On 7/11/23 4:18 AM, Jaroslaw Rafa via mailop wrote:
Sadly, you're probably right. It would take someone as universally trusted (and as trustworthy) as Jon Postel was once, to run such a service. But there are no people like Jon Postel in decisive positions anymore...
Yes, I try to find the good in others more so than many.
However I don't think that it would require someone like Jon Postel. Though I would implicitly trust him.
I think that what I'm describing could be done in the open above board and completely visible to all. Much like how Certificate Transparency logs provide visibility into what Certificate Authorities do.
I don't necessarily need to trust the local scribe if what they record is publicly visible and authenticateable (using contemporary technology).
Look at how we -- ostensibly -- trust the DNSSEC for the root zone. It's open, it's visible, it's auditable.
I think that if we really wanted to we could come up with something like that to assess if a given RBL operator (entity) has provided evidence that they are adhering to a minimum level of acceptable behavior and / or exceeding it.
To me, this is largely just data that is publicly available that is run through a definable / publishable algorithm. As such, there is not as much trust in the organization holding the data as the data and public algorithm itself.
Yes, I agree there is an opportunity for questionable practices to be done in a closed system. That's expressly why I'm thinking about an open / visible / auditable system.
I genuinely believe that we could come up with something that (the vast majority if not everybody) could be trusted. Or at the very least make it easy to detect when someone did something wrong.
Grant. . . . _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
