From internet-drafts@ietf.org Sun May 5 18:37:38 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62A621F87D0; Sun, 5 May 2013 18:37:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.549 X-Spam-Level: X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpsK5KLqF4Lw; Sun, 5 May 2013 18:37:38 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B71F21F87AB; Sun, 5 May 2013 18:37:38 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.44.p5 Message-ID: <20130506013738.31418.96875.idtracker@ietfa.amsl.com> Date: Sun, 05 May 2013 18:37:38 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-query-http-05.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 01:37:38 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : A Reputation Query Protocol Author(s) : Nathaniel Borenstein Murray S. Kucherawy Filename : draft-ietf-repute-query-http-05.txt Pages : 8 Date : 2013-05-05 Abstract: This document defines a mechanism to conduct queries for reputation information over the Hypertext Transfer Protocol using JSON as the payload meta-format. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-query-http There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-query-http-05 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-query-http-05 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From internet-drafts@ietf.org Sun May 5 21:03:50 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1FAD21F8A09; Sun, 5 May 2013 21:03:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.529 X-Spam-Level: X-Spam-Status: No, score=-102.529 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBCBPRTO1V1Q; Sun, 5 May 2013 21:03:50 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 577EC21F8A0B; Sun, 5 May 2013 21:03:50 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.44.p5 Message-ID: <20130506040350.699.1404.idtracker@ietfa.amsl.com> Date: Sun, 05 May 2013 21:03:50 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-considerations-01.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 04:03:50 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : Operational Considerations Regarding Reputation Services Author(s) : Murray S. Kucherawy Filename : draft-ietf-repute-considerations-01.txt Pages : 8 Date : 2013-05-05 Abstract: The use of reputation systems is has become a common tool in many applications that seek to apply collected intelligence about traffic sources. Often this is done because it is common or even expected operator practice. It is therefore important to be aware of a number of considerations for both operators and consumers of the data. This document includes a collection of the best advice available regarding providers and consumers of reputation data, based on experience to date. Much of this is based on experience with email reputation systems, but the concepts are generally applicable. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-considerations There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-considerations-01 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-considerations-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From dhc@dcrocker.net Thu May 16 12:31:29 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B1711E811B for ; Thu, 16 May 2013 12:31:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.499 X-Spam-Level: X-Spam-Status: No, score=-6.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOynYA6w-odf for ; Thu, 16 May 2013 12:31:20 -0700 (PDT) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id 6890F11E8110 for ; Thu, 16 May 2013 12:31:20 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r4GJVGsC005165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 16 May 2013 12:31:19 -0700 Message-ID: <519533F6.60306@dcrocker.net> Date: Thu, 16 May 2013 12:31:02 -0700 From: Dave Crocker Organization: Brandenburg InternetWorking User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: Pete Resnick , Pete Resnick References: <5195309C.2020608@gmail.com> In-Reply-To: <5195309C.2020608@gmail.com> X-Forwarded-Message-Id: <5195309C.2020608@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Thu, 16 May 2013 12:31:20 -0700 (PDT) Cc: "domainrep@ietf.org" , draft-ietf-repute-query-http.all@tools.ietf.org Subject: [domainrep] Repute WG Shepherd Document Writeup: draft-ietf-repute-query-http-05 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 May 2013 19:31:29 -0000 This is the formal shepherding submission for this draft. I'm separately posting a review of the document. d/ > == Document Writeup == > === 1. Summary === > > Who is the document shepherd? D. Crocker > Who is the responsible Area Director? P. Resnick > Explain briefly what the intent of the document is (the document's > abstract is usually good for this), and why the working group has > chosen the requested publication type (BCP, Proposed Standard, > Internet Standard, Informational, Experimental, or Historic). Once there is a validated identifier associated with an object or activity, it is possible to develop and communicate its behavioral "reputation". The current draft is part of an effort to define a reputation query/report mechanism. This draft specifically defines the query/response protocol and its conveyance over HTTP. > === 2. Review and Consensus === > > Explain how actively the document was reviewed and discussed, by the > working group and external parties, and explain in a general sense > how much of the interested community is behind the document. Explain > anything notable about the discussion of the document. The document has gone through multiple drafts, over a period of time, that were discussed in the working group. Discussion was mild and supportive, with no significant controversy. The working group 'style' was mostly of a small, collaborative set of active participants. The specified protocol is reasonable simple and flexible, tailored to the semantics of requesting reputation-related attributes about a "subject". > === 3. Intellectual Property === > > Confirm that each author has stated that their direct, personal > knowledge of any IPR related to this document has already been > disclosed, in conformance with BCPs 78 and 79. Explain briefly the > working group discussion about any IPR disclosures regarding this > document, and summarize the outcome. The author is highly experienced with IETF work and the document IPR standard is the default. No IPR concerns are anticipated. > === 4. Other Points === None noted. -- Dave Crocker Brandenburg InternetWorking bbiw.net From internet-drafts@ietf.org Thu May 16 17:13:54 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1EEB11E8138; Thu, 16 May 2013 17:13:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.557 X-Spam-Level: X-Spam-Status: No, score=-102.557 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9WxuLEnVtUO; Thu, 16 May 2013 17:13:53 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 898AC11E80CC; Thu, 16 May 2013 17:13:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.45 Message-ID: <20130517001353.25289.27916.idtracker@ietfa.amsl.com> Date: Thu, 16 May 2013 17:13:53 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-query-http-06.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 May 2013 00:13:54 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : A Reputation Query Protocol Author(s) : Nathaniel Borenstein Murray S. Kucherawy Filename : draft-ietf-repute-query-http-06.txt Pages : 8 Date : 2013-05-16 Abstract: This document defines a mechanism to conduct queries for reputation information over the Hypertext Transfer Protocol using JSON as the payload meta-format. