Re: [Asrg] A question on trust and trust propagation.

["Jon Kyme" <jrk at merseymail.com>]

> 
> Maybe the information should not be a binary black/white, but a
> probability/confidence value? "Mail from that IP is spam with a
> probability of 99%" or something like that? For most IPs this will
> usually be close to 0% or 100%, but it should be somewhere in between
> if there are too few samples, or if the host is transitioning from bad
> to good or vice versa.
> 
> (I have to look a GOSSiP again - I think that was quite similar)
> 


You're right, as I remember, Mark Langston's GOSSiP responded to queries
with a reputation score (and an associated confidence rating - did this get
done?).


> Sender domains/addresses are currently completely useless as trustable
> entities.

On their own, perhaps. GOSSiP proposed a domain / IP duple as the 
reputation identity, by which I guess some of the issues with "granularity"
were (might be) avoided. There were also schemes to amalgamate entities for
scoring purposes - perhaps by ref. to "authorisation" mechanisms such as
SPF.

Actually, I really liked the ideas behind GOSSiP - particularly the way
trust between nodes might be established informally (or not), and then
modulated dynamically (without human intervention) would have been neat (I
don't know how far that got).









_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg