Re: [perpass] perens-perpass-appropriate-response-01

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 04 December 2013 21:26 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 569891ADF73 for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 13:26:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kMzQnpmOrT44 for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 13:26:23 -0800 (PST)
Received: from mail-pd0-x234.google.com (mail-pd0-x234.google.com [IPv6:2607:f8b0:400e:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id 379041AD8F4 for <perpass@ietf.org>; Wed, 4 Dec 2013 13:26:23 -0800 (PST)
Received: by mail-pd0-f180.google.com with SMTP id q10so23166969pdj.39 for <perpass@ietf.org>; Wed, 04 Dec 2013 13:26:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=pjsM+vHuD1DNcZIgekmsyVnrrpKCDig9eTxwShoHJDg=; b=pBUm/AqKI3N5u07K/DZ1wBm3e/gS0sdApsLdLbTjeTbn4QgsBQexvWD5K/mC99VtsH n7gr7FdW3+GaFA3Idg1FT8xeTXfRV+OUjCaP1lmyT9LCRvRbgftM7UxCJ+KOYzKM++9y ssvFnD8bhzsBjUuFODLeLt2KOn/GuOZi9rvc5JD1nMdefyXYsT+1AKz/56YxR85lzcGO bjIkXmmqKVDtTLzu1x/4qoSSC+Pmafe8ptKVB0e4FzU0t2wt7Lxn/x4/zj6ZqEJCqEkI yEQcjHk+9MK+ZDD1Jel5GS7xtAqEHmbVfPvBQNwQ5IAxitu4BvgFcZInCEPNqo18123X cLxQ==
X-Received: by 10.66.250.163 with SMTP id zd3mr84148861pac.109.1386192380201; Wed, 04 Dec 2013 13:26:20 -0800 (PST)
Received: from [130.216.38.108] (sc-cs-567-laptop.cs.auckland.ac.nz. [130.216.38.108]) by mx.google.com with ESMTPSA id gg10sm139597320pbc.46.2013.12.04.13.26.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 04 Dec 2013 13:26:19 -0800 (PST)
Message-ID: <529F9E01.2000306@gmail.com>
Date: Thu, 05 Dec 2013 10:26:25 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Bruce Perens <bruce@perens.com>
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F7B3B.5020901@gmail.com> <529F91C9.6060906@perens.com>
In-Reply-To: <529F91C9.6060906@perens.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 21:26:25 -0000

On 05/12/2013 09:34, Bruce Perens wrote:
> So, we're just going to give the entire web all of the instructions, and we 
> don't actually _care_ if they implement HTTP 2.0 or not. We're not responsible 
> if they do.

That is exactly right. All IETF standards are voluntary standards.
Whether they are implemented or deployed is utterly outside the IETF's
hands.

> Sort of like handing someone a weapon, and then disclaiming responsibility for 
> what happens afterward because you had no idea he'd actually use it!

Engineers have certain ethical responsibilities, indeed. You could
certainly argue that the IETF has historically been too lax about
security and privacy vulnerabilities in our specifications - I reviewed
some of that history in my plenary talk in Vancouver - so what we
"handed over" was a network vulnerable to spying and spoofing.

> Sorry, this seems to me to be specious.

Exactly not. There is a clear line between the technology (which needs
to be secure) and society's use of the technology (which needs to be
ethical). The IETF is on the technology side, and our ethical
responsibility is to make the technology capable of being secure.

I think this thread is off topic for this list, so I will leave it there.

    Brian
> 
>     Thanks
> 
>     Bruce
> 
> On 12/04/2013 10:58 AM, Brian E Carpenter wrote:
>> Whether
>> implementors and operators choose to implement the resulting counter-
>> measures is a separate question that does have political, legal or
>> societal aspects.
>>
>> I think that Bruce's concerns apply to deployment, not to the
>> IETF's work.
>>
> 
> .