[Operators] server reputation

Pedro Melo melo at simplicidade.org
Fri Apr 18 06:32:51 CDT 2008


On Apr 17, 2008, at 8:16 PM, Peter Saint-Andre wrote:

> Last year I posted a blog entry about server reputation:
> https://stpeter.im/?p=1988
> I think it would be helpful for this group to define some  
> parameters for
> measuring server reputation.
> I'm not yet sure how we would use this information. I don't like the
> idea of a centralized reputation service since that provides a single
> point of failure for attacks against the network. At the last XMPP
> Summit in Brussels, we talked a bit about the idea of a server buddy
> list -- i.e., your server has a list of trusted other servers that it
> consults. So at jabber.org we might ask amessage.de and sapo.pt (or
> whatever) about new servers on the network.
> If we do this in an automated fasion, it requires better tracking and
> monitoring in existing xmppp server codebases.
> We could also do this in a more human-intensive way, e.g. a voting  
> site
> (or sites) where admins can vote +1 or -1 on various domains.
> Thoughts?

My problem with the whole server reputation thing is I don't see the  
next step.

Suppose that we get a reasonable system for measuring server  
reputation. What then? Are you going to start blocking s2s based on  
reputation, or have different shaping rules? Do future XEPs for  
certain protocols (like pubsub proxying for example) take in account  
a "trust level"?

WIthout know what the goals are, what the usage of this database will  
be, I don't see how we can design it.

Best regards,
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org

More information about the Operators mailing list