Re: [Marnew] endpoint consent
Roland Zink <roland@zinks.de> Thu, 24 September 2015 11:52 UTC
Return-Path: <roland@zinks.de>
X-Original-To: marnew@ietfa.amsl.com
Delivered-To: marnew@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D4CA41A9047
for <marnew@ietfa.amsl.com>; Thu, 24 Sep 2015 04:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZWJ_sO7LN2dH for <marnew@ietfa.amsl.com>;
Thu, 24 Sep 2015 04:52:42 -0700 (PDT)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de
[IPv6:2a01:238:20a:202:5300::12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7F87B1A9083
for <marnew@iab.org>; Thu, 24 Sep 2015 04:52:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1443095550; l=8083;
s=domk; d=zinks.de;
h=Content-Type:In-Reply-To:MIME-Version:Date:From:References:To:
Subject; bh=RzPzAGbphNNIn2I5scOu/pFv3VaA/msCqcwcpzkctq8=;
b=EKi3xbkF35n7F7ChFkaEMGzo88jiqQDfQObP/5n5zHP62Bpm9UW7xO7zBtEzNwTORx8
0yGZvWrNu8Glm+mukFo8C0YDgYgUZRxCwPPmHVWzoUPslr4TjMtTgulGdGaKu7YuuiKaZ
XKbIh4jANFgcuVi4pnJ7DCyQHTvmgvgDe2k=
X-RZG-AUTH: :PmMIdE6sW+WWP9q/oR3Lt+I+9KAK33vRJaCwLQNJU2mlIkBC0t1G+0bSVECAiLzTs5ATpaAT3GICqlnr2kAEiadm
X-RZG-CLASS-ID: mo00
Received: from [IPv6:2001:4dd0:ff67:0:b864:411:2497:2db9]
([2001:4dd0:ff67:0:b864:411:2497:2db9])
by smtp.strato.de (RZmta 37.12 AUTH) with ESMTPSA id R06402r8OBqTEj1
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH
bits, eq. 15360 bits RSA)) (Client did not present a certificate)
for <marnew@iab.org>; Thu, 24 Sep 2015 13:52:29 +0200 (CEST)
To: marnew@iab.org
References: <1991284A-864D-45C0-A016-A64C8FA5F029@gmail.com>
<09EC7D4E-0245-4019-9D20-F95CF2362845@piuha.net>
<2B9B48179856DC4FA00C93C79EB7E64A0E991DDD@ESESSMB109.ericsson.se>
<CAD62q9X0o3hUp_48OQCohkxh-+g-0YN+HJNCtZJX2huwa96ujw@mail.gmail.com>
From: Roland Zink <roland@zinks.de>
Message-ID: <5603E400.6060505@zinks.de>
Date: Thu, 24 Sep 2015 13:52:32 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAD62q9X0o3hUp_48OQCohkxh-+g-0YN+HJNCtZJX2huwa96ujw@mail.gmail.com>
Content-Type: multipart/alternative;
boundary="------------050408090606040103020206"
Archived-At: <http://mailarchive.ietf.org/arch/msg/marnew/2qojXV9l1kpOyU_jXBiz5Ue7uTI>
Subject: Re: [Marnew] endpoint consent
X-BeenThere: marnew@iab.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Managing Radio Networks in an Encrypted World <marnew.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/marnew>,
<mailto:marnew-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/marnew/>
List-Post: <mailto:marnew@iab.org>
List-Help: <mailto:marnew-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/marnew>,
<mailto:marnew-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 11:52:45 -0000
I'm not so sure that web site providers know what they give up in security when they allow ads to be displayed on their site. I think the security should be seen from the end users perspective. When you allow a content provider to use contractors to deliver the content why not allow end users to give her traffic to a security / service company checking the traffic before delivering it to the user. This can also be backed up with a legal agreement on misuse. This is however not mobile network specific although some mobile network operators offer such services. Regards, Roland P.S. There are numerous examples of even big companies misusing the trust in them. Latest example probably being VW. Am 24.09.2015 um 13:30 schrieb Aaron Falk: > Thinking about this a bit more last night, let me suggest that in this > case trust is transitive as long as it is explicit. Meaning, only one > endpoint needs to be aware of the third actor but he needs to know > what he is giving up in security through that trust. For example, it > is pretty clear that a content provider know what they are doing when > they allow a CDN to use a cert in their name (and that is also likely > backed up with legal agreements on misuse) but an end user probably > doesn't understand the security implications of installing a root cert > issued by their ISP. > > On Thu, Sep 24, 2015 at 6:36 AM, Salvatore Loreto > <salvatore.loreto@ericsson.com <mailto:salvatore.loreto@ericsson.com>> > wrote: > > To answer Aaron question if we go on this path then BOTH > endpoints MUST consent IMHO > more or less in line with the Telefonica and ALU proposals at the > Sigcomm workshop on middleboxes > > However having explored this topic in the past > I agree with what Jari says below > > And I am not so sure is the right way to go! > It would be much better if we can work on a collaborative solution > between CP and/or CDN and the Mobile Network > > BR > Salvatore > > > -----Original Message----- > From: Marnew [mailto:marnew-bounces@iab.org > <mailto:marnew-bounces@iab.org>] On Behalf Of Jari Arkko > Sent: den 24 september 2015 00:58 > To: Aaron Falk > Cc: marnew@iab.org <mailto:marnew@iab.org> > Subject: Re: [Marnew] endpoint consent > > One challenge is of course that it is already difficult for the > users (or even us experts) to understand all the exact things that > are going on, so providing a useful control for the users even on > bandwidth may not be easy. > Let alone more complex settings. > > The other issue is that we should be careful about setting the > ambition level. > Fine-grained quality of service treatment has not been successful > in the Internet. What's the right ambition level, being able to > specify detailed bandwidth consumption rules? Or the ability to > differentiate interactive from the non-interactive within one > user? The more coarse grained you make this, the more likely it is > that it can be used by applications and understood by users. > > Jari > > > > > _______________________________________________ > Marnew mailing list > Marnew@iab.org > https://www.iab.org/mailman/listinfo/marnew
- [Marnew] endpoint consent Aaron Falk
- Re: [Marnew] endpoint consent Natasha Rooney
- Re: [Marnew] endpoint consent Joe Hildebrand (jhildebr)
- Re: [Marnew] endpoint consent DIEGO LOPEZ GARCIA
- Re: [Marnew] endpoint consent Jari Arkko
- Re: [Marnew] endpoint consent Salvatore Loreto
- Re: [Marnew] endpoint consent Aaron Falk
- Re: [Marnew] endpoint consent Salvatore Loreto
- Re: [Marnew] endpoint consent Stephen Farrell
- Re: [Marnew] endpoint consent Dirk Kutscher
- Re: [Marnew] endpoint consent Roland Zink
- Re: [Marnew] endpoint consent Salz, Rich
- Re: [Marnew] endpoint consent Ca By
- Re: [Marnew] endpoint consent Songhaibin (A)