ietf-openproxy
[Top] [All Lists]

Re: End to End thoughts [long]

2000-09-20 09:48:30


Mark Nottingham wrote:

On Tue, Sep 19, 2000 at 05:11:31PM -0700, Joe Touch wrote:


                   Interception Proxies are Evil.

The problem with interception proxies isn't breakage of E2E;
it's breakage of standard protocols. See
http://www.isi.edu/touch/pubs/hazards-outline.txt for further info.

Many have been explaining the Evils of interceptions proxies in this way,
which is why I started from this angle.

That having been said, I'm more interested in the effects below than these.
Interception problems seem to have enough people concerned about them
(although we still need to *do* something about them). In this respect, it
was a poorly chosen subject line, but my perception was that these points
were previously articulated as end-to-end problems.

There certainly is room for work here.

Of course; I wasn't suggesting that E2E prohibited application level
gateways, etc., but that if current work goes forward without considering
the social and legal effects of what they do, there will be trouble.

The IETF, far as I can tell, doesn't consider these issues, unless:

        1. there are technical solutions somewhere underlying
           the social and/or legal

        AND

        2. the legal issues constrain technical solutions
                i.e., solutions which are obviously not viable
                from the legal aspect are probably not worth 
                spending time on technically


It's interesting that Web caching seems to be losing ground to CDNs
so rapidly; to me, this illustrates the point perfectly. Web caching
was always performed in the interest of the access provider, not the
content provider (or arguably even the user). As a result, content
providers don't trust Web caches. What's it going to be like out
there when access providers can slip a transcoding, rewriting module
into a proxy on the fly?

CDNs use web caches, don't they? or at least what do you call the
rented Akamai server? I call it a cache...
(CDN is just an economic model for charging the provider for space
on the cache)

It's a surrogate which implements a cache. 

That's marketing doublespeak. It's a cache.

You've made my point well - Web
caching isn't a good economic model, and even risked legal problems at one
point, because it isn't done on behalf of the content provider. Rather, it
is done by the access provider, who isn't concerned with cache correctness,
etc. nearly as much as the content provider.

Value-added services are a good thing, but there needs to be a framework to
address these issues. While some content providers may not care that their
content is transcoded by a proxy in front of the user, others may.

For example, if a legal document is changed in any way (translated,
summarized, etc.) it becomes invalid.

The primary problems with caching, in that sense, are:

        1. content providers do not _want_ to provide expiration dates
                these dates must be determined in advance, and limit
                when changes will propagate.
                the CP's would like to 'recall' old items; this 
                doesn't work with our current caching model, regardless
                of who runs the cache.

                the reason the CDNs are useful is that the CP's 
                can push updated info out to the caches, in that sense

        2. authentication is lacking

                CP's could sign their pages (e.g., PGP sign)
                again, there is disincentive, because it
                would inhibit user access (slow it down, 
                stall it while waiting for key retrieval, etc)

There is certainly a model for client-directed caching; several
have worked just fine. Local premesis caching works if the 
organization is large (e.g., a school, a company, or a large ISP).
Egress/ingress caching works on national scales, esp. where
bandwidth is limited (e.g., Australia).

The model is the same as TV and radio. People can decide what
they want to see (e.g., PBS, request radio shows), but there
is more money to be made by being advertiser-driven. E.g., I
doubt people _want_ to watch infomercials all day long on the
weekend, but there's money there. But you can buy pay-per-view 
or HBO and not have infomercials. 

People want to direct their cost (free); advertisers
want to direct the content (and will pay). 

(but I digress - this may be an interesting coffeehouse
chat at an upcoming IETF, though).

The most oft-cited example that makes me shudder is the dynamic
insertion/replacement of ads by the access provider, without permission of
the content provider. While I'm sure there's a market for this out there, it
brings up significant issues.

Happens with local TV too. Without monitoring, it happens.

I'm not sure that IETF is the best place to address this; W3C seems (to
me) to have a more active view on social/legal issues. However, this is
where these capabilities are being talked about, so it seemed a good
starting point.

These issues are addressed in the open court of public opinion,
or in classes in business schools :-)

Joe

<Prev in Thread] Current Thread [Next in Thread>