IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 28 October 2014 00:24 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 035AD1A1B8D for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 17:24:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id co3TE7VFXbzk for <ietf@ietfa.amsl.com>; Mon, 27 Oct 2014 17:24:10 -0700 (PDT)
Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D6371A6EFF for <ietf@ietf.org>; Mon, 27 Oct 2014 17:24:10 -0700 (PDT)
Received: by mail-pd0-f179.google.com with SMTP id g10so6664962pdj.10 for <ietf@ietf.org>; Mon, 27 Oct 2014 17:24:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=4MSu5JzOyML8mG2ljXVluip5lJTwyKPpFljjHp9VdA0=; b=rhSMmdnBMPK8c3Hou8bQoOCAzk2XhyZQ55n6QyoqRewyCLm6ihGuFlqBHq+0WdPPsr YkE0J4E2v2/ipkJtyuOf6xpfwUyBwblSnlEUKOaYL5w51CisLdjk94slnzhib4JrP3/w Ko5Ul7l+iE/4HFc3pq0zTSYmYRkgjOIBRzRBgApJueOD3lwCd2XXkeFw3PfuXVm14wNZ O7CQnjBV3a2OSMar3Hgi3UaxtvIXzLi9TqtHCje2V/MJYHc8xL/vfui0H46nCVVfLmHI BaEGOLTGFQVZFirai11TumpUbqAF/5eStkEa4E+y1hPT2SrRLqBaaaocWa/2BoSLTLql Owaw==
X-Received: by 10.66.65.137 with SMTP id x9mr13849pas.0.1414455850100; Mon, 27 Oct 2014 17:24:10 -0700 (PDT)
Received: from [192.168.178.23] (142.193.69.111.dynamic.snap.net.nz. [111.69.193.142]) by mx.google.com with ESMTPSA id z10sm11827676pbt.46.2014.10.27.17.24.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 27 Oct 2014 17:24:08 -0700 (PDT)
Message-ID: <544EE227.5080701@gmail.com>
Date: Tue, 28 Oct 2014 13:24:07 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141027175757.50843.qmail@ary.lan> <544ECD1A.4010807@gmail.com> <D17FE653-87F8-41DE-B215-57AA907DF658@vpnc.org> <544ED90B.5020505@gmail.com> <D65367B0-EC11-459F-B248-6B5D564A9730@vpnc.org>
In-Reply-To: <D65367B0-EC11-459F-B248-6B5D564A9730@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/UWZX80LngPs-HW1VhrItgW0QfOQ
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 00:24:12 -0000

On 28/10/2014 12:51, Paul Hoffman wrote:
> On Oct 27, 2014, at 4:45 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> On 28/10/2014 12:13, Paul Hoffman wrote:
>>> On Oct 27, 2014, at 3:54 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>>> On 28/10/2014 06:57, John Levine wrote:
>>>>>> As it is the meaning of a safe hint is to be intuited by the recipient.
>>>>> Yes.  That's not a bug.
>>>>>
>>>>> I don't understand the point of hypothetical arguments about whether a
>>>>> safe flag might be useful.  We already know the answer: Many of the
>>>>> largest web services in the world already have one.  Youtube puts
>>>>> theirs right on the home page.
>>>> John, I don't think the argument is about whether it will work technically
>>>> or whether it will be used. The argument is about whether this is something
>>>> that the IETF should endorse as a Proposed Standard, which implies that
>>>> we think it will be effective.
>>> Just to be clear: are you saying that you believe that those large web properties already doing this has *not* been effective? I have to believe that they have spent more time than us measuring that, and that they came to the conclusion that it was continuing to be effective.
>> No. I mean that a badly motivated web site can pretend to offer safe material
>> using this but actually offer objectionable material (for whatever definition
>> of safe or objectionable you care to adopt). For example a site being used
>> to "groom" innocent victims could pretend that all its content was safe.
>> This would actually make the site much more dangerous than before, because
>> of the illusion of safety.
> 
> And you believe that the sites using this feature now have not thought of that, yes? I'm trying to figure out why you think that your analysis of the problem is probably more correct than that of the large sites that have implemented it already.

I am not worried about sites that use the feature legitimately.

   Brian

v2.23.0 | Report a Bug | By Email