[Asrg] Trust, misunderstood?
"Danny Angus" <danny@apache.org> Wed, 02 July 2003 20:47 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15785 for <asrg-archive@odin.ietf.org>; Wed, 2 Jul 2003 16:47:25 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XoVH-0005Q6-SZ for asrg-archive@odin.ietf.org; Wed, 02 Jul 2003 16:47:00 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h62Kkxn4020830 for asrg-archive@odin.ietf.org; Wed, 2 Jul 2003 16:46:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XoVH-0005Pt-OS for asrg-web-archive@optimus.ietf.org; Wed, 02 Jul 2003 16:46:59 -0400
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15715; Wed, 2 Jul 2003 16:46:54 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XoUL-0005II-4y; Wed, 02 Jul 2003 16:46:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19XoUC-0005G5-M7 for asrg@optimus.ietf.org; Wed, 02 Jul 2003 16:45:52 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15652 for <asrg@ietf.org>; Wed, 2 Jul 2003 16:45:45 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19XoU6-0007kS-00 for asrg@ietf.org; Wed, 02 Jul 2003 16:45:46 -0400
Received: from tarbolton.demon.co.uk ([212.229.119.215] helo=killerbees.co.uk) by ietf-mx with smtp (Exim 4.12) id 19XoU4-0007kE-00 for asrg@ietf.org; Wed, 02 Jul 2003 16:45:45 -0400
Received: from mailtest ([192.168.0.2]) by killerbees.co.uk (JAMES SMTP Server 3.0a1) with SMTP ID 290 for <asrg@ietf.org>; Wed, 2 Jul 2003 21:00:48 +0100 (BST)
From: Danny Angus <danny@apache.org>
To: asrg@ietf.org
Message-ID: <HKEFKPNPJLANNFPFMDKJCENJIIAA.danny@apache.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
In-Reply-To: <20030702190713.C82235@Space.Net>
Importance: Normal
Content-Transfer-Encoding: 7bit
Subject: [Asrg] Trust, misunderstood?
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Wed, 02 Jul 2003 21:48:56 +0100
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Hi all, There's been some talk about trust systems recently, I think I instigated some of it, and I feel that a number of comments have been made which kind of miss the point about trust. I'd like to outline my take on trust and why I believe trust should be considered by this group. First off trust isn't an absolute. Realistically I can only trust people I know, and even then I could misjudge them. To rely on another person's judgement is more risky still. It is also all wrong to think of trust as YES or NO, there are degrees of trust, some people we'd trust with our lives, others with our car keys, yet more with our phone numbers. We don't say YES or NO to the phone number guys, we say "I trust you just enough not to abuse this information" Secondly in existing trust mechanisms it is possible, but not widely used, for end users to make decisions about whom of trust issuers they will trust, and accept the judgement of in assessing an unknown third party. For example It is possible to score PGP keys according to who I trust and why, my immediate circle get full marks, those known to them will be assumed to have a high degree of trust worthiness, and so on. When I encouter a third party I can make a judgement according to how many of the people I trust, and how much I trust them, have signed the certificate. Likewise revocation could have a detrimental affect if a close associate of mine has revoked their trust, less effect if I don't trust the revoker. SSL certificates can be revoked if client software actually bothers to check revokation lists. Now Email: Forming a judgement about whether or not to trust, and to what extent, an unknown sending MTA is about much more than checking a certificate. Of course a signed certificate, signed by someone I trust, can influence my decision, like wise I can consider RBL's and other blacklists, reverse DNS etc, etc. I could attempt to relay mail through a suspect host myself if I'm suspicious. So what I propose for the basis of a trust system would be for a mechanism by which SMTP can temporarily block a transaction in order for the recipient to carry out checks and create a trust score for the sending MTA. If this mechanism provides for the optional exchange of certificates these can be included in the calculation. My Trust system would allow mail admins to set rules and thresholds for trust, allowing admins to raise and lower the barrier of trust which could be crossed *automatically* by well behaved hosts. Other hosts could be rejected out of hand or sin-binned until a more thourough check is carried out. I could offer my scores to my friends. Who, if they trust my judgement, could use this to help in making their judgement. The commercial madness which is the "installed root CA certificates" of the browsers is idiotic, I have no reason at all to trust verisign or thawte who are those guys?!? But if my (they are respectable!) ISP had signed a certificate, or offered me their tust rating for a host I'd be much more likely to trust that host a bit. Unfortunately I'm going away for a week so I won't be able to respond to anyones comments (or flames!) 'till I get back. d. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal Mark McCarron
- Re: [Asrg] Consent Proposal Jon Kyme
- [Asrg] Trust, misunderstood? Danny Angus
- [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Barry Shein
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Selby Hatch
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Vernon Schryver
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal gep2
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- Anticipatory whitelisting (was Re: [Asrg] Consent… Bruce Stephens
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Barry Shein
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Walter Dnes
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Craig Cockburn
- Re: Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Anticipatory whitelisting (was Re: [Asrg] Con… Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Danny Angus
- RE: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Howard Roth
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? C. Wegrzyn