Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

[Paul Hoffman <paul.hoffman@vpnc.org>]

On Oct 27, 2014, at 4:45 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> On 28/10/2014 12:13, Paul Hoffman wrote:
>> On Oct 27, 2014, at 3:54 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> On 28/10/2014 06:57, John Levine wrote:
>>>>> As it is the meaning of a safe hint is to be intuited by the recipient.
>>>> Yes.  That's not a bug.
>>>> 
>>>> I don't understand the point of hypothetical arguments about whether a
>>>> safe flag might be useful.  We already know the answer: Many of the
>>>> largest web services in the world already have one.  Youtube puts
>>>> theirs right on the home page.
>>> John, I don't think the argument is about whether it will work technically
>>> or whether it will be used. The argument is about whether this is something
>>> that the IETF should endorse as a Proposed Standard, which implies that
>>> we think it will be effective.
>> 
>> Just to be clear: are you saying that you believe that those large web properties already doing this has *not* been effective? I have to believe that they have spent more time than us measuring that, and that they came to the conclusion that it was continuing to be effective.
> 
> No. I mean that a badly motivated web site can pretend to offer safe material
> using this but actually offer objectionable material (for whatever definition
> of safe or objectionable you care to adopt). For example a site being used
> to "groom" innocent victims could pretend that all its content was safe.
> This would actually make the site much more dangerous than before, because
> of the illusion of safety.

And you believe that the sites using this feature now have not thought of that, yes? I'm trying to figure out why you think that your analysis of the problem is probably more correct than that of the large sites that have implemented it already.

--Paul Hoffman