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-query-http There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-query-http-06 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-query-http-06 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From internet-drafts@ietf.org Sun May 19 18:19:56 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB6021F8EFE; Sun, 19 May 2013 18:19:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.48 X-Spam-Level: X-Spam-Status: No, score=-102.48 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTmCGVfwK8PZ; Sun, 19 May 2013 18:19:43 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D22DB21F8EA6; Sun, 19 May 2013 18:19:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.45 Message-ID: <20130520011925.15034.26560.idtracker@ietfa.amsl.com> Date: Sun, 19 May 2013 18:19:25 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-media-type-07.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 01:19:57 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : A Media Type for Reputation Interchange Author(s) : Nathaniel Borenstein Murray S. Kucherawy Filename : draft-ietf-repute-media-type-07.txt Pages : 15 Date : 2013-05-19 Abstract: This document defines the format of reputation response data ("reputons"), the media-type for packaging it, and definition of a registry for the names of reputation applications and response sets. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-media-type There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-media-type-07 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-media-type-07 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From dcrocker@gmail.com Sun May 19 19:45:39 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 953D221F8F12 for ; Sun, 19 May 2013 19:45:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjsKQqmBVpSw for ; Sun, 19 May 2013 19:45:14 -0700 (PDT) Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA2121F8F20 for ; Sun, 19 May 2013 19:45:13 -0700 (PDT) Received: by mail-oa0-f42.google.com with SMTP id i10so7229533oag.29 for ; Sun, 19 May 2013 19:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:content-type:content-transfer-encoding; bh=RcNSsdVh+qezumFtinYjT5AETpjXr8N891bN3rBCw2c=; b=Y1DVcJXLpi2G14V55V5fStyXbgRL1wWC67LHxQSrQJK+tHpMpJmvWjYMQMUUo+mq5x xjVHj9RLcYTiUt2U75Geh3zuTEItCAEzR49gcO6z17D1iacWS/7XbMGznLCviuPo5klc 22z+FNknfvk9fZ3rflboe4MxhLM3dcVUVXk71/KI9MgZOldkhEwpGzIn36CImdyHM8hv sNgZKJ0QL3/3NyjfU/Ug/Zh9AZ3VTEddaYLr9PYE/zqGgCgtADqgQDZj6n2xndcbNse2 4e6ibuklsgiv9U/CkvUxLJ5lafj6nT+aDkrXDszF6BzK36P63o9o6PR+YNXIrAr/tuRi 6aBA== X-Received: by 10.182.153.67 with SMTP id ve3mr4789260obb.29.1369017913618; Sun, 19 May 2013 19:45:13 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id jw8sm18447035obb.14.2013.05.19.19.45.11 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 May 2013 19:45:12 -0700 (PDT) Message-ID: <51998E36.9030204@gmail.com> Date: Sun, 19 May 2013 19:45:10 -0700 From: Dave Crocker User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: draft-ietf-repute-media-type.all@tools.ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "domainrep@ietf.org" Subject: [domainrep] Review of: draft-ietf-repute-media-type-07 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 02:45:39 -0000 { This review is provided as part of document shepherding. /d } Review of: A Media Type for Reputation Interchange I-D: draft-ietf-repute-media-type-07 Reviewed by: D. Crocker Review Date: 19 May 2013 Summary: This document is part of a set that defines a mechanism for requesting and retrieving assessment-related information (reputation) concerning an object. The document defines the response side, in terms of content semantics and form, and MIME-based encoding. The specification is usable in its current form. Detailed Comments: Only one, and it's probably ok to ignore it... > 3.1. Reputon Attributes > ... > rater-authenticity: The level of confidence that the rated identity > is genuine, expressed as a floating-point number between 0.0 and > 1.0 inclusive. "Genuine" here means the identity being rated is > legitimately associated with the real-world entity it represents. > For example, a rater might claim a value of 1.0 here if it is > certain the rated identity "example.com" is associated with The > Example Widget Co, Inc., because it is used in a context where > both authentication and authorization on the use of that domain > name are assured; the binding between the rated identity and the > real-world identity is well established. Hmmm. Arguably, example.com is merely an identifier, as is "Example Widget Co, Inc", and both are tied to the company the latter refers to. I'm not sure how sensitive this mechanism is to the kind of linguistic precision this point implies. Separately, it occurs to me that the response doesn't otherwise cite Example Widget Co, Inc. If rater-authenticity is provided and its meaning concerns association with some real-world entity, would it help to specify that entity, similar to the form of what's done in the explanatory text here? It's possible the answer is no, as in "the reader doesn't need to know the details about the real-world entity, but I, the rater, am confident this identifier is linked to them." My guess is that it's ok to leave this as it is now, and add in more if experience dictates it. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From dcrocker@gmail.com Sun May 19 20:11:21 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E56F921F8F2E for ; Sun, 19 May 2013 20:11:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.099 X-Spam-Level: X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FQTWW-oct7x for ; Sun, 19 May 2013 20:11:21 -0700 (PDT) Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 222CE21F8F20 for ; Sun, 19 May 2013 20:11:21 -0700 (PDT) Received: by mail-ob0-f179.google.com with SMTP id wd20so4830054obb.24 for ; Sun, 19 May 2013 20:11:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:content-type:content-transfer-encoding; bh=YsYiM7QBv9GarsSgpB0aUc9LXCNhB8kWMYOpicNxjZY=; b=B/EoOjymPtJGbLdfzwfdC96SHjRluYavSZbtQUQG8Ty0K5jvX/CHgtplY46QchAwNE PQHYt/aSrtZUfJD+y7q22TJvu8T8o8vxoFFrn6XUQKq176mwaCC1sWSA1xAvmn9aQCR0 VVLwpJSsCcAOMPPh3GIaqpayu33oFANFxc3qqhriQitQi7KhfDN8M1ec4hwHOMnIuFTl vrDGNUtmUxugj7UtozYDQZn/0nPKyExWjAnM3T1560EJpKCkAm49q0kHp3ElAaiqULZI /Z29Lu/E/WCA9ZluQbnQf6f/4vB2x7AvhavfIzrQzzMUqx/r749gm18s6dPf3b2Bf7Ab GwEQ== X-Received: by 10.60.148.234 with SMTP id tv10mr2436835oeb.122.1369019480726; Sun, 19 May 2013 20:11:20 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id na9sm11303461obb.10.2013.05.19.20.11.19 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 May 2013 20:11:19 -0700 (PDT) Message-ID: <51999455.5060903@gmail.com> Date: Sun, 19 May 2013 20:11:17 -0700 From: Dave Crocker User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: draft-ietf-repute-email-identifiers.all@tools.ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "domainrep@ietf.org" Subject: [domainrep] Review of: draft-ietf-repute-email-identifiers-06 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:11:22 -0000 { This review of provided as part of document shepherding /d } Review of: A Reputation Response Set for Email Identifiers ID: draft-ietf-repute-email-identifiers-06 Reviewed by: D. Crocker Review Date: 19 May 2013 Summary: This document is part of a series that define a query/response mechanism for reporting assessment (reputation) information about an object. The current document builds upon the basic mechanism and tailors is for reporting reputation of email-related identifiers. The document is usable in its current form. Some very minor changes are suggested but not required. Detailed Comments: > 1. Introduction > > This document specifies a response set for describing reputation of > an email identifier. A "response set" in this context is defined in > [I-D.REPUTE-MODEL] and is used to describe assertions a reputation > service provider can make about email identifiers as well as meta- > data that can be included in such a reply beyond the base set > specified there. Should the query (http) and response (media-type) documents also be cited explicitly? > 3.1. Assertions > > The "email-id" reputation application recognizes the following > assertions: > > > > > > Borenstein & Kucherawy Expires May 23, 2013 [Page 3] > > Internet-Draft Email Identifiers Reputation Response Set November 2012 > > > abusive: The subject identifier is associated with sending or > handling > email of a personally abusive, threatening, or > otherwise harassing nature. > > fraud: The subject identifier is associated with sending or handling > of fraudulent email, such as "phishing" (some good discussion on > this topic can be found in [IODEF-PHISHING]) > > invalid-recipients: The subject identifier is associated with > delivery attempts to nonexistent recipients > > malware: The subject identifier is associated with the sending or > handling of malware via email > > spam: The subject identifier is associated with sending or handling > of unwanted bulk email This list seems to cover the common behaviors, but I'm wondering whether it's worth the email-id application -- and perhaps each application -- should have its own sub-registry. It's likely that whatever list is defined for email, usage will identify additional labels. One that comes to mind -- and it's only meant as an example -- is "marketing: The subject identifier engages in sending excessive marketing emails to its customers". Formally, that's not spam, but it's irritating enough to plausibly warrant a reputation note. I'm sure there are others. > > For all assertions, the "rating" scale is linear: A value of 0.0 > means there is no data to support the assertion, a value of 1.0 means > all accumulated data support the assertion, and the intervening > values have a linear relationship (i.e., a score of "x" is twice as > strong of an assertion as a value of "x/2"). -- Dave Crocker Brandenburg InternetWorking bbiw.net From superuser@gmail.com Sun May 19 20:32:52 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7296921F8F3E for ; Sun, 19 May 2013 20:32:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.441 X-Spam-Level: X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[AWL=0.158, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlwbZBPCiF4s for ; Sun, 19 May 2013 20:32:51 -0700 (PDT) Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 2524121F8F33 for ; Sun, 19 May 2013 20:32:48 -0700 (PDT) Received: by mail-wi0-f171.google.com with SMTP id hq7so1699976wib.4 for ; Sun, 19 May 2013 20:32:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZWbKZMwOLEp75Xza3CvTGjjZegh0Eg4MpHoGlxYZQTQ=; b=VeBHg+rS4EPZC6YHl2bwykXuj963MZtRTFKjMEj3xVJ7DDROBHgjoCkq29R8oOVxgY kxoClVzxuH1Ax21M61wm8Qg5i8+dGZv4GpRrmjD7iAg8GT51ob4kWaToJ93oDvM54j/V 2lwcWbsFSagGtSuUjjehGsbPkhs+ajKmF3Odjy4wcSxUhrLULxnCUxt4pdTEFBgelUKZ cBqp+A/1B3LAVH+WLX8KDUc2oNJ83RQ4P7SqXb/DCVviTMvLRaS9gnswl/THC9CHvsua gRM0dhwRrkzufsdsObUvXinO9VI3g/598VBN2L6g6W7IFsbFJlCUsAES8x5nbmHn3ZFL e7ug== MIME-Version: 1.0 X-Received: by 10.180.37.109 with SMTP id x13mr9411358wij.20.1369020767951; Sun, 19 May 2013 20:32:47 -0700 (PDT) Received: by 10.180.14.34 with HTTP; Sun, 19 May 2013 20:32:47 -0700 (PDT) In-Reply-To: <51999455.5060903@gmail.com> References: <51999455.5060903@gmail.com> Date: Sun, 19 May 2013 20:32:47 -0700 Message-ID: From: "Murray S. Kucherawy" To: Dave Crocker Content-Type: multipart/alternative; boundary=e89a8f6473f590601904dd1dfce8 Cc: "domainrep@ietf.org" , draft-ietf-repute-email-identifiers.all@tools.ietf.org Subject: Re: [domainrep] Review of: draft-ietf-repute-email-identifiers-06 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:32:52 -0000 --e89a8f6473f590601904dd1dfce8 Content-Type: text/plain; charset=ISO-8859-1 On Sun, May 19, 2013 at 8:11 PM, Dave Crocker wrote: > > 1. Introduction >> >> This document specifies a response set for describing reputation of >> an email identifier. A "response set" in this context is defined in >> [I-D.REPUTE-MODEL] and is used to describe assertions a reputation >> service provider can make about email identifiers as well as meta- >> data that can be included in such a reply beyond the base set >> specified there. >> > > Should the query (http) and response (media-type) documents also be cited > explicitly? > I think the media-type one is a decent candidate. Transport is a totally separate matter so I think that should be omitted. > 3.1. Assertions >> >> The "email-id" reputation application recognizes the following >> assertions: >> >> >> >> >> >> Borenstein & Kucherawy Expires May 23, 2013 [Page 3] >> >> Internet-Draft Email Identifiers Reputation Response Set November 2012 >> >> >> abusive: The subject identifier is associated with sending or >> handling > email of a personally abusive, threatening, or >> otherwise harassing nature. >> >> fraud: The subject identifier is associated with sending or handling >> of fraudulent email, such as "phishing" (some good discussion on >> this topic can be found in [IODEF-PHISHING]) >> >> invalid-recipients: The subject identifier is associated with >> delivery attempts to nonexistent recipients >> >> malware: The subject identifier is associated with the sending or >> handling of malware via email >> >> spam: The subject identifier is associated with sending or handling >> of unwanted bulk email >> > > This list seems to cover the common behaviors, but I'm wondering whether > it's worth the email-id application -- and perhaps each application -- > should have its own sub-registry. It's likely that whatever list is > defined for email, usage will identify additional labels. One that comes > to mind -- and it's only meant as an example -- is "marketing: The subject > identifier engages in sending excessive marketing emails to its customers". > Formally, that's not spam, but it's irritating enough to plausibly warrant > a reputation note. I'm sure there are others. > The list cited is based on practical experience of categories of abuse that are currently reported, based partly on the work the MARF working group did ("abuse", "fraud", "malware"), the obvious "spam" one, and also on common anti-abuse heuristics (in the particular case of "invalid-recipients"). I don't know of any work dedicated to identifying sources of excessive marketing mail, for example. To the question of a dedicated sub-registry, I'm not sure it makes a difference unless different sub-registries will have different update rules (e.g., IETF Review vs. Designated Expert). If that's not the case, then updating either a master registry or a sub-registry invokes the same procedure, so the answer to your suggestion reduces to a matter of organization of the tables with IANA. -MSK --e89a8f6473f590601904dd1dfce8 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Sun, May 19, 2013 at 8:11 PM, Dave Crocker <dcrocker@= gmail.com> wrote:

