Re: [Udp35] Snowden and SPUD

hi Jana, Michael, all,

> On 20 Jul 2015, at 17:14, Jana Iyengar <jri@google.com> wrote:
> 
> A few offhand thoughts:
> 1. Snowden is not part of the SPUD conversations, so it's easy to be confused about what the current thinking is. The current thinking is _not_ about simply "leaking" information to middleboxes. The details are important here -- what information is being transmitted is, as a first approximation, the same stuff that currently middelboxes get out of TCP and ICMP (if those worked as intended). If there's more info, it's going to be debated heavily for privacy concerns.

Yep. So my cynical take on this is that Snowden doesn't like SPUD because the briefing sheet he had in front of him said he didn't like SPUD. I saw a lot of dkg's argument in Snowden's response. This argument goes something like this, as I understand it: a mechanism to expose *any* metadata from the endpoint will be misused to expose *all* metadata, and all that metadata will be used for tracking and fingerprinting; a mechanism that allows the addition of metadata will be misused by operators to gate packet forwarding on all sorts of evil things (from the "you watched the ad" cookie to the "your government supports your opinion, citizen" cookie).

Of course, you can already do all of these things and much, much more in the app layer *now*.

> 2. Snowden can engage in IETF SPUD meetings, and I'm sure he'd be welcome to them.

If anyone has a working email address that might end up with a message in front of him, I would be happy to send an invitation to do so. :)

> 3. It's all about rough consensus, not an individual's opinion.

Indeed. And I doubt this one individual's opinion has changed any minds on this point

> 4. Finally, and I have been concerned about this for a while now: I've always said that the SPUD prototype should be distinct in name from the SPUD effort.

Yes.

> The prototype is the face of the effort and represents current thinking for anyone glancing at this stuff, and it seems scary and dangerous.

What I have learned from this entire experience is that you can keep saying and saying and saying "this is a prototype and we will not build the real protocol on it" and nobody will believe you.

Stay tuned (on stackevo@) for a suggestion about renaming and reorganization that I hope will serve to reduce confusion.

> We'd all be concerned if the SPUD prototype were the actual protocol deployed, but that's supposedly not going to be the case. Which begs the question: why spend any time on a protocol that is destined to not make it? Why not actually figure out a protocol that *might* and then see how to build it out?

I'll let Joe answer that one because he'll be more eloquent about it.

Cheers,

Brian

> - jana
> 
> 
> 
> 
> On Mon, Jul 20, 2015 at 5:00 PM, Michael Welzl <michawe@ifi.uio.no> wrote:
> Hi all,
> 
> Edward Snowden said yesterday (in the Q&A session following the movie) that he thinks SPUD is a bad idea.
> 
> I think what he meant was: "it's a bad idea because it talks to middleboxes"; that anything that talks to middleboxes is a problem is something I would have trouble agreeing with. If we shouldn't try to talk to middleboxes in some way, aren't we stuck making progress regarding this ossification?
> 
> I wonder what people think about this, and if others perhaps perceived his statement to come from a different angle?
> 
> Cheers,
> Michael
> 
> _______________________________________________
> Udp35 mailing list
> Udp35@ietf.org
> https://www.ietf.org/mailman/listinfo/udp35
> 
> _______________________________________________
> Udp35 mailing list
> Udp35@ietf.org
> https://www.ietf.org/mailman/listinfo/udp35

Re: [Udp35] Snowden and SPUD

Attachment: signature.asc