IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 27 October 2014 23:45 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB221A8722 for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 16:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X43Tk4pJTvoJ for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 16:45:18 -0700 (PDT)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com [IPv6:2607:f8b0:400e:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11CD01A0020 for <ietf@ietf.org>; Mon, 27 Oct 2014 16:45:18 -0700 (PDT)
Received: by mail-pa0-f52.google.com with SMTP id fa1so4771916pad.39 for <ietf@ietf.org>; Mon, 27 Oct 2014 16:45:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=si6IBZhm44TZKGjPLvBQ3Q1/ycOYwh+Pu6hKVeVrym4=; b=Zz+bHfkyqhAejxq99C9wflYx4Ek4E/muDUbIjWjcho2TKFe9y9mj8Lr5UemQNSlgjZ PE6m/VJl97A+eLuvv63b7fOWlBJqhSp4wkT79sQAybw1kfUkImY5qIh2IjEjgh6nJeKD QCZOHcsSg03JG1nz0xT+aa3crO0Fst9fO4xniPtv9Fu3OkFxAdLCemUS39Z941nRDRO7 JRTKcuk93prLKyVwPmRuVDYdXsjldxwebcQEbpCFRO/fYkr88MqaM4eBFtkeI0HcpZlJ o4VdsAi/zgcu9+lI2PtL7BNxwqS5mUwpCjLcRvd4KC5BKjaN/i8YoCuy8Zk80Y3G8Ihu HfAA==
X-Received: by 10.70.1.165 with SMTP id 5mr27339102pdn.45.1414453517745; Mon, 27 Oct 2014 16:45:17 -0700 (PDT)
Received: from [192.168.178.23] (142.193.69.111.dynamic.snap.net.nz. [111.69.193.142]) by mx.google.com with ESMTPSA id m4sm11840828pdr.82.2014.10.27.16.45.14 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 27 Oct 2014 16:45:16 -0700 (PDT)
Message-ID: <544ED90B.5020505@gmail.com>
Date: Tue, 28 Oct 2014 12:45:15 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141027175757.50843.qmail@ary.lan> <544ECD1A.4010807@gmail.com> <D17FE653-87F8-41DE-B215-57AA907DF658@vpnc.org>
In-Reply-To: <D17FE653-87F8-41DE-B215-57AA907DF658@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/M1WtmlbPqq6P1fjX-ESK7bCri1M
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 23:45:19 -0000

On 28/10/2014 12:13, Paul Hoffman wrote:
> On Oct 27, 2014, at 3:54 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> On 28/10/2014 06:57, John Levine wrote:
>>>> As it is the meaning of a safe hint is to be intuited by the recipient.
>>> Yes.  That's not a bug.
>>>
>>> I don't understand the point of hypothetical arguments about whether a
>>> safe flag might be useful.  We already know the answer: Many of the
>>> largest web services in the world already have one.  Youtube puts
>>> theirs right on the home page.
>> John, I don't think the argument is about whether it will work technically
>> or whether it will be used. The argument is about whether this is something
>> that the IETF should endorse as a Proposed Standard, which implies that
>> we think it will be effective.
> 
> Just to be clear: are you saying that you believe that those large web properties already doing this has *not* been effective? I have to believe that they have spent more time than us measuring that, and that they came to the conclusion that it was continuing to be effective.

No. I mean that a badly motivated web site can pretend to offer safe material
using this but actually offer objectionable material (for whatever definition
of safe or objectionable you care to adopt). For example a site being used
to "groom" innocent victims could pretend that all its content was safe.
This would actually make the site much more dangerous than before, because
of the illusion of safety.

    Brian

v2.23.0 | Report a Bug | By Email