MRN is primarily a peer-to-peer directed graph, where peers
(ie: 'friends' or
'buddies') mutually vouch for each other with reciprocal links.
Have you considered the liabilities that you might incur if you
sponsor (accredit) a peer?
In such a system it shortcuts things a lot to have some
commercial service
that will 'be a buddy' to many people for cash. This is what
*I* mean by an
accreditation service.
We can go round on this, but there is a big problem with pure
peer based trust schemes. The diameter of a graph is bounded
at a minimum by the number of nodes and the maximal degree
of each node by the Moore bound.
If you have a graph of 100 nodes of degree 10 then the diameter
cannot be less than 2 - that is the shortest distance between
the 2 points furthest apart on the graph. (actually the
diameter is 3 and the average distance between nodes is about
2.1 at a guess)
If you have a graph of a million nodes and degree 10 then you
have a diameter of 6. These are for optimal graphs. Random
graphs the diameter is 8, in practice it is worse.
The upshot is that if you want graphs with trust chains of
acceptable length you have to have nodes of very high degree,
that is trust specialists, the pure peer model fails.
Hence the accreditors use a non-reciprocal peer link, where
the accreditor
vouches for the principal but the principal does not vouch for the
accreditor.
Could work, maybe. Why expose the raw data and have every leaf analyse?
I am not using the term to mean any of the things in your
document. In fact I
may change to a different term - "sponsor' which I rather like.
That would be better.
Not committing to an accreditation policy is _exactly_ why
SPF should not favour one.
You are still committing the DNS.
4) It works much better as an SPF entry pointing to the
existence of an mrn
record:
Except that would tie it to SPF.
Nope, you can use any authentication scheme you like. You just
use SPF as a policy statement describing the authentication and
accreditation steps you took.
I certainly do not want multiple policy languages. How can I
say 'all mail is authenticated by X or Y' otherwise?
SPF is more likely to succeed if it does not have politically
contentious
features unrelated to authentication. Both MRN and your
accreditation scheme
have political/eonomic ramifications that SPF does not need.
The accreditation scheme is not contentious amongst the ISPs.
I think you will find that attempting to separate the two would
be contentious.
Secondly, MRN could equally well work with RMX, DMP,
DomainKeys, etc, so it
would be confusing to apply the SPF label to it.
RMX and DMP die. Domain keys will use an SPF policy indication.
Phill
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