[Standards-JIG] privacy2 anti-SPIM proto-JEP
Bart van Bragt
jabber at vanbragt.com
Mon Aug 29 21:13:52 UTC 2005
Tomasz Sterna wrote:
> 2005/8/29, Bart van Bragt <jabber at vanbragt.com>:
>> About this challenge system; what if I have a very useful service of
>> XMPP that happens to be automated (i.e. a legitimate bot). Asking users
>> to manually add my bot to their privacy (white)list doesn't sound very
>> appealing to me.
> As soon as they message your bot for help (and add it to corespondents
> list) or add it to roster, they poke a hole in the spimfilter and
> allow messages from your bot. :-)
Which is why I said:
"Asking users to manually add my bot to their privacy (white)list
doesn't sound very appealing to me."
I really don't like reducing the openness of XMPP. Weeding out 'bad'
servers or 'bad' clients is fine with me, it's a must have even. But
bothering your average user with hoops he/she has to jump through or
letting them deal with unnecessarily complex authorization/subscription
procedures is IMO not a good solution.
> Oh... If we begin the story of e2ee, web of trust or any other
> advanced technique again, we won't even design the protocol in this
I'd rather have that then designing something quickly and ending up with
a network that's a lot pleasant than it used to be. IMO we can sort of
compare all this with the current terrorism hype. Everyone has to give
up privacy and give the government more power so they can catch the bad
guys (and make some collateral damage in the process). The laws and
regulations that are currently created (pretty hastily in some cases)
are laws and regulations that we'll have to live with for years and
years to come.
> KISS is what I like most in Ian's proposal.
KISS is my favorite band too :P I like some part of his proposal, most
of all I like that fact that the server is handling all the complicated
stuff. I just love the 'simple server, complex server' paradigm. IMO
Ian's proposal fits perfectly in Tijl's proposal. In Tijl's proposal a
bot would still be able to contact a user without requiring the user to
intervene (by manually adding it to a whitelist/roster) because it can
have a certificate that the receiving server trusts or the bot can have
a high 'web of trust' score. I like that.
Another thought that came to mind. memberbot at jabber.org contacts me, my
server (vanbragt.com) knows jabber.org (they have been in kindergarten
together) and asks if memberbot is a good net citizen. We have a
protocol that makes it trivial to complain about SPIM from JIDs and
jabber.org knows that there have been 0 complaints in the 41 months that
memberbot has been registered with the 14.000 messages that the bot has
sent so far. vanbragt.com is happy with this info and shows me the
message from memberbot without further ado. Hmm, this would also fit in
Tijl, I expect a nice JEP from you on my desk tomorrow morning :P
More information about the Standards