spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Linda Walsh <sa-u...@tlinx.org>
Subject Discussion side point: levels of Trust
Date Thu, 12 Jun 2008 00:46:54 GMT
Matthias Leisi wrote:
> 1) This advice:
> | Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
> | configured; it is recommended that you configure trusted_networks
> manually
> 
> should not be ignored. Setting trusted_networks would slightly reduce
> the number of DNS lookups and can avoid all sorts of funny error
> situations.
========

     How does one decided on 'trust'?  I.e. I think it would be
useful to assign a probability to "Trust" at the least.  I mean do I put
my ISP in my trusted server list?   -- suppose they start partnering with
an ad-firm?  Or.. get bought-out? ... I probably won't know most of their
internal politics...  ISP's in some eastern state have already committed to
filtering arbitrary sites based on local values and arbitrary listing
policies(?)  This whole 'save-the-child-porn' shtick the government is
using as a necessary excuse to violate computer privacy is unacceptable.

They did the same thing -- claimed they needed intrusive powers to protect
against terrorists -- but 80% of the people they've used those powers
against have been for 'common crimes' (or drug prosecutions).
In the UK, they are using anti-terrorism surveillance-cams to
enforce doggie-doodoo pickup laws!
In the US, the government is using "passenger manifests" of arriving, overseas
flights, to detain and arrest foreign businessmen and citizens on civil and
non-violent criminal investigations.

But those are general complaints about untrustworthiness of previously
trustworthy entities....

I don't have a binary trust value, really.  As an example,
going from most trusted to least, I might have:

- a lab/build/test machine (linux usually)
- internal server proxy to out-net (linux)
- windows XP desktop (its windows, no direct outside connect, but can proxy)
- my ISP's servers
- root DNS servers (arguably more trustworthy than most ISPs, but since
    I have to go through my ISP to get to them, _logically_, how can I
    trust them more?)
- HTTPS-personal money sites...(for some things more trust than my ISP, but
     they are 'banks' -- so that trust is with some grains of 'salt'
- Mainstream web-providers (varies based on reputation, but examples would
     include Google, BBC(.co.uk), various online businesses with physical
     presence, 'seem' more trustworthy (at least you know where they are based?)
- government sites, Depends.  from 'ok' trust to downright untrustworthy.
- unknown sites / known bad sites...



Mime
View raw message