Re: [ogpx] VWRAP Draft Charter - 2009 09 01

[Morgaine <morgaine.dinova@googlemail.com>]

On Sun, Oct 4, 2009 at 1:36 AM, Dickson, Mike (ISS Software) <
mike.dickson@hp.com> wrote:

>  The algorithm or mechanism to enforce an age related connection policy is
> outside the scope of the protocol, yes.  But its not at all  inconceivable
> that the protocol could carry age information as an attribute that an AD/RD
> pair could use to make a decision as to whether a connection is to be
> allowed.
>

As carried payload, sure.  Just like an SMTP message could carry a message
body or even a Subject line about the age of a mail user or about the ages
of the MTA sysadmins.  But that's not at the level of protocol at all.  If
the SMTP protocol dealt with the ages of the users of its endpoint
applications as a machine-processable semantic, we would be entering an age
of total madness and police states.

Admittedly, there are totally mad people and police-state advocates around,
but hopefully we are not among them.  Particularly when it's purely *security
theater* and doesn't actually achieve anything.


Morgaine.





=======================================

On Sun, Oct 4, 2009 at 1:36 AM, Dickson, Mike (ISS Software) <
mike.dickson@hp.com> wrote:

>  The algorithm or mechanism to enforce an age related connection policy is
> outside the scope of the protocol, yes.  But its not at all  inconceivable
> that the protocol could carry age information as an attribute that an AD/RD
> pair could use to make a decision as to whether a connection is to be
> allowed.
>
>
>
> Mike
>
>
>
> *From:* ogpx-bounces@ietf.org [mailto:ogpx-bounces@ietf.org] *On Behalf Of
> *Morgaine
> *Sent:* Saturday, October 03, 2009 6:34 PM
> *To:* Carlo Wood
> *Cc:* ogpx@ietf.org
> *Subject:* Re: [ogpx] VWRAP Draft Charter - 2009 09 01
>
>
>
> On Sat, Oct 3, 2009 at 11:21 PM, Carlo Wood <carlo@alinoe.com> wrote:
>
> On Sat, Oct 03, 2009 at 10:52:18PM +0100, Morgaine wrote:
> > It's important to highlight (as you did) that issues such as age
> verification
> > have no place in a worldwide IETF protocol standard, so while you provide
> a
> > good example of policy variations among worlds, any such agreements are
> outside
> > of the context of our protocol.
>
> Not entirely... age verification is necessary in many countries with
> what's going on in an SL-like world.
>
> A RD cannot do the age-verification; that is a job for an AD.
>
> However, I think it's the RD that needs to make the decision whether
> or not a user is allowed in (based on its age), which in turn means
> that the AD has to tell the RD if it knows the age, and if so, what
> it is; hence, it should be part of the protocol.
>
>
> It's no business of an IETF protocol to deal with the age of participants.
> That's like SMTP rejecting connections or mail delivery based on the ages of
> the MTA operator and owner of the mail client.  The whole idea is completely
> ludicrous, not to mention unimplementable.
>
> Please let's try not to engage in what Schneier calls "security theater", a
> politically correct feelgood factor that actually achieves nothing while
> adding layers of red tape and complexity.
>
> Morgaine.
>
>
>