Developing an alternative email infrastructure trust model

Wed Mar 2 17:22:10 UTC 2005

 On Tue, 1 Mar 2005 10:30:21 +0000, Michael.Dillon at radianz.com wrote:
>  I am suggesting that  we apply the lessons learned from the BGP peering
>  model.

When a diverse community uses an infrastructure service, it needs some basis for trusting the activity of that service.  The nature and degree of trust depends on the nature of the service, of course, but there always are limits to the types and amount of misbehaviors that can be tolerated, beyond which the serviced is rendered useless.

The global telecommunications and postal infrastructures have been based on country government authorization and oversight, with a combination of inter-country treaties and inter-provider contracts specifying formal requirements.  

The modern Internet uses an entirely different trust model, since most service providers operate strictly through market forces, rather than having any government oversight.  Anyone can play.

So we have no reliable way to assess trust of the overall service, because it has no separate identity.  That means assessing each service participant individually.

That's a textbook example of a scheme that does not scale.

What is missing, then, are two things:

1.  Specification of acceptable practises, so there can be a shared view of "good email provider"; and

2.  A processes which assesses performance according to those practises.

Both of these require a community to form, develop the specification, and assess conformance to its requirements.

There are informal examples of such communities already operating.  The challenge is to develop something that scales.

 d/
 --
 Dave Crocker
 Brandenburg InternetWorking
 +1.408.246.8253
 dcrocker  a t ...
 WE'VE MOVED to:  www.bbiw.net