1. =A0Introduction

=A0 =A0This document specifies a response set for describing reputation of<= br> =A0 =A0an email identifier. =A0A "response set" in this context i= s defined in
=A0 =A0[I-D.REPUTE-MODEL] and is used to describe assertions a reputation =A0 =A0service provider can make about email identifiers as well as meta- =A0 =A0data that can be included in such a reply beyond the base set
=A0 =A0specified there.

Should the query (http) and response (media-type) documents also be cited e= xplicitly?

I think the media-type one i= s a decent candidate.=A0 Transport is a totally separate matter so I think = that should be omitted.
=A0
3.1. =A0Assertions

=A0 =A0The "email-id" reputation application recognizes the follo= wing
=A0 =A0assertions:





Borenstein & Kucherawy =A0 =A0Expires May 23, 2013 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0[Page 3]
=0C
Internet-Draft =A0Email Identifiers Reputation Response Set =A0November 201= 2


=A0 =A0abusive: =A0The subject identifier is associated with sending or
=A0 =A0 =A0 handling > email of a personally abusive, threatening, or =A0 =A0 =A0 otherwise harassing nature.

=A0 =A0fraud: =A0The subject identifier is associated with sending or handl= ing
=A0 =A0 =A0 of fraudulent email, such as "phishing" (some good di= scussion on
=A0 =A0 =A0 this topic can be found in [IODEF-PHISHING])

=A0 =A0invalid-recipients: =A0The subject identifier is associated with
=A0 =A0 =A0 delivery attempts to nonexistent recipients

=A0 =A0malware: =A0The subject identifier is associated with the sending or=
=A0 =A0 =A0 handling of malware via email

=A0 =A0spam: =A0The subject identifier is associated with sending or handli= ng
=A0 =A0 =A0 of unwanted bulk email

This list seems to cover the common behaviors, but I'm wondering whethe= r it's worth the email-id application -- and perhaps each application -= - should have its own sub-registry. =A0It's likely that whatever list i= s defined for email, usage will identify additional labels. =A0One that com= es to mind -- and it's only meant as an example -- is "marketing: = The subject identifier engages in sending excessive marketing emails to its= customers". =A0Formally, that's not spam, but it's irritating= enough to plausibly warrant a reputation note. =A0I'm sure there are o= thers.

The list cited is based on practical exper= ience of categories of abuse that are currently reported, based partly on t= he work the MARF working group did ("abuse", "fraud", &= quot;malware"), the obvious "spam" one, and also on common a= nti-abuse heuristics (in the particular case of "invalid-recipients&qu= ot;).=A0 I don't know of any work dedicated to identifying sources of e= xcessive marketing mail, for example.

To the question of a dedicated sub-registry, I'm not sur= e it makes a difference unless different sub-registries will have different= update rules (e.g., IETF Review vs. Designated Expert).=A0 If that's n= ot the case, then updating either a master registry or a sub-registry invok= es the same procedure, so the answer to your suggestion reduces to a matter= of organization of the tables with IANA.

