Stardate Mon, 14 Apr 2008, Suresh Ramasubramanian's log:
SR From: Suresh Ramasubramanian
SR Looks like what various people in the industry call a reputation
SR system
I started responding; Suresh's reply came as I was doing so, and put it
very succinctly. Reputation system, but inter-network.
On Mon, Apr 14, 2008 at 11:27 AM, Edward B. DREGER
[EMAIL PROTECTED] wrote:
For such a system to scale, it would need to avoid OSPF-style
convergence. Similarly, I would not want to query, for the sake of
example, 15k different trust peers each time I needed to validate a
new
The risk in a reputation system is collusion.
On Mon, Apr 14, 2008 at 11:50 AM, Steven M. Bellovin
[EMAIL PROTECTED] wrote:
The risk in a reputation system is collusion.
Multiple reputation systems, each with their own reputation .. Sed
quis custodiet ipsos custodes and all that ..
A lot of the reputation (aka positive reputation) shall
I received an off-list request: Could you clarify what precisely you
are trying to secure? I fear that perhaps I am still too vague.
When one accepts an email[*], one wishes for some sort of _a priori_
information regarding message trustworthiness. DKIM can vouch for
message authenticity, but
The risk in a reputation system is collusion.
/One/ risk in a reputation system is collusion.
Reputation is a method to try to divine legitimacy of mail based on factors
other than whether or not a recipient authorized a sender to send mail. To
a large extent, the majority of the focus on
On Mon, Apr 14, 2008 at 01:41:50PM +, Edward B. DREGER wrote:
When one accepts an email[*], one wishes for some sort of _a priori_
information regarding message trustworthiness. DKIM can vouch for
message authenticity, but not trust.
At the moment, this problem can't be solved on an
On Mon, 14 Apr 2008, Edward B. DREGER wrote:
When it comes to establishing trust:
* The current SMTP model is O(N^2);
In practice it's O(N): small-to-medium-sized email systems rely on
external reputation providers (blacklists or anti-spam service providers)
rather than creating their own
Folks,
Same request as the Yahoo! Mail thread, can we go ahead and wrap this
up? Excellent points, intelligent positions, but definitely not
operational. This one might be great for ASRG, which has been a little
more active lately.
Best Regards,
Marty
--
Martin Hannigan
Another alternative is something we've been working on that we call
Perspectives:
http://www.cs.cmu.edu/~dwendlan/perspectives/
Warning: This is a work in progress. The Mozilla plugin is a little
flaky and the paper is still being revised for the final revision for
USENIX. The SSH
On Apr 13, 2008, at 5:36 PM, Edward B. DREGER wrote:
Bottom line first:
We need OOB metadata (trust/distrust) information exchange that
scales
better than the current O(N^2) nonsense, yet is not PKI.
Not sure why PKI should be excluded, but, so far, this is too abstract
to know what the
On Mon, Apr 14, 2008 at 10:34 AM, Owen DeLong [EMAIL PROTECTED] wrote:
Now I'm lost again. You've mixed so many different metaphors from
interdomain routing to distance-vector computaton to store-and-forward
that I simply don't understand what you are proposing or how one
could begin to
12 matches
Mail list logo
