RE: [Asrg] Consent Proposal
Yakov Shafranovich <research@solidmatrix.com> Sun, 29 June 2003 18:38 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03693 for <asrg-archive@odin.ietf.org>; Sun, 29 Jun 2003 14:38:37 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5TIc9B27534 for asrg-archive@odin.ietf.org; Sun, 29 Jun 2003 14:38:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Wh3x-0007A1-F4 for asrg-web-archive@optimus.ietf.org; Sun, 29 Jun 2003 14:38:09 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03688; Sun, 29 Jun 2003 14:38:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Wh3u-0003vp-00; Sun, 29 Jun 2003 14:38:06 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Wh3p-0003vm-00; Sun, 29 Jun 2003 14:38:01 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Wh3p-00076w-PN; Sun, 29 Jun 2003 14:38:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Wh2d-0006nZ-IL for asrg@optimus.ietf.org; Sun, 29 Jun 2003 14:37:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03679 for <asrg@ietf.org>; Sun, 29 Jun 2003 14:36:45 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Wh2a-0003uY-00 for asrg@ietf.org; Sun, 29 Jun 2003 14:36:44 -0400
Received: from 000-254-303.area7.spcsdns.net ([68.27.233.50] helo=68.27.233.50 ident=trilluser) by ietf-mx with smtp (Exim 4.12) id 19Wh2M-0003uJ-00 for asrg@ietf.org; Sun, 29 Jun 2003 14:36:31 -0400
Message-Id: <5.2.0.9.2.20030629143402.00b3c458@std5.imagineis.com>
X-Sender: research@solidmatrix.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
To: bob@wyman.us, 'Jon Kyme' <jrk@merseymail.com>
From: Yakov Shafranovich <research@solidmatrix.com>
Subject: RE: [Asrg] Consent Proposal
Cc: 'ASRG' <asrg@ietf.org>
In-Reply-To: <004b01c33cd7$43f87f20$660aa8c0@BOBDEV>
References: <5.2.0.9.2.20030627115412.00b97d88@std5.imagineis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-MimeHeaders-Plugin-Info: v2.03.00
X-GCMulti: 1
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sun, 29 Jun 2003 14:36:04 -0400
At 02:09 PM 6/27/2003 -0400, Bob Wyman wrote: >Yakov Shafranovich wrote: > > an overall consent framework > Yes, I'd like to see that framework... I think there are a >number of questions that should be answered by it: > > What is the "language" of consent? When you consent, what is it >that you consent to? Or, when you withhold consent, what is it that you >withhold consent for? In simple systems, consent is binary and focused >only on senders. Either a sender may, or may not, send messages. This is definitely an issue that needs to be defined. I think we need to define a broad overview of consent framework and then start working on specific issues such as this. >However, some have proposed that consent be granted in a much more >granular fashion. Thus, you should be able to consent based on a number >of attributes such as: > 0. Identity of sender > 1. Size of message > 2. Encoding of message (character sets, HTML, etc) > 3. Source IP (presence on white/blacklists) > 4. From: header matches with sending server (i.e. RMX, etc.) > 5. Presence of signatures > 6. Presence of attachments > 7. Rate of message arrival (i.e. only 3 messages per day per >sender...) > 8. Words used in message. (i.e. no message using "bad" words) > 9. Use of Multi-part MIME > 10. etc... > The goal here should be to define the "language" of consent. To >show what can be said and perhaps understand under what circumstances it >is reasonable to say these things and what benefit can come from saying >them. Also, some attention should be paid to the issues of what can and >cannot be determined by a machine. For instance, a machine can easily >measure the size of message. A machine can also, in some cases, >determine what account was used to send a message. However, a machine >will not be able to determine the actual human who caused a message to >be sent. (not even with PKI, signatures, etc...) Very good point. > We should distinguish between consent which is implied (by >reliance on some mechanism such as RMX) or explicit -- i.e. consent that >is expressed independent of the consent management mechanism in some >form like a "license to send" or a consent token. > Explicit statements of consent have interesting properties >especially if they are encoded in a machine readable form. For instance, >a simple expression of consent such as "I don't except mail that >contains the word 'Viagra'." can be used to parameterize the behaviour >of spam filters on the recipient's desktop as well as on upstream >processors such as the recipient's ISP's servers. One might even pass >such a statement to a potential sender. In one possible world, a sender >might have a pop-up in their editor that warns them that "Use of the >word 'Viagra' will prevent delivery of this message to one or more of >the current recipients." > An expression of consent might also serve as a license that can >be used by the sender. For instance, if I consent to receive mail from >you, you should be able to use some kind of a token or certificate to >ensure that your messages bypass interference by any filtering >mechanisms in the channel between us. These all are very good points. I will be writing up something later on this week and putting in on the list laying out the consent framework and different issues that need to be defined. Yakov _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal Mark McCarron
- Re: [Asrg] Consent Proposal Jon Kyme
- [Asrg] Trust, misunderstood? Danny Angus
- [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Barry Shein
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Selby Hatch
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Vernon Schryver
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Peter Kay
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Peter Kay
- [Asrg] Consent Proposal gep2
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- Anticipatory whitelisting (was Re: [Asrg] Consent… Bruce Stephens
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- Re: RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Barry Shein
- RE: [Asrg] Consent Proposal Peter Kay
- Re: [Asrg] Consent Proposal Walter Dnes
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Jon Kyme
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Craig Cockburn
- Re: Fwd: Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: Anticipatory whitelisting (was Re: [Asrg] Con… Yakov Shafranovich
- Re: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Danny Angus
- RE: Fwd: Re: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Bob Wyman
- RE: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Howard Roth
- Re: RE: [Asrg] Consent Proposal Jon Kyme
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- RE: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Consent Proposal Danny Angus
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Markus Stumpf
- Re: [Asrg] Consent Proposal C. Wegrzyn
- Re: [Asrg] Consent Proposal Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? Yakov Shafranovich
- Re: [Asrg] Trust, misunderstood? C. Wegrzyn