RE: [Sipping] updated sip-spam I-D
"David" <david@kayote.com> Mon, 25 October 2004 13:43 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA25886 for <sipping-web-archive@ietf.org>; Mon, 25 Oct 2004 09:43:54 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CM5M6-0006yt-VQ for sipping-web-archive@ietf.org; Mon, 25 Oct 2004 09:57:51 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CM52m-0006Jt-Hm; Mon, 25 Oct 2004 09:37:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CM51x-0006FS-Pl for sipping@megatron.ietf.org; Mon, 25 Oct 2004 09:37:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA25488 for <sipping@ietf.org>; Mon, 25 Oct 2004 09:36:59 -0400 (EDT)
Message-Id: <200410251336.JAA25488@ietf.org>
Received: from smtp002.bizmail.yahoo.com ([216.136.172.126]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1CM5FP-0006rh-QR for sipping@ietf.org; Mon, 25 Oct 2004 09:50:56 -0400
Received: from unknown (HELO a1b30cjcb7gf94) (david@kayote.com@62.56.252.250 with login) by smtp002.bizmail.yahoo.com with SMTP; 25 Oct 2004 13:36:57 -0000
From: David <david@kayote.com>
To: 'Jonathan Rosenberg' <jdrosen@dynamicsoft.com>, 'sipping' <sipping@ietf.org>
Subject: RE: [Sipping] updated sip-spam I-D
Date: Mon, 25 Oct 2004 15:43:17 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <417CD93B.1000005@dynamicsoft.com>
Thread-Index: AcS6mJVj3HrWk5aZTQCkAkH+3ZnUgg==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2857c5c041d6c02d7181d602c22822c8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Sender: sipping-bounces@ietf.org
Errors-To: sipping-bounces@ietf.org
X-Spam-Score: 0.8 (/)
X-Scan-Signature: 1676547e4f33b5e63227e9c02bd359e3
Content-Transfer-Encoding: quoted-printable
Hi Jonathan. It would appear to me that the consent models are being derived from both email and IM and as such have a yes/no criteria for acceptance or rejection of messages. Person X can either contact me or not. Why not explore a more web like model where pages are classified into zones vis-à-vis security. In this implementation, a user defines the security policy of his browser (e.g. accepting cookies etc,) and can then browse unhindered in "secure" zones while being prompted in suspicious ones. In applying this to voice, let's introduce levels of trust (similar to the reputation score you mention) using some sort of tag (perhaps attached to the Asserted ID). The callee would then be able to custom define his preferences in the end device based on these levels - each end user is empowered to set his own policy regarding spam or other security related issues. The level can be set high for calls with certificate asserted IDs, lower for calls coming from trusted zones, lower still for untrusted callers, and lowest for spam or other security violations. Security level screening can be implemented either at some downstream proxy or at the UA. As an example, in the case of voice spam a user can decide that any call with security level 1 (not verified) should be automatically blocked, calls with level 2 (bad reputation or few praises) should be automatically sent to voice mail, calls with level 3 (so so reputation or positive reputation) could be sent a Turing test and calls with level 4 could be automatically accepted (white list). The value of making this decision in the end device is that the user could then take advantage of phone features such as for example, different rings for the varying levels of security. David Schwartz > -----Original Message----- > From: sipping-bounces@ietf.org > [mailto:sipping-bounces@ietf.org] On Behalf Of Jonathan Rosenberg > Sent: Monday, October 25, 2004 12:45 PM > To: sipping > Subject: [Sipping] updated sip-spam I-D > > Folks, > > I've just submitted an update to the sip-spam draft. Until it > appears in the archives, you can pick up a copy at: > > http://www.jdrosen.net/papers/draft-rosenberg-sipping-spam-01.txt > > Here are the diffs: > > * added Jon Peterson as co-author > > * added text on reputation services as a means for preventing spam > > * added text on using address obfuscation in websites as a technique. > Included > a discussion on enum as a target for spammers > > * added text on limited use addresses and the way in which > presence and buddy list systems can help with them > > * add recommendation for a transition mechanism to strong identity > > * added a discussion on session vs. page mode and the > implications on spam prevention > > * made it clear that white lists are superior to black lists, > due to the ease of changing addresses. Refocused the white > list discussion on IM systems as the prototypical example. > > > Thanks, > Jonathan R. > -- > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > Director, Service Provider VoIP Architecture Parsippany, NJ > 07054-2711 > Cisco Systems > jdrosen@dynamicsoft.com FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.cisco.com > > > _______________________________________________ > Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sip@ietf.org for new developments of core SIP > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.775 / Virus Database: 522 - Release Date: 10/8/2004 _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] updated sip-spam I-D Jonathan Rosenberg
- RE: [Sipping] updated sip-spam I-D David