IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 16 November 2014 19:32 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 402DE1A19E7 for <ietf@ietfa.amsl.com>; Sun, 16 Nov 2014 11:32:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Level:
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iXaXtVsEKVzQ for <ietf@ietfa.amsl.com>; Sun, 16 Nov 2014 11:32:47 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id E17261A1AA1 for <ietf@ietf.org>; Sun, 16 Nov 2014 11:32:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4AF94BEEE; Sun, 16 Nov 2014 19:32:45 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sn-il8R-WA7T; Sun, 16 Nov 2014 19:32:44 +0000 (GMT)
Received: from [10.87.48.10] (unknown [86.46.28.84]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0A385BEE9; Sun, 16 Nov 2014 19:32:44 +0000 (GMT)
Message-ID: <5468FBDB.3000409@cs.tcd.ie>
Date: Sun, 16 Nov 2014 19:32:43 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Christian Huitema <huitema@microsoft.com>, ietf <ietf@ietf.org>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141023140635.10188.qmail@ary.lan> <028201cfef81$44eaec60$4001a8c0@gateway.2wire.net> <01PE4IK2ZVO20028JO@mauve.mrochek.com> <CAL0qLwbtCFefW82-676CsPuS7NX-Q6dE_=_qXAB7-T419VGzzA@mail.gmail.com> <546830E3.5090800@dcrocker.net> <a271429152ce4c97b48aed93a658b854@DM2PR0301MB0655.namprd03.prod.outlook.com>
In-Reply-To: <a271429152ce4c97b48aed93a658b854@DM2PR0301MB0655.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/W_GFonbeZJdR9fDwVovbZuJUFmE
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Nov 2014 19:32:49 -0000


On 16/11/14 18:58, Christian Huitema wrote:
> 
> 
>> Rather, it's that the mechanism is only offered as a standardized
>> way for a browser to request a feature that already exists in a
>> number of major sites.
> 
> And that's precisely the problem.
> 
> Sites can easily adapt their services to the needs and desires of
> their users. They can do it today using site specific settings. I am
> pretty sure that these settings require more than just one bit, so we
> have to assume that sites will still need these settings tomorrow
> even if that safe bit proposal was adopted. There is thus not much
> engineering benefit. In fact there is probably a cost, with settings
> coming from two channels instead of only one.
> 
> By creating a standard, we would be creating a social norm. It would
> not take long for regulators to mandate "safe" behavior for web
> sites, or to enforce the safe bit in various kinds of "great
> firewalls." It will all be in the name of protecting the children,
> but we all know that the real target will be dissent and free speech.
> By offering this setting as a standard, the IETF would become an
> accomplice of repressive regimes and other religious dictarures.
> 
> Some features do not need to be standardized.

I agree with Christian. Should this end up being published (which
I'd prefer not see happen as stated before) then I think at minimum
there needs to be reasonable recognition in the text of the issues
identified during the LC. Right now, the draft is (entirely
understandably) pretty positive, e.g.

  "If this desire is proactively advertised by the user agent, things
   become much simpler."

I think the LC demonstrates that there are reasons to believe that
"things" in fact might get worse in various respects, even if they
appear simpler from the POV of those proposing/implementing this.
(And as many Internet-draft and RFC titles over the years have amply
demonstrated... simpler != better:-)

S.

> 
> -- Christian Huitema
> 
> 
>

v2.23.0 | Report a Bug | By Email