[jadmin] Re: Google Talk federation policy proposal

Sander Devrieze s.devrieze at pandora.be
Sat Aug 27 07:46:01 CDT 2005


Op zaterdag 27 augustus 2005 12:24, schreef Lavanant Etienne:
> Sander Devrieze a écrit :
> >Op zaterdag 27 augustus 2005 03:34, schreef Trejkaz:
> ><snip>
> >
> >>Put all this stuff into a Bayesian filter, and I bet you can filter SPIM,
> >>at least until the spimmers start doing what they did with email, where
> >> the really good spammers write short messages which look like normal
> >> personal email.
> >
> >If it is possible, I don't like to need to use a semi-solution like
> > baysian filtering. Spimmers should just be blocked and loose a lot money
> > if they want to spim. That will be the best solution :-) Maybe adding a
> > small signature of your server made by the JSF to your server? So:
> >1) I setup a new server.
> >2) I request a signature from the JSF via a web form for example.
> >3) A few days later I receive my "vignet": a signature of my server.
> >4) I add it to my server.
> >5) Other servers see it is a good signature and allow incoming
> > connections. 6) I start spimming.
> >7) Servers start to block me.
> >8) I need to find a new domain.
> >9) I need to get a new "vignet" fromt the JSF: relative long waiting time,
> > the form makes it very hard to register automatically with bots == not
> > cheap!!
> >
> >What do people think of this scenario?
>
> Sounds like a good solution but it also sounds like a certificate signed
> by the JSF. We come back to the signed certificate need. Whether the JSF
> should or should not be an authority able to sign certificate is not
> really the problem, the problem is : should we require signed certificates
> ?
>
> I think it would be a great solution for both full XMPP adoption and
> SPIM problem. It just raises the problem of defining a list of trusted
> authorities. Some of those authorities should of course be free of
> charge (CACert, etc.).

Well, in the above scenario, the certificates of the JSF will not be used for 
trust. The only thing that a server will prove, is that the admin has 
undergone the process to receive the certificate. In other short, it will 
prove that the public Jabber server, was made by a human being and no bot.

-- 
Mvg, Sander Devrieze.

xmpp:sander at devrieze.dyndns.org ( http://jabber.tk/ )



More information about the JAdmin mailing list