Re: [proxies] [IETF Proxy] Next Steps
Stefan Winter <stefan.winter@restena.lu> Tue, 06 May 2008 06:53 UTC
Return-Path: <proxies-bounces@ietf.org>
X-Original-To: proxies-archive@ietf.org
Delivered-To: ietfarch-proxies-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6A8AE3A6B7E; Mon, 5 May 2008 23:53:33 -0700 (PDT)
X-Original-To: proxies@core3.amsl.com
Delivered-To: proxies@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D64643A6F69 for <proxies@core3.amsl.com>; Mon, 5 May 2008 23:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.185
X-Spam-Level:
X-Spam-Status: No, score=-0.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Kxz3kdE1rFI for <proxies@core3.amsl.com>; Mon, 5 May 2008 23:52:59 -0700 (PDT)
Received: from smtp.restena.lu (legolas.restena.lu [158.64.1.34]) by core3.amsl.com (Postfix) with ESMTP id 369393A6F4C for <proxies@ietf.org>; Mon, 5 May 2008 23:52:22 -0700 (PDT)
Received: from smtp.restena.lu (localhost [127.0.0.1]) by smtp.restena.lu (Postfix) with ESMTP id C497A30276C0; Tue, 6 May 2008 08:52:20 +0200 (CEST)
Received: from [158.64.1.155] (aragorn.restena.lu [158.64.1.155]) by smtp.restena.lu (Postfix) with ESMTP id B4B5E3027248; Tue, 6 May 2008 08:52:20 +0200 (CEST)
Message-ID: <48200024.80801@restena.lu>
Date: Tue, 06 May 2008 08:52:20 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Thunderbird 2.0.0.12 (X11/20080226)
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>
References: <7.0.1.0.2.20080416172531.02401228@nist.gov> <200804171550.48931.stefan.winter@restena.lu> <057433e024b8d47267adf9fd0379bd6b.squirrel@www.trepanning.net>
In-Reply-To: <057433e024b8d47267adf9fd0379bd6b.squirrel@www.trepanning.net>
X-Enigmail-Version: 0.95.6
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: proxies@ietf.org
Subject: Re: [proxies] [IETF Proxy] Next Steps
X-BeenThere: proxies@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <proxies.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:proxies@ietf.org>
List-Help: <mailto:proxies-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/proxies>, <mailto:proxies-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: proxies-bounces@ietf.org
Errors-To: proxies-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi dan, all, | It has been pointed out to me that I may be misunderstanding Stefan's | intent by latching on the word "political" and running with it. Well, I wondered myself if my choice of word was good. In fact, I was not refering to political as in: laws, jurisdiction, courts, prime ministers, presidents... but as in non-technical, managerial, financial-driven, contractual-driven etc. | I do not mean to attack any valid uses of proxies that may fall under | the "political" rubric but I do believe there are threats that should | be enumerated for proxies that can do things like compile databases of | information gleaned from AAA traffic that goes through them, or locate | and track people. And the mention of "political" requirements brought | that up (in my mind at least). To elaborate on what my notion "political" in our scenario concretely means, here an example: the eduroam community is primarily intended for higher education and research, which excludes secondary school pupils. Some countries however deploy eduroam in such schools, and hand out accounts which work internationally for their teachers, but only nationally valid accounts for the pupils in order not violate international peering agreements but still give service to the pupils. That is perfectly fine with eduroam international, as long as these countries can make sure these local accounts stay local. The means to enforce this is in practice by using a national proxy which knows which realms belong to pupil database backends and which not. That is IIRC the main reason for the one country that insists on having everything go through its national proxy. We recently have overcome this by loosening the peering agreement so that everyone considered a valid user in one country is also valid for roaming in all others, but this now re-opens the age verification problem at a larger scale :-/ Greetings, Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIIAAk+jm90f8eFWYRAnnsAJ9vgAZuIpn6vYTu4eLA3knYO1k99QCfXalr 8C4L0nBs0Y8KLhu+8/KyBVQ= =ZSbB -----END PGP SIGNATURE----- _______________________________________________ Proxies mailing list Proxies@ietf.org https://www.ietf.org/mailman/listinfo/proxies
- [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Katrin Hoeper
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Bernard Aboba
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Alan DeKok
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Bernard_Aboba
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Dan Harkins
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Glen Zorn
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga
- Re: [proxies] [IETF Proxy] Next Steps Stefan Winter
- Re: [proxies] [IETF Proxy] Next Steps Klaas Wierenga