IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 15 November 2014 18:56 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1AC81A1A22 for <ietf@ietfa.amsl.com>; Sat, 15 Nov 2014 10:56:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSDqeTY1B1zS for <ietf@ietfa.amsl.com>; Sat, 15 Nov 2014 10:56:07 -0800 (PST)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB151A047A for <ietf@ietf.org>; Sat, 15 Nov 2014 10:56:07 -0800 (PST)
Received: by mail-pa0-f54.google.com with SMTP id hz1so8374383pad.41 for <ietf@ietf.org>; Sat, 15 Nov 2014 10:56:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=dtJoamqMd0zVv0wpD3eRLQgsxQYoAVeic7TzLFuG9QA=; b=cvZSQSUhPFLeZDABx0Vi5Zdkv0lNR9iohSrz1w7Z6fad1Ag/8zmWLEgsucXUjAvpsj fpTRTsjsC5+/xJ5w4bTkDc8IctQeRNjEJFAIYL9SO9AkkqPpR6833WcOq3JGwXLcH58o 2POe8JQUhyQQF/Py7PrTgF1r9qvZFGlbfxEiD+/ruVV+A4zgieR4RRsWyumrH8uBc2mg tT2CBQtKZuK6LiJ6cROJhcA4JbiqoDU6K+qEPB3dXR70mosyWh4gNxQ46Lkqrv1oUWHz S78Q4wUvbAYdh9tp2WZn6IAcg1dLtvVzdDvNgjneDx+DZB4Xq2uhOdw5XvjXT1sDeaBD 4ygA==
X-Received: by 10.66.235.36 with SMTP id uj4mr18676118pac.103.1416077766944; Sat, 15 Nov 2014 10:56:06 -0800 (PST)
Received: from [107.17.59.5] ([64.129.13.2]) by mx.google.com with ESMTPSA id e9sm30874462pdp.59.2014.11.15.10.56.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 15 Nov 2014 10:56:06 -0800 (PST)
Message-ID: <5467A1D1.9030000@gmail.com>
Date: Sun, 16 Nov 2014 07:56:17 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <1416052605.74534.YahooMailIosMobile@web28902.mail.ir2.yahoo.com> <91E3D29C-7AFC-4BEF-ABDC-021D7D1129CD@gmail.com>
In-Reply-To: <91E3D29C-7AFC-4BEF-ABDC-021D7D1129CD@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/a49fV4NaK9yQrA9FlGOaA1sjwe4
Cc: "ietf@ietf.org" <ietf@ietf.org>, "draft-nottingham-safe-hint@tools.ietf.org" <draft-nottingham-safe-hint@tools.ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2014 18:56:09 -0000

On 16/11/2014 07:34, Yoav Nir wrote:
> Hi, Lloyd
> 
> That is one possible outcome: all decent people have “safe” set.

Please define "decent" in a culture-independent way.

> Another, IMO more likely possible outcome is that servers serve content that is so bland with “safe” set, that nobody sets it, but some people feel like they’ve done something good by setting it for their children.
> 
> Imagine Wikipedia with nothing controversial: nothing about abortions, religions, genetics, evolution…

And that will not happen, so Wikipedia will simply ignore "safe", so browsers
set to request "safe" will just get raw Wikipedia, so "safe" will be useless
for parents wishing to censor their children's access to Wikipedia.

Thanks; this is a good illustration of why this whole thing is a pointless fig leaf.

  Brian

> Yoav
> 
>> On Nov 15, 2014, at 1:56 AM, Lloyd Wood <lloyd.wood@yahoo.co.uk> wrote:
>>
>> Safe becomes a default setting because if you don't set it, you will be investigated for terrorist thoughts. You're advertising thoughtcrimes by not setting safe.
>>
>> this safe proposal really hasn't been thought through.
>>
>>
>>
>>
>>
>> Sent from Yahoo7 Mail for iPhone <https://overview.mail.yahoo.com/?.src=iOS>
>>
>> At 15 Nov 2014 20:26:04, Eliot Lear<'lear@cisco.com <mailto:lear@cisco.com>'> wrote:
>> Hi Joe,
>>
>> On 11/13/14, 7:19 AM, Joseph Lorenzo Hall wrote:
>>> Hi, mnot has already heard the following concerns from us at CDT about
>>> this spec, but we want to make sure that these are part of the IETF
>>> last call comment record.
>>>
>>> * The "Safe" preference is not only a preference but a signal. It
>>> signals user vulnerability; when activated, the header would signal
>>> a user's potentially vulnerable status not only to site operators
>>> who intend to reply in good faith, but to those that will operate in
>>> bad faith and also to every intermediary on-path that could read the
>>> preference request.
>>
>> While it could be the case that a user is vulnerable (a term that is a
>> bit vague), it is also the case that many other users might choose to
>> not want to receive content that is considered in some way "unsafe". 
>> One could even imagine "Safe" becoming a default setting.
>>
>> Eliot
>>
> 
>

v2.23.0 | Report a Bug | By Email