-MSK
--e89a8f6473f590601904dd1dfce8-- From dcrocker@gmail.com Sun May 19 20:37:25 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4271521F8F2E for ; Sun, 19 May 2013 20:37:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.849 X-Spam-Level: X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2HS3Uq8WkeZ for ; Sun, 19 May 2013 20:37:24 -0700 (PDT) Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id 95B2F21F8F20 for ; Sun, 19 May 2013 20:37:24 -0700 (PDT) Received: by mail-ob0-f181.google.com with SMTP id dn14so6474674obc.40 for ; Sun, 19 May 2013 20:37:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=zzolcpwWrOM8UqMtuui/brUPV8dIGt22oIHErSyyg1o=; b=Vtu0cf0dXX9xS7pBJi4djBJA+nVrgk6fR6jhYFJzzAPYG4oG7DwzBN3E3u5DBV9v+k P5wtW5IC8Ppjm5P6NF3Zs2QJCESgbNp+bAywLYjL2+DpojHemsf/FRuX0118p8DugwJt KDPJs3me6ce+nmo0BAhUicEuoDkBAiLV8hhtFWTYNXPSpqO0xyGxI7bhFo8swfOMID7B IQBQwSMyf5F31Mtj4v6C1/JogcCuV1ieJ55D3r22OXnF30M/Pyc7dl/54gS7IcAeSOK2 3nCkOkD3gShxsyFK+rRHzBizClKfPNpovowaT8YNhbrfgyXqYNAgOmuMgPxY5lGGW6kS deGA== X-Received: by 10.60.134.71 with SMTP id pi7mr25061631oeb.107.1369021044161; Sun, 19 May 2013 20:37:24 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id n6sm19273028oel.8.2013.05.19.20.37.22 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 May 2013 20:37:23 -0700 (PDT) Message-ID: <51999A71.3050306@gmail.com> Date: Sun, 19 May 2013 20:37:21 -0700 From: Dave Crocker User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: "Murray S. Kucherawy" References: <51999455.5060903@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "domainrep@ietf.org" , draft-ietf-repute-email-identifiers.all@tools.ietf.org Subject: Re: [domainrep] Review of: draft-ietf-repute-email-identifiers-06 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:37:25 -0000 On 5/19/2013 8:32 PM, Murray S. Kucherawy wrote: > On Sun, May 19, 2013 at 8:11 PM, Dave Crocker > wrote: > Should the query (http) and response (media-type) documents also be > cited explicitly? > > > I think the media-type one is a decent candidate. Transport is a > totally separate matter so I think that should be omitted. ack. > also on common anti-abuse heuristics (in the particular case of > "invalid-recipients"). I don't know of any work dedicated to > identifying sources of excessive marketing mail, for example. oh, it feels entirely practical. as of now. my point is about the likelihood of wanting to grow the list as experience develops. and here i thought i was clear that it was meant as an example -- a hypothetical. it was meant to be credible, but not intended to be added now. > To the question of a dedicated sub-registry, I'm not sure it makes a > difference unless different sub-registries will have different update > rules (e.g., IETF Review vs. Designated Expert). If that's not the > case, then updating either a master registry or a sub-registry invokes > the same procedure, so the answer to your suggestion reduces to a matter > of organization of the tables with IANA. The alternative could be a flat registry, across applications, but that requires they not collide. The benefit might be having sub-sets of profiles share some labels. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From dcrocker@gmail.com Sun May 19 20:54:41 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E51921F84DF for ; Sun, 19 May 2013 20:54:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.266 X-Spam-Level: X-Spam-Status: No, score=-3.266 tagged_above=-999 required=5 tests=[AWL=0.333, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPCwE-upj6xw for ; Sun, 19 May 2013 20:54:36 -0700 (PDT) Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com [209.85.219.43]) by ietfa.amsl.com (Postfix) with ESMTP id DA20121F8F41 for ; Sun, 19 May 2013 20:54:35 -0700 (PDT) Received: by mail-oa0-f43.google.com with SMTP id o6so7167047oag.16 for ; Sun, 19 May 2013 20:54:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=o+Ka38gF54Wz8/D816i+hKZEDN5vzqK8gH9ChXcyaB0=; b=SJKy4R5hlZEUGvWhrOHulks2sFdr1eFNldh3xF9eK4ETsJIEUDdMAyKfGTy/ZQYPW1 5OQzuxTWImMwo/8OGe7x78W6TY7z4cl0r2JeE5NnMGLmiFvpleMIIfBCieG0Iv8Nob0N wxlzUBv99VLxavD+04jLgjnxLXYplGCWWkx6ZmYdmqGczucwlqyu4xeQo1xqYN/tlUu+ zLitfaE5s+qfj1LEXpT2YljsUKjpk12DK9BSJ1RLrpMvX0GRNFcFrKQ38tWpeW55LLgm bFzePLjpGVbvttQAYhfVsyJYwK5pDD7GxTBK6OMztbYGzJxgW+PkhNwjAI5CKq/o/pxp Rtng== X-Received: by 10.182.153.97 with SMTP id vf1mr3436376obb.27.1369022075484; Sun, 19 May 2013 20:54:35 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id x10sm19358260oes.6.2013.05.19.20.54.33 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 19 May 2013 20:54:34 -0700 (PDT) Message-ID: <51999E78.2030103@gmail.com> Date: Sun, 19 May 2013 20:54:32 -0700 From: Dave Crocker User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: draft-ietf-repute-considerations.all@tools.ietf.org, "domainrep@ietf.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [domainrep] Review of: draft-ietf-repute-considerations-01 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:54:41 -0000 { This review is provided as part of document shepherding. /d } Review of: Operational Considerations Regarding Reputation Services ID: draft-ietf-repute-considerations-01 Reviewed by: D. Crocker Review Date: 19 May 2013 Summary: This document offers commentary on the operation of reputation related services. It contains advice both for providers and for consumers of such information. The document is intentionally basic, but seems pragmatic. Guidance offered is primarily of the "consider this" or "watch for that" style, rather than attempting operational procedures. However it does suggest a kind of detailed questionnaire for consumers to use when choosing a provider. The document is usable in its current form. A few minor suggestions are offered in the Detailed Comments. Detailed Comments: > 2. Background ... > > However, regardless of the identifier used as the identifier for a > reputation, bad actors can evade detection or the effects of their they can evade the effects? I suspect the sentence is meant to differently. Possibly: bad actors can evade detection or its consequences by changing... > observed behavior by changing identifiers (e.g., move to a new IP > address, register a new domain name, use a sub-domain). This makes > the problem space effectively boundless, especially as IPv6 rolls > > > > Kucherawy Expires November 6, 2013 [Page 3] > > Internet-Draft Reputation Operations May 2013 > > > out. out, with its vastly larger address space. > > 3. Evolution ... > > Moreover, good actors tend to be represented by stable names and > addresses, allowing users to rely on these to identify and give > preferential treatment to their traffic. Good actors have no need to > hop around to different addresses, and already work to keep their > traffic clean. In addition, good actors are willing and able to collaborate in the assessment process, such as by supplying