John Leslie wrote: >Nathaniel Borenstein <nsb@xxxxxxxxxxxxx> wrote: > > >>On Dec 24, 2005, at 4:09 PM, Douglas Otis wrote: >> >> >> >>>Reputation remains the only solution able to abate the bulk of abuse. >>> >>> >>... I think most of us pretty much agree about the critical role of >>reputation. >> >> > > I've noticed a lot of what I call "lip service" about the critical >role of reputation. To say this differently, many folks seem to think >you can choose a "reputation system" almost at random, and it's sure >to improve your signal/noise ratio, "unless you've chosen the wrong one". >(which, I suppose, is a tautology...) > > But, in my view, we have no basis to choose the "right" one unless >we have a good understanding of what it measures and a workable idea >of how to "end run" when it falsely rejects good messages. > > I completely agree that reputation has a critical role (although accreditation is important in many situations, as Phill has pointed out, and should not be ignored). However, I have come to believe that there is a great deal of subtlety below the surface of any good reputation system: - Preventing abusers from "gaming the system" to get good scores - Preventing attackers from damaging the reputations of others - Defending the reputation system against legal actions from those who feel they have been hurt - Making it all work within the law, considering privacy laws, restraint of trade, and so forth, considering that the laws governing this vary by jurisdiction For this reason, I don't think the operation of reputation systems themselves should be defined by IETF; different users will have different needs. However, standard protocols for communicating with reputation systems will be needed, and this is a very important area for IETF to address. Transaction rates for lookups will be high, and careful protocol design is needed. The use of standard protocols in this area will allow clients to pick a suitable reputation service, and to change services without changing their infrastructure. Both reporting and query protocols will need to be defined. Much of this applies to accreditation services as well, although there are some different requirements (negotiating an accreditor to use between sender and recipient/verifier, for example). -Jim _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf