding of what it measures and a workable idea
of how to "end run" when it falsely rejects good messages.
 

I completely agree that reputation has a critical role (although
accreditation is important in many situations, as Phill has pointed out,
and should not be ignored).  However, I have come to believe that there
is a great deal of subtlety below the surface of any good reputation system:

- Preventing abusers from "gaming the system" to get good scores
- Preventing attackers from damaging the reputations of others
- Defending the reputation system against legal actions from those who
feel they have been hurt
- Making it all work within the law, considering privacy laws, restraint
of trade, and so forth, considering that the laws governing this vary by
jurisdiction

For this reason, I don't think the operation of reputation systems
themselves should be defined by IETF; different users will have
different needs.  However, standard protocols for communicating with
reputation systems will be needed, and this is a very important area for
IETF to address.  Transaction rates for lookups will be high, and
careful protocol design is needed.  The use of standard protocols in
this area will allow clients to pick a suitable reputation service, and
to change services without changing their infrastructure.  Both
reporting and query protocols will need to be defined.

Much of this applies to accreditation services as well, although there
are some different requirements (negotiating an accreditor to use
between sender and recipient/verifier, for example).

-Jim

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>