Re: [Asrg] New take on emerging idea. (yet another C-R system?)

[Chuq Von Rospach <chuqui@plaidworks.com>]

sorry, I couldn't read the entire documents. The click ads at the top 
were giving me freaking headers with their flashing and gibbering.

But it looks to be a central repository. Any central database is going 
to be subject to attack and subversion, because it's a single point of 
access -- crack the database, you get access to all that stuff. You 
also have to worry about scaling. Even if these things are done on an 
organizational level, it builds quickly -- what works for my home 
machine may not work for one with 1000 users, or 10000, or 100000. It 
gets nasty quickly.

And finally, you create a huge issue of authentication and 
authorization. Which, given this system is about authentication and 
authorization, makes it seem somewhat sideways. The user is going to 
have to keep authorization/authentication info so they can go and 
generate authorization/authentication info? And what if it leaks? If my 
MUA maintains my whitelisting data and someone cracks my machine, I'm 
screwed (but I'm screwed anyway). If someone cracks a server with 
10,000 users worth of data on it....


On Thursday, April 10, 2003, at 12:19  PM, John Fenley wrote:

> > > www.pontifier.com/database.html www.pontifier.com/challenge.html
> >
> > I don't like and would rather avoid centrally defined and managed
> > systems.  They are too prone to abuse, and frankly, I consider them
> > unsuitable, especially given recent history.
> Could you please elaborate? I think my system would handle abuse well: 
> basically it is a tool to help a user maintain an up-to-date whitelist 
> of their own, a task that is difficult or impossible for a person to 
> do now.
>
> recent history?... I'm not sure I follow.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg