Main

April 29, 2008

Comments

Your ID on legitimate traffic that resembles SPIT points out the ironic situation that vocal proponents of "Stupid Network" are in the process of introducing intelligence in the Middle. My position is that it should be handled only at the ends. If you take the recommendation of RFC 5039, we need three things - strong authentication, white list and an "external" introduction scheme. I recommend that we use OpenID for authentication and request those ID providers to mediate "letters" like iName providers do. For quick reference if you want to send an email to me when you know only my iName, then you send the note via a web page to my provider who will ensure that it is not from a bot and will forward it to me; I can send my reply via the provider as well. This way the dependence on the Middle is sufficiently minimized and there is no concern about the Middle being over eager and impacting legitimate scenarios that you identify. We have implemented such a scheme in EnThinnai.

The comments to this entry are closed.

Promote Blue Box!

VoIP Security Books