On Tue, Dec 09, 2003 at 01:56:00 +0000, Dan Boresjo wrote:
On Tuesday 09 December 2003 12:17 am, Meng Weng Wong wrote:
Validation implies revocation --- if a VeriSign customer turns out to be
a spammer, what's the punishment? Do you refuse to renew them? If the
renewal period is 1 year, they could spam for the rest of that year with
impunity.
It depends on what is being asserted by the CA. If it's simply a matter of
identity, 'Joe Spammer' remains 'Joe Spammer' regardless of what crimes he
may have commited.
True - no matter if he changes the IP or any DNS records....
To assert that 'this person will not send spam' is impossible without (a)
applying prior restraint (active censorship), and (b) defining spam
precisely.
I fear my english can't cope with your "a" statement - but "b" is rather
easy:
ANY mail, that is unwanted by me - (and I don't mean flames or error
messages or the latest joke some friend tries to send me - I mean mail
from someone I haven't asked to send me mail regarding a topic or
something that is not personaly related to me (anyone of this list might
send me comments to SPF, but please keep your Windows-problems off me)
To assert that 'this person is not known to have sent spam before' is
implementable because it is paradigmatically 'one or more blacklist checks'.
However defining what constitutes spam remains a value judgement and myriad
policies will be required in order to suit different cultures.
well, I don't know the RFC by heart - but I heart rumors of something
called netuquette... or said otherwise - those that make this net going
are well aware what SPAM is...
The best solution hence is a value-neutral identity authentication protocol
decoupled from any reputation metadata that may be overlaid onto it.
somehow I feel that I don't agree...
Joe's past activities may have been classed as unacceptable in culture A but
not in culture B (maybe he spams for a government, charity, church or
political party). His identity remains the same, and if the two cultures are
using different identity systems then sharing data simply becomes more
difficult as you would then need a third system of identity mappings in order
to exchange data. Balkanisation rather than standardisation.
IMHO "Cyberspace" in it's definition is not a place where someone can
say "hey I'm from culture A - I am allowd to SPAM and to ignore RFCs" -
if you connect yourself to the Internet you have to abide to it's
rules... BCPs, RFCs and other Documents - the all apply to every device
connected to the net, regardless of the users belive or culture or what
else.
Thus an identity system should simply say "this is joe" and not "this is joe,
who has not been convicted of spamming in Brazil". Then a separate reputation
system should say "joe has not been convicted of spamming in Brazil".
Well, I should say, "Joe's spam threashould is 4 spams per minute" - so
if you can accept that than it's fine.... if you only accept one spam
per hour he's out of business....
In any case all reputation systems have the failing that new people are
constantly being born (or just getting wired) at a rate sufficient to drown
us in spam no matter how complete our history-based blacklist is. Furthermore
Well, I don't blame the users - as I give the mailserver of lazyisp.com
a bad ratio, not a single user... thus if a provider takes care of it's
userbase than the ISP will not get in trouble, but if he the sort of,
"hey, we have cheap mailing (because we don't maintain our
infrastructure)" then that is one of the candidates who loose their
creditability - face it, spam is only possible because of poor
maintained infrastructure! And I don't take it as an excuse if someone
sais "Oh, we are aol.com, we have 17 Million users, we can't affort
to maintain out infrastructure, that costs to much."
a lot of starving people may decide that their online reputation is less
important than food they can by with Joe's bribe.
no offense meant, but this is BS.
as said, comments and flames are welcome ;)
regards
Philipp
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