On Friday 30 January 2004 8:42 pm, Hallam-Baker, Phillip wrote:
Have you considered the liabilities that you might incur if you
sponsor (accredit) a peer?
I have considered them to be zero given that the only
semantic for a peer link
is "This guy is my buddy; I want his behaviour to reflect on
me in your
scoring algorithm"
How do you know that you can encode that semantic in a way that
you can be sure that is what a court would do? Have you considered
the four corners issue? What about limitation of liability?
Could work, maybe. Why expose the raw data and have every
leaf analyse?
Checking an accreditation works out as one or two exists-like
lookups per
return-path presented to it in most common cases (assuming
sensible caching)
What happens if the chain is more than two? How does path discovery
work?
PGP works in practise through the key server mechanism. See the
work I did with Brian LaMacchia (author MIT PGP keyserver) on XKMS.
In most common cases the accreditation path would be short, eg:
retail user -> ISP -> Accreditation Authority (AA)
corporate user -> Corporation -> Accreditation Authority (AA)
vanity domain owner -> Registrar -> Accreditation Authority (AA)
I imagine the AA's would roughly match today's PKI CA's.
That is not a peer based scheme. That is the scheme I proposed on Monday.
Nope, you can use any authentication scheme you like. You just
use SPF as a policy statement describing the authentication and
accreditation steps you took.
Why? It's not an authentication issue?
Why do you insist on enforcing an arbitrary separation?
I certainly do not want multiple policy languages. How can I
say 'all mail is authenticated by X or Y' otherwise?
You can't, it's relativistic.
Your peer scheme is relativistic, though you could easily ground it
as an intersubjective understanding of reputation.
There is a PoMo literature on this.
The accreditation scheme is not contentious amongst the ISPs.
I guess they would be happy to see the little guy squeezed
out? *I* find that
contentious!
Actually not, Yahoo keeps saying 'no king making'. If you can advertise
the accreditor in DNS you can bootstrap a reputation for new
accreditation schemes in the way I discussed earlier.
Phill
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