On Fri, Oct 22, 2010 at 02:32:17PM -0400, dar...@chaosreigns.com wrote:
On 10/22, Henrik K wrote:
You should check out this draft:
http://www.mimedefang.org/reputation
(An IETF draft of a Reputation Reporting Protocol.)
Yup, thank you. It's interesting that the ASRG list didn't mention this.
There's no way I'm following it, if only because it uses UDP, which allows
forging of the sender's IP address (as mentioned in this document).
Definitely ideas worth considering in there though.
You're discounting it entirely because it uses UDP? Are you sure you
read the RFC?
The sender IP address is irrelevant -- it's not used for anything at
all. Reports are authenticated with a prearranged username and a HMAC
digest calculated using a shared secret.
I'll make a point of making the server to report to user definable though.
I'd really suggest not reinventing the wheel again. If you have
legitimate criticisms of the RFC, please make them on the list
(http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/reputation-reporting)
or direct to d...@roaringpenguin.com (the main author).
Cheers,
Dave
--
Dave O'Neill <d...@roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 http://www.roaringpenguin.com/
For CanIt technical support, please mail: supp...@roaringpenguin.com
