W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Things we know and can hopefully agree upon w.r.t. the state of the web today.

From: mike amundsen <mamund@yahoo.com>
Date: Mon, 18 Nov 2013 12:23:53 -0500
Message-ID: <CAPW_8m4rqk2RuO5scMh8O28BJzUfakJG3VkxBXHy-JUwz1vDrQ@mail.gmail.com>
To: Roberto Peon <grmocg@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
I think the paper "Tussle in Cyberspace" (2002)[1] is a good reminder of
the points in your list.

<quote>
"This paper explores one important reality that surrounds the Internet
today: different stakeholders that are part of the Internet milieu have
interests that may be adverse to each other, and these parties each vie to
favor their particular interests. We call this process “the tussle”. Our
position is that accommodating this tussle is crucial to the evolution of
the network’s technical architecture."
</quote>

Let's focus on enabling the "tussle."

[1] http://groups.csail.mit.edu/ana/Publications/PubPDFs/Tussle2002.pdf

mamund
+1.859.757.1449
skype: mca.amundsen
http://amundsen.com/blog/
http://twitter.com/mamund
https://github.com/mamund
http://www.linkedin.com/in/mamund


On Mon, Nov 18, 2013 at 12:09 PM, Roberto Peon <grmocg@gmail.com> wrote:

> I wanted to focus on what we all agree upon for a moment.
>
> I'll note that I am not debating the goodness or badness of encryption, so
> please don't bring this into the thread-- I am completely aware that the
> definition of "the right thing" to do varies depending on the party wishing
> to define it, the particular user, site, or legislative jurisdiction, etc.
>
>
> So... I'm hoping for this thread to affirm or debate the following things:
>
> a)  we cannot effectively impose changes on already deployed
> infrastructure or content
>
> b)  we have the ability to create and define opt-in or opt-out mechanisms
> for encryption
>
> c)  non-encrypted plaintext on port 80 is reliable today when only it is a
> particular subset of http/1.1
>
> d) the definition of "the right thing" to do with respect to using or not
> using encryption varies depending on the party wishing to define it, the
> particular user, site, or legislative jurisdiction, etc.
>
> e)  there is pervasive monitoring today, and that some of this monitoring
> includes entities with malicious intent (i.e. criminals).
>
> f)  users do care about privacy to the extent that they want to choose
> what should be public and that they don't want their lives damaged or
> destroyed as a result of legal online activity (i.e. don't want their
> identity or assets stolen)
>
> g)  sites do care about privacy: at a base minimum they want to retain the
> trust of their users
>
> h)  users don't have the technical depth to understand what is necessary
> to achieve privacy, let alone security
>
> i)  educating and communicating about technical issues that can
> potentially affect users is extremely difficult and would take significant
> time, if possible at all
>
>
> -=R
>
>
Received on Monday, 18 November 2013 17:24:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC