Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
Dave Crocker <dhc@dcrocker.net> Fri, 24 October 2014 14:41 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B37C41A040C for <ietf@ietfa.amsl.com>; Fri, 24 Oct 2014 07:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ypNSYf6BKskF for <ietf@ietfa.amsl.com>; Fri, 24 Oct 2014 07:41:55 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E38A31A0406 for <ietf@ietf.org>; Fri, 24 Oct 2014 07:41:55 -0700 (PDT)
Received: from [172.20.8.179] (50-78-253-44-static.hfc.comcastbusiness.net [50.78.253.44]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s9OEfdD8022770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 24 Oct 2014 07:41:45 -0700
Message-ID: <544A651B.6030605@dcrocker.net>
Date: Fri, 24 Oct 2014 10:41:31 -0400
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mark Nottingham <mnot@mnot.net>, IETF <ietf@ietf.org>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <53217238-CF32-4862-AFF1-15899AAE066C@mnot.net> <544A4FAA.3080505@cs.tcd.ie>
In-Reply-To: <544A4FAA.3080505@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Fri, 24 Oct 2014 07:41:46 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/V2CBeK0EsBtpJusrGgRbRiNPf60
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 14:41:57 -0000
On 10/24/2014 9:10 AM, Stephen Farrell wrote: >> This isn't relevant, as it's in LC now and no extensibility is >> allowed (as John points out). > > I think that's wishful thinking. There is nothing to stop > someone writing code or an I-D that extends this say to > have a UA to emit "Prefer: safe+religion-porn+crypto" as a > string and nor should there be something to prevent that. > (Bad as it is, we can't and shouldn't try prevent it.) What you've offered can be used to defeat any and all proposals: Some unknown person might, at some unknown time in the future, do something that might be problematic. Any spec can be abused. Some actually are. Some aren't. There is a concrete specification in front of the IETF. It is simple and it minimally builds on existing practice. Evaluation of the spec should be of the spec. Not on some vague and hypothetical fear that someone might abuse it. If you have concrete data to substantiate your fear, please provide it. >> Safe lines up the incentives very well; sites want to give the users >> the content they prefer. This is demonstrated on search engines, >> social network sites, and so on. > > I am not convinced of that. The proponents of DNT turned out > to be wrong, but presumably didn't think they were wrong when > they proposed DNT to the IETF. DNT was a ready-fire-aim effort. It created a reporting mechanism but without any follow-through to formulate and assure back-end benefit. The current specification is fundamentally different because it is based on existing practice. So there is already a basis for believing that users will want it and find it useful. > I'll also note that there are some actors here who are incented > to censor the Internet, and they will I think, welcome this. So now you are arguing that some unknown set of actors might have questionable motives. Again, that's irrelevant. The issue is whether the specification makes sense. The specification enables a voluntary mechanism, tapping into an existing capability that has already been shown to be desired and useful. > I have explicitly heard some government folks equate the word > safe with "unencrypted." The specification defines its use of the term, as IETF specifications usually do. So the fact that someone, somewhere has used the term differently isn't all that relevant. (What is ironic about your vocabulary objection is how comfortable you remain with use of the word 'security' in 'opportunistic security' in spite of its having no precise meaning and long-established usage that is ambiguous and wrong. Even better is that the actual substance of the draft using the term is only about encryption. So you are equating encryption and security, which is a particularly unfortunate ambiguation...) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Stephen Farrell
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Donald Eastlake
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Donald Eastlake
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… S Moonesamy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… ned+ietf
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… t.p.
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Eliot Lear
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Andrew Newton
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Stephen Farrell
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… ned+ietf
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Andrew Sullivan
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… ned+ietf
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Stephen Farrell
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Randy Bush
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… S Moonesamy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… joel jaeggli
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Paul Hoffman
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Matthew Kerwin
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Paul Hoffman
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Matthew Kerwin
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Matthew Kerwin
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Barry Leiba
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Eliot Lear
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… joel jaeggli
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Lloyd Wood
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Murray S. Kucherawy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Murray S. Kucherawy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Brian E Carpenter
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Matthew Kerwin
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Murray S. Kucherawy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- RE: Last Call: <draft-nottingham-safe-hint-05.txt… Christian Huitema
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Stephen Farrell
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Dave Crocker
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Doug Barton
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Yoav Nir
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John R Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- RE: Last Call: <draft-nottingham-safe-hint-05.txt… Christian Huitema
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Doug Barton
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Mark Nottingham
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Murray S. Kucherawy
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Eliot Lear
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Doug Barton
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… joel jaeggli
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Joseph Lorenzo Hall
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Eliot Lear
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… John R Levine
- Re: Last Call: <draft-nottingham-safe-hint-05.txt… Bjoern Hoehrmann