spf-discuss
[Top] [All Lists]

Re: call for volunteers: need someone to write a stunt DNS server

2004-09-16 20:07:01
On Thu, Sep 16, 2004 at 09:18:38PM -0400, Meng Weng Wong wrote:
I am starting a skunkworks project to implement a prototype
of a next-generation email architecture.


One component of the prototype is the karma.com reputation
aggregation clearinghouse.

  http://spf.pobox.com/aspen.html



I'd be willing to help on the reputation system, but I take issue with
much of what you've got at that URL vis a vis reputation:

1)  Selling reputation data has never produced accurate reputation
information, to the best of my knowledge.  Case in point, and using your
own example:  Consumer credit information.  It's often wrong, and
incredibly difficult to correct, because it's not in the interest of
those paying or making money to correct it.  Because the error is almost
always to the detriment of the entity the reputation represents.

2)  Whitelisting based on reputation is a horrible idea.  Reputation is
behavior based, and behavior is not static.  The best that can and
should be done is to observe reputation over time, and react to changes
in that reputation.  Whitelisting after a certain point is, simply, a
mistake.

3)  A centralized reputation system is not the only solution to the
problem of obtaining reputaiton information, in the same way that a
centralized routing table or name service wasn't the solution to
providing that data.   Centralized reputation systems also shift the
burden of trust to the ones controlling the centralized system.  I'd
STRONGLY recommend a decentralized system -- not because I'm working on
GOSSiP, but because I believe deeply that trusting a single entity or
small, finite set of entities with reputation information is a poor
decision, and will ultimately benefit only those making money from it.

4)  Basing reputation on anything other than behavior (e.g., payments)
is, again, a poor choice.  but that's what aspen.html seems to indicate
in the final figure.

5)  Reputation data alone should never be used as arbiter of mail
acceptance, yet that's what aspen.html seems to suggest.  

6)  Reputation is not a lever for selling accreditation, and should not
be viewed as such.  People keep referring to acceditation systems as
though they'll solve the problem of people with little or no behavioral
history on which to base a reputation rating.  I cannot say this
strongly enough:  Reputation is based on past behavior, and
accreditation is based on possible future behavior.  Accreditation is
entirely dependent upon whether you trust the accreditor, because you
are placing your trust in them to tell you that some entity with which
you have little or no experience is trustworthy.  One should never
ignore behavior based on trust.  And, quite frankly, accreditation is
really nothing more than an attempt to buy trust (unless someone can
point me to a functioning, free email accreditation system that
demonstrates otherwise).  Accreditation and reputation are separate;
they stand by themselves, and accreditation may buttress, but not
substitute for, reputation.

Yes, reputation takes time to build.  Because it's behavior-based.
That's why reputation is a strong metric: past behavior may be used to
predict future behavior.  The ability to pay someone for accreditation
is not a predictor of future behavior, and says nothing about past
behavior.  There is no short-term measure to overcome the fact that you
have no experience with a stranger.  There are things that may be done
to mitigate your concern (e.g., accreditation), but reputation should
never be ignored.  Nor should lack thereof.

  a)  Entity has no reputation, no accreditation:
                treat with suspicion

  b)  Entity has no reputation, has accreditation:
                treat with suspicion

  c)  Entity has bad reputation, has accreditation:
                Ignore accreditation, act on reputation

  d)  Entity has good reputation, no accreditation:
                Ignore lack of accreditation, act on reputation

  e)  Entity has bad reputation, no accreditaiton:
                Act on retpuation

  f)  Entity has good reputation, has accreditation:
                Act on reputation

In none of those examples (which cover the spectrum of possibilities)
does accreditation influence the outcome at all.




-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org   http://sufficiently-advanced.net    
mark(_at_)seti(_dot_)org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org