[jadmin] Re: Google Talk federation policy proposal

Lavanant Etienne etienne.lavanant at int-evry.fr
Sat Aug 27 05:24:21 CDT 2005


Sander Devrieze a écrit :

>Op zaterdag 27 augustus 2005 03:34, schreef Trejkaz:
><snip>
>  
>
>>Put all this stuff into a Bayesian filter, and I bet you can filter SPIM,
>>at least until the spimmers start doing what they did with email, where the
>>really good spammers write short messages which look like normal personal
>>email.
>>    
>>
>
>If it is possible, I don't like to need to use a semi-solution like baysian 
>filtering. Spimmers should just be blocked and loose a lot money if they want 
>to spim. That will be the best solution :-) Maybe adding a small signature of 
>your server made by the JSF to your server? So: 
>1) I setup a new server.
>2) I request a signature from the JSF via a web form for example.
>3) A few days later I receive my "vignet": a signature of my server.
>4) I add it to my server.
>5) Other servers see it is a good signature and allow incoming connections.
>6) I start spimming.
>7) Servers start to block me.
>8) I need to find a new domain.
>9) I need to get a new "vignet" fromt the JSF: relative long waiting time, the 
>form makes it very hard to register automatically with bots == not cheap!!
>
>What do people think of this scenario?
>  
>
Sounds like a good solution but it also sounds like a certificate signed 
by the JSF. We come back to the signed certificate need. Whether the JSF 
should or should not be an authority able to sign certificate is not 
really the problem, the problem is : should we require signed certificates ?

I think it would be a great solution for both full XMPP adoption and 
SPIM problem. It just raises the problem of defining a list of trusted 
authorities. Some of those authorities should of course be free of 
charge (CACert, etc.).

-- 
Étienne Lavanant
tél : 06.66.75.56.38





More information about the JAdmin mailing list