On Friday 30 January 2004 6:59 pm, Hallam-Baker, Phillip wrote:
I have been working on a specification for accreditation in SPF (attached).
Which is the wrong place to put it...
2) The term accreditation is pretty well established in the community after
the Aspen meeting. I do not see how the term 'peer' is relevant.
acme.com IN TXT "v=mrn1 accreditor=example.net"
Is rather easier to read. Peer suggests to me something very different.
MRN is primarily a peer-to-peer directed graph, where peers (ie: 'friends' or
'buddies') mutually vouch for each other with reciprocal links.
In such a system it shortcuts things a lot to have some commercial service
that will 'be a buddy' to many people for cash. This is what *I* mean by an
accreditation service.
The only difference between such a service and an ordinary 'buddy' is that
they will have a great many of peers - too many to want to put then in an MRN
TXT records and little point in doing so. The accreditation service only
wants to claim a few peers for itself - ie other accreditation services!
Hence the accreditors use a non-reciprocal peer link, where the accreditor
vouches for the principal but the principal does not vouch for the
accreditor.
I considered having a synonym 'accreditor=' but felt it would be a bit
misleading, not to mention pointless.
I am not using the term to mean any of the things in your document. In fact I
may change to a different term - "sponsor' which I rather like.
3) You don't need to commit to an accreditation policy. The peer scheme may
well work, looks to me like it would be easy to defeat but in the end the
filters will give empirical measurement of the effectiveness of the various
schemes.
Not committing to an accreditation policy is _exactly_ why SPF should not
favour one.
4) It works much better as an SPF entry pointing to the existence of an mrn
record:
Except that would tie it to SPF.
5) Rather than form a new group it would be better to separate the spf group
into deployment and development sections.
But then it would be tied to SPF.
6) Creating new acronyms diltes the power of the SPF brand.
On the contrary it avoids diluting SPF with issues that go beyond sender
authentication.
SPF is more likely to succeed if it does not have politically contentious
features unrelated to authentication. Both MRN and your accreditation scheme
have political/eonomic ramifications that SPF does not need.
Secondly, MRN could equally well work with RMX, DMP, DomainKeys, etc, so it
would be confusing to apply the SPF label to it.
It's only relation to SPF is as an example of the kinds of application that
become possible in a post-authentication world, and as an example of the
kinds of innovation that would be stifled if SPF shortcuts the process by
favouring it's own.
- Dan
-----Original Message-----
From: Dan Boresjo [mailto:dan(_at_)boresjo(_dot_)demon(_dot_)co(_dot_)uk]
Sent: Friday, January 30, 2004 12:06 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Announcement: Mailbox Reputation Scheme
Hello Everybody!
Following on from the various discussions here on the subject
of sender
reputation schemes, I would like to make call for
participation in the
"Mailbox Reputation Network". The URL is here:
http://www.polityresearch.com/mrn
Main features:
1) Decentralised and distributed system.
2) Immune to gaming.
3) Supports both grassroots and corporate organisational models.
4) Independent of any particular authentication scheme.
5) Policy-neutral with respect to scoring heuristics etc.
_and_
6) It's more fun than PKI, yet more scaleable than Friendster!
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