Re: [ogpx] VWRAP Draft Charter - 2009 09 01

["Dickson, Mike (ISS Software)" <mike.dickson@hp.com>]

On Sun, Oct 4, 2009 at 1:36 AM, Dickson, Mike (ISS Software) <mike.dickson@hp.com<mailto:mike.dickson@hp.com>> wrote:

The algorithm or mechanism to enforce an age related connection policy is outside the scope of the protocol, yes.  But its not at all  inconceivable that the protocol could carry age information as an attribute that an AD/RD pair could use to make a decision as to whether a connection is to be allowed.

As carried payload, sure.  Just like an SMTP message could carry a message body or even a Subject line about the age of a mail user or about the ages of the MTA sysadmins.  But that's not at the level of protocol at all.  If the SMTP protocol dealt with the ages of the users of its endpoint applications as a machine-processable semantic, we would be entering an age of total madness and police states.

Except that in the case of virtual worlds there already is a practice around defining regions in terms of age specific characteristics.  Are you saying you don't like the practice so you don't want it in the protocol?  Or are you really saying it's not necessary and if so how do you propose someone providing a region to a VW environment who wishes to restrict it to "Adult" content where age matters.  And I don't understand your assertion that its not at the "protocol" level...  In an SMTP exchange when I connect and send the HELO I generally need to identify myself.  The from address is an attribute in the same way that age information could be carried in the protocol (in SMTP more analogous to the additional message headers like mailer, etc).

Admittedly, there are totally mad people and police-state advocates around, but hopefully we are not among them.  Particularly when it's purely security theater and doesn't actually achieve anything.

Again, I don't understand this assertion given this is an already existing practice.

Mike





=======================================

On Sun, Oct 4, 2009 at 1:36 AM, Dickson, Mike (ISS Software) <mike.dickson@hp.com<mailto:mike.dickson@hp.com>> wrote:

The algorithm or mechanism to enforce an age related connection policy is outside the scope of the protocol, yes.  But its not at all  inconceivable that the protocol could carry age information as an attribute that an AD/RD pair could use to make a decision as to whether a connection is to be allowed.



Mike



From: ogpx-bounces@ietf.org<mailto:ogpx-bounces@ietf.org> [mailto:ogpx-bounces@ietf.org<mailto:ogpx-bounces@ietf.org>] On Behalf Of Morgaine
Sent: Saturday, October 03, 2009 6:34 PM
To: Carlo Wood
Cc: ogpx@ietf.org<mailto:ogpx@ietf.org>

Subject: Re: [ogpx] VWRAP Draft Charter - 2009 09 01



On Sat, Oct 3, 2009 at 11:21 PM, Carlo Wood <carlo@alinoe.com<mailto:carlo@alinoe.com>> wrote:

On Sat, Oct 03, 2009 at 10:52:18PM +0100, Morgaine wrote:
> It's important to highlight (as you did) that issues such as age verification
> have no place in a worldwide IETF protocol standard, so while you provide a
> good example of policy variations among worlds, any such agreements are outside
> of the context of our protocol.

Not entirely... age verification is necessary in many countries with
what's going on in an SL-like world.

A RD cannot do the age-verification; that is a job for an AD.

However, I think it's the RD that needs to make the decision whether
or not a user is allowed in (based on its age), which in turn means
that the AD has to tell the RD if it knows the age, and if so, what
it is; hence, it should be part of the protocol.

It's no business of an IETF protocol to deal with the age of participants.  That's like SMTP rejecting connections or mail delivery based on the ages of the MTA operator and owner of the mail client.  The whole idea is completely ludicrous, not to mention unimplementable.

Please let's try not to engage in what Schneier calls "security theater", a politically correct feelgood factor that actually achieves nothing while adding layers of red tape and complexity.

Morgaine.