validated identifiers, associated with their traffic. > > This notion has only been tried to date using manually edited Which notion? > whitelists, but has shown promising results on that scale. > > 4. Reputation Clients ... > It is suggested that, when engaging an RSP, an operator should try to > learn the following things about the RSP in order to understand the > exposure potential: > > o the RSP's basis for listing or not listing particular subjects; > > o if an RSP is paid by its listees, the rate and criteria for > rejection from being listed; > > o how the RSP collects data about subjects; > > o how many data points are input to the reported reputation; > > o whether reputation is based on a reliable identifier; > > o how the RSP establishes reliability and authenticity of those > data; > > o how data validity is maintained (e.g., on-going monitoring of the how continuing data validity is maintained > reported data and sources); > > o how actively data validity is tracked (e.g., how changes are > detected); > > o how disputed reputations are handled; > > o how often input data expire; > > o whether older information more or less influential than newer; is more or > > o whether the reported reputation a scalar, a Boolean value, a > collection of values, or something else; > > o when transitioning among RSPs, the differences between them among > these above points; that is, whether a particular score from one > means the same thing from another. > > An operator using an RSP would be wise to ensure it has the > capability to effect local overrides for cases where the client > expects to disagree with the reported reputation. > > An operator should be able limit the impact of a negative reputation > on content acceptance. For example, rather than rejecting content > outright when a negative reputation is returned, simply subject it to > additional (i.e., more thorough) local analyis before permitting the > > > > Kucherawy Expires November 6, 2013 [Page 5] > > Internet-Draft Reputation Operations May 2013 > > > traffic to pass. Hmmm. This suggests a "layers of assessment" model, parallel to the common idea of layering security protection. In other words, don't put all your reputation decision-making into a single basket, especially when a third party is holding the basket. > A sensible default should apply when the RSP is not available. This > may also be a query to a different RSP known to be less robust than > the primary one. may -> can > > Recent proposals have focused on tailoring operation to prefer or > emphasize content whose sources have positive reputations. As stated > above, negative reputations are easy to shed, and the universe of and -> while > things that will earn and maintain positive reputations is relatively > small. Designing a filtering system that observes these notions is > expected to be more lightweight to operate and harder to game. > > One choice is to query and cross-referencing multiple RSPs. This can > help to detect which ones under comparison are reliable, and offsets > the effect of anomalous replies. > > 5. Reputation Service Providers > > Operators intending to provide a reptuation service need to consider > that there are many flavors of clients. There will be clients that > are prepared to make use of a reputation service blindly, while > others will be interested in understanding more fully the nature of > the service being provided. An operator of an RSP should be prepared I typically compare these alternative to "yes/no check approval" versus "getting a full credit report". > to answer as may of the questions identified in Section 4 as may -> many > possible, not only because wise clients will ask, but also because > they reflect issues that have arisen over the years, and exploration > of the points they raise will result in a more robust reputation > service. > > Obviously, in computing reputations via traffic analysis, some > private algorithms may come into play. For some RSPs, such "secret > sauce" comprises their competitive advantage over others in the same > space. This document is not suggesting that all private algorithms > need to be exposed for a reputation service to be acceptable. > Instead, it is anticipated that enough of the above details need to > be available to ensure consumers (and in some cases, industry or the > general public) that the RSP can be trusted to influence key local > policy decisions. > > Reptuations should be based on accurate identifiers, i.e., some > property of the content under analysis that is difficult to falsify. > For example, in the realm of email, the address found in the From: rfc5322.From -- or -- From: header field { people occasional see From and thing Mail From. /d } > field of a message is typically not verifiable, while the domain name > found in a validated domain-level signature is. In this case, > constructing a reputation system based on the domain name is more > useful than one based on the From: field. -- Dave Crocker Brandenburg InternetWorking bbiw.net From superuser@gmail.com Mon May 20 00:11:18 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E446E21F8700 for ; Mon, 20 May 2013 00:11:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VArf3MmcGd0Z for ; Mon, 20 May 2013 00:11:17 -0700 (PDT) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id 539D521F85EE for ; Mon, 20 May 2013 00:11:16 -0700 (PDT) Received: by mail-wi0-f177.google.com with SMTP id hr14so1781537wib.16 for ; Mon, 20 May 2013 00:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=vek4LkXfzAGdGkDpBh5AKsieeqPPzfyWHD7Rs4ODKQM=; b=UrYyKd0p3FI8Vi/a/4e4qEsEePv9X7LoPZFx/23RIQB48D13qG6qktpAfldmlMEb9A mQ+hNqt0GQnke6VEFXTNppCNCI7QVsRbdwmhjkd38q/F/QhH9ZkpjBLb31FhvPhF7O5k C4CUXIWbBFPg10VNn7Z0zK1XkruZd0EG+f1eR3n4o50V9Omajl0wMch9xTYKj4GhcB8+ Isg2Mx4SC0OO70mwZtKiNYcFaA0zNVJS0xmQkFSG70rVAbBU5hVco5CxFf/pTB4cvl5B VCXUm9TIZbOEG9uOnrf/Qw/KzIiq7Ycifb6yiI51iukrT2qzxVVnhJCfgs4M4c0A4pzj ZdyA== MIME-Version: 1.0 X-Received: by 10.180.189.41 with SMTP id gf9mr10753798wic.32.1369033875504; Mon, 20 May 2013 00:11:15 -0700 (PDT) Received: by 10.180.14.34 with HTTP; Mon, 20 May 2013 00:11:15 -0700 (PDT) In-Reply-To: <51999E78.2030103@gmail.com> References: <51999E78.2030103@gmail.com> Date: Mon, 20 May 2013 00:11:15 -0700 Message-ID: From: "Murray S. Kucherawy" To: Dave Crocker Content-Type: multipart/alternative; boundary=001a11c34830d5c2ea04dd210929 Cc: draft-ietf-repute-considerations.all@tools.ietf.org, "domainrep@ietf.org" Subject: Re: [domainrep] Review of: draft-ietf-repute-considerations-01 X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 07:11:19 -0000 --001a11c34830d5c2ea04dd210929 Content-Type: text/plain; charset=ISO-8859-1 I'll post a -02 shortly that incorporates all of that. -MSK --001a11c34830d5c2ea04dd210929 Content-Type: text/html; charset=ISO-8859-1
I'll post a -02 shortly that incorporates all of that.

