IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Mark Nottingham <mnot@mnot.net> Fri, 24 October 2014 00:36 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113531A6F3A for <ietf@ietfa.amsl.com>; Thu, 23 Oct 2014 17:36:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgandB3EvTbi for <ietf@ietfa.amsl.com>; Thu, 23 Oct 2014 17:36:26 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0874C1A8753 for <ietf@ietf.org>; Thu, 23 Oct 2014 17:36:26 -0700 (PDT)
Received: from [192.168.1.83] (unknown [118.209.19.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 5540E22E1F4; Thu, 23 Oct 2014 20:36:23 -0400 (EDT)
From: Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
Message-Id: <04F9DC3C-A34D-4951-929A-C95681995D58@mnot.net>
Date: Fri, 24 Oct 2014 11:36:21 +1100
To: S Moonesamy <sm+ietf@elandsys.com>, IETF <ietf@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/WjW_F0QvnpOcTLuV8sagzUlOwyg
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 00:36:28 -0000

SM wrote:

>  From Section 1:
> 
>    'That said, the intent of "safe" is to allow end users (or those
>     acting on their behalf) to express a desire to avoid content that is
>     considered "objectionable" within the cultural context of that site;
>     usually (but not always) content that is unsuitable for minors.'
> 
> I did not understand the meaning of "cultural context of that site" 
> in the above.  Does it mean that content unsuitable for minors in one 
> country may be deemed suitable in another country?
> 
> Does cultural context mean that a site that is considered as 
> appropriate in, for example, Canada would not be considered as 
> appropriate in the Norway?

Pretty much. Really, it means the user base of the site; it's up to the site operators to determine what that is.


>  From Section 2:
> 
>    "Origin servers that utilize the "safe" preference SHOULD document
>     that they do so, along with the criteria that they use to denote
>     objectionable content."
> 
>  From https://support.google.com/youtube/answer/174084?hl=en
> 
>    "While it's not 100 percent accurate, we use community flagging,
>     age-restrictions, and other signals to identify and filter out
>     inappropriate content."
> 
> The criteria mentioned above might have to be clarified.

Yes. 


>  From https://help.pinterest.com/en/articles/safe-mode
> 
>    "Safe mode prevents any changes to your account until you reset
>     your password."
> 
> "Safe mode" means something else on that site.

Indeed. I suspect any English name we choose will have conflicts. I don't see a huge problem here, because the UX for setting this mode and that of the site are separate; the site can disambiguate if it both honours the flag and has another local meaning (such as pinterest appears to).


> The site at https://www.facebook.com/about/privacy/minors could be 
> encouraged to implement this proposal.

Sure.


> Minors are ingenious.  It is simply a matter of time for them to 
> figure out how to bypass the mechanism proposed by this draft

Indeed; I have two of them myself. As in security, just because things aren't perfect, it doesn't follow that we don't try.

Thanks,


--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email