- From: mike amundsen <mamund@yahoo.com>
- Date: Mon, 18 Nov 2013 12:23:53 -0500
- To: Roberto Peon <grmocg@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAPW_8m4rqk2RuO5scMh8O28BJzUfakJG3VkxBXHy-JUwz1vDrQ@mail.gmail.com>
I think the paper "Tussle in Cyberspace" (2002)[1] is a good reminder of the points in your list. <quote> "This paper explores one important reality that surrounds the Internet today: different stakeholders that are part of the Internet milieu have interests that may be adverse to each other, and these parties each vie to favor their particular interests. We call this process “the tussle”. Our position is that accommodating this tussle is crucial to the evolution of the network’s technical architecture." </quote> Let's focus on enabling the "tussle." [1] http://groups.csail.mit.edu/ana/Publications/PubPDFs/Tussle2002.pdf mamund +1.859.757.1449 skype: mca.amundsen http://amundsen.com/blog/ http://twitter.com/mamund https://github.com/mamund http://www.linkedin.com/in/mamund On Mon, Nov 18, 2013 at 12:09 PM, Roberto Peon <grmocg@gmail.com> wrote: > I wanted to focus on what we all agree upon for a moment. > > I'll note that I am not debating the goodness or badness of encryption, so > please don't bring this into the thread-- I am completely aware that the > definition of "the right thing" to do varies depending on the party wishing > to define it, the particular user, site, or legislative jurisdiction, etc. > > > So... I'm hoping for this thread to affirm or debate the following things: > > a) we cannot effectively impose changes on already deployed > infrastructure or content > > b) we have the ability to create and define opt-in or opt-out mechanisms > for encryption > > c) non-encrypted plaintext on port 80 is reliable today when only it is a > particular subset of http/1.1 > > d) the definition of "the right thing" to do with respect to using or not > using encryption varies depending on the party wishing to define it, the > particular user, site, or legislative jurisdiction, etc. > > e) there is pervasive monitoring today, and that some of this monitoring > includes entities with malicious intent (i.e. criminals). > > f) users do care about privacy to the extent that they want to choose > what should be public and that they don't want their lives damaged or > destroyed as a result of legal online activity (i.e. don't want their > identity or assets stolen) > > g) sites do care about privacy: at a base minimum they want to retain the > trust of their users > > h) users don't have the technical depth to understand what is necessary > to achieve privacy, let alone security > > i) educating and communicating about technical issues that can > potentially affect users is extremely difficult and would take significant > time, if possible at all > > > -=R > >
Received on Monday, 18 November 2013 17:24:46 UTC