-MSK

--001a11c34830d5c2ea04dd210929-- From internet-drafts@ietf.org Mon May 20 00:14:33 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2138521F8A0C; Mon, 20 May 2013 00:14:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.471 X-Spam-Level: X-Spam-Status: No, score=-102.471 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZRcY0tnGJTNY; Mon, 20 May 2013 00:14:32 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F3BC121F8AD8; Mon, 20 May 2013 00:14:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.45 Message-ID: <20130520071413.18811.66268.idtracker@ietfa.amsl.com> Date: Mon, 20 May 2013 00:14:13 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-considerations-02.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 07:14:33 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : Operational Considerations Regarding Reputation Services Author(s) : Murray S. Kucherawy Filename : draft-ietf-repute-considerations-02.txt Pages : 8 Date : 2013-05-20 Abstract: The use of reputation systems is has become a common tool in many applications that seek to apply collected intelligence about traffic sources. Often this is done because it is common or even expected operator practice. It is therefore important to be aware of a number of considerations for both operators and consumers of the data. This document includes a collection of the best advice available regarding providers and consumers of reputation data, based on experience to date. Much of this is based on experience with email reputation systems, but the concepts are generally applicable. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-considerations There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-considerations-02 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-considerations-02 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From internet-drafts@ietf.org Mon May 20 00:22:54 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A569021F85EF; Mon, 20 May 2013 00:22:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.474 X-Spam-Level: X-Spam-Status: No, score=-102.474 tagged_above=-999 required=5 tests=[AWL=0.126, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hu00RxKLaEhR; Mon, 20 May 2013 00:22:51 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BACD121F852D; Mon, 20 May 2013 00:22:09 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.45 Message-ID: <20130520072209.26086.94489.idtracker@ietfa.amsl.com> Date: Mon, 20 May 2013 00:22:09 -0700 Cc: domainrep@ietf.org Subject: [domainrep] I-D Action: draft-ietf-repute-email-identifiers-07.txt X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 07:22:56 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Reputation Services Working Group of the = IETF. Title : A Reputation Response Set for Email Identifiers Author(s) : Nathaniel Borenstein Murray S. Kucherawy Filename : draft-ietf-repute-email-identifiers-07.txt Pages : 8 Date : 2013-05-20 Abstract: This document defines a response set for describing assertions a reputation service provider can make about email identifers, for use in generating reputons. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-repute-email-identifiers There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-repute-email-identifiers-07 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-repute-email-identifiers-07 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From dcrocker@gmail.com Mon May 20 07:44:44 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C474A21F85EE for ; Mon, 20 May 2013 07:44:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.349 X-Spam-Level: X-Spam-Status: No, score=-3.349 tagged_above=-999 required=5 tests=[AWL=0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OwUNfAUXqmpl for ; Mon, 20 May 2013 07:44:40 -0700 (PDT) Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) by ietfa.amsl.com (Postfix) with ESMTP id 4410321F8265 for ; Mon, 20 May 2013 07:44:40 -0700 (PDT) Received: by mail-oa0-f42.google.com with SMTP id i10so7863688oag.29 for ; Mon, 20 May 2013 07:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=lEvAzvIRzzR8txFtVJJjpEzFHwo3Tg7O9JEmrbqzYAU=; b=maDveW2JMVkoVemhjkl6oq9ZugASzgpApQvmjRNk3uHBS9XK9HDjq+44m3DJNYFa3C wysVCHMLVxfpPhW3+oka2u4n0UKEGJ62gjpDQvVrnZinN46Zhs1Ma3qL42/S+2dG6630 r8Tg25sI3w7Ef2D9PwfMbZkzbSNDDee02BIBCJbRilC1PEeqrWy1Mjb3bA/lhKH9SUBc QrcX1RBKJzIriF04cQR4TmdjMdV6QOzdcFLoRTnyu1KE6hYMsW5ZXENO/7ncYhJEmkyp 4hy3mTvH3Vgp6eyCTgGjtCF0sQ6ZE0AWETnW22I2iW3Ojhq8SDR3BwItmnqJoo7feZWV Mybw== X-Received: by 10.182.138.4 with SMTP id qm4mr27646590obb.101.1369061077791; Mon, 20 May 2013 07:44:37 -0700 (PDT) Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id x5sm21101105oep.1.2013.05.20.07.44.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 20 May 2013 07:44:36 -0700 (PDT) Message-ID: <519A36D1.4000109@gmail.com> Date: Mon, 20 May 2013 07:44:33 -0700 From: Dave Crocker User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: "domainrep@ietf.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [domainrep] Working Group Last Call on Operational Considerations Regarding Reputation Services X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 14:44:44 -0000 Folks, This is to announce the start of a WG last call on: Operational Considerations Regarding Reputation Services http://datatracker.ietf.org/doc/draft-ietf-repute-considerations/ It is intended for publication as an Informational RFC. Please provide any feedback by the 3 June 2013. Thanks. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From ietfdbh@comcast.net Mon May 20 14:14:29 2013 Return-Path: X-Original-To: domainrep@ietfa.amsl.com Delivered-To: domainrep@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1FEB21F8E41 for ; Mon, 20 May 2013 14:14:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.437 X-Spam-Level: X-Spam-Status: No, score=-100.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFSGGqtj3SVa for ; Mon, 20 May 2013 14:14:25 -0700 (PDT) Received: from qmta10.westchester.pa.mail.comcast.net (qmta10.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:17]) by ietfa.amsl.com (Postfix) with ESMTP id 3AFE821F9660 for ; Mon, 20 May 2013 14:14:23 -0700 (PDT) Received: from omta19.westchester.pa.mail.comcast.net ([76.96.62.98]) by qmta10.westchester.pa.mail.comcast.net with comcast id eBcG1l00327AodY5AMENvB; Mon, 20 May 2013 21:14:22 +0000 Received: from JV6RVH1 ([67.189.237.137]) by omta19.westchester.pa.mail.comcast.net with comcast id eMEN1l00E2yZEBF3fMENH1; Mon, 20 May 2013 21:14:22 +0000 From: "ietfdbh" To: , Date: Mon, 20 May 2013 17:14:12 -0400 Message-ID: <009101ce559e$fa534d00$eef9e700$@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: Ac5VnuvxqfWW0pimSzi4DbiXwxgawA== Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1369084462; bh=xEZV5u/6lnWGzERAEs1GxcQxhuKeoqS+upOZeSlGZz4=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=IdsLNFddGQbhukIyfr7ISu3L7Y+A3YZd55CUiK+qXcVtw1of8DawnHzXuU9DPfVa+ Pa3rCdmASLBn596vYhZwJmpL2AAlHoeHTR5Dh6ydJBqDYISQ+P5KiXBbklmgf2Ofyk wmnSZ0vwLmo8Cge8GMd7OaeMNfMk+5WbYmisFQ1GfA74G+o0JFN7+u/yJIacYKfxCD OBwy3dtET1EraAn5/yaFB8kL4sVCgYUlTPCNxS6wIhlHbc/XdiVuqXSCg1XVFlyzPp KqcS62snyrlQm9sKjCFJCSdt+aDLviYxs9eXpQh36PJhnewZfesz2yAc9yAxlru2Mb ZZMZ7z0TOcjcw== X-Mailman-Approved-At: Mon, 20 May 2013 14:29:29 -0700 Subject: [domainrep] Working Group Last Call on Operational Considerations Regarding Reputation Services X-BeenThere: domainrep@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Domain Reputation discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 21:14:30 -0000 Hi, A few comments: 1) s/This document includes a collection of the best advice available/This document includes a collection of advice/ Since this is not being published as a BCP, I think this change is called for. Some text discusses "recent proposals", which I suspect have not risen to "best advice available". 2) This document would benefit from a more definitive listing of the points of advice. Quite a few points are made simply by examples, and some "suggestions" of things to consider. This is only Informational, and contains operational **considerations**, but it feels awfully loose to me. It feels like the musings of the author, rather than a peer-reviewed, WG-approved, considerations document. 3) While I don't question the technical merits of the document, I think this document is not ready for publication, for quality reasons. Much of the text could be significantly tightened up; it rambles a bit. There are spelling and grammar errors that should have been caught during earlier WG reviews. This makes me question how thoroughly the WG has reviewed this document. David Harrington ietfdbh@comcast.net +1-603-828-1401 -----Original Message----- From: opsawg-bounces@ietf.org [mailto:opsawg-bounces@ietf.org] On Behalf Of Melinda Shore Sent: Monday, May 20, 2013 2:29 PM To: opsawg@ietf.org Subject: [OPSAWG] Fwd: [domainrep] Working Group Last Call on Operational Considerations Regarding Reputation Services Also, this. Melinda -------- Original Message -------- Subject: [domainrep] Working Group Last Call on Operational Considerations Regarding Reputation Services Date: Mon, 20 May 2013 07:44:33 -0700 From: Dave Crocker To: domainrep@ietf.org Folks, This is to announce the start of a WG last call on: Operational Considerations Regarding Reputation Services http://datatracker.ietf.org/doc/draft-ietf-repute-considerations/ It is intended for publication as an Informational RFC. Please provide any feedback by the 3 June 2013. Thanks. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ domainrep mailing list domainrep@ietf.org https://www.ietf.org/mailman/listinfo/domainrep _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg