On Wed, 20 Jun 2001 20:40:53 PDT, Eliot Lear said:
By appearing to make it legitimate (as RFC 1918 made NAT appear
legitimate). There is a possible way to deal with this though: require an
OPES box to obtain explicit consent from both ends before executing
any content manipulation.
Why is it not acceptable to have one host or its owner approve of such a
use? Consider a web farm. How do we decide whether such "legitimate"
uses will be outweighed by "illegitimate" uses?
Actually, even having *both* ends approve first is problematic. Consider
that current browsers do a *LOT* of things "under the hood" that users
may not know about - and a certain large vendor of browsers recently
announced a "feature" to add links at time of display to the user.
The threat model there is that the browser could be adding what appear
to be links to a competitor's web page. (And yes, I know all the stuff
about adding a META tag to tell it to cut it out - but why should I as
(for example) the web designer for Ford Motor Company have to go through
*every single* webpage and add a "dont add any <censored>ing links to
Now, somebody want to tell me why said vendor of browsers won't feel
an urge to add code that says "Even if Ford said no links to Chevy,
tell the OPAS upstream to stick a link to Chevy in so the browser can
feel smug and morally correct in not having added the link itself"?
And yes, based on past behavior, I *do* think this is a credible
threat model. Unfortunately, this has 2 problems:
1) I have no idea how to codify a requirement that permission be
given by the content provider at the source end (which can be automated)
and require *user* approval at the sink end (*NOT* automated).
2) This would effectively screw any attempts to use this for
EDI or other B2B automated systems. This may be considered by
some to be a feature, not a bug.....