From: "Hilarie Orman" <HORMAN(_at_)novell(_dot_)com>
To: <wrec(_at_)cs(_dot_)utk(_dot_)edu>, <mnot(_at_)mnot(_dot_)net>
Cc: <ietf-openproxy(_at_)imc(_dot_)org>
If you've already bought into NAT, then pointing to an interception
proxy as "evil" is simply pot-kettle calling.
No, interception proxies are far worse than NAT.
NAT merely breaks technical stuff. Interception proxies break all of
the technical things that NAT boxes break and significantly more.
E.g. AOL's SMTP redirection proxies probably break some addresses.
Then interception proxies do really nasty non-technical things. They are
open invitations for nasty non-technical things, from censorship to much
easier snooping. For example, if some of the reports about the FBI's
Carnivore are accurate, then AOL's SMTP interception proxies would far
more easily and reliably do that job.
...
To my knowledge, most people use them because they need an easy way
(interception proxies)
to assure that Web traffic (or at least port 80) goes through a
proxy. ...
A lot of people use various HTTP proxies, presumably including redirection
proxies, to filter content. I know people who use them to "protect"
their own children. (Never mind that I strongly disagree with them.)
AOL's SMTP interception proxies are against spam. AOL adds header lines
to SMTP messages and may filter objectionable content. Current rumors
suggest that if AOL does filter SMTP on content with their SMTP redirection
proxies, then they do it only by rate limiting. However, if they only
rate limit, more than the censorship camel's nose is in the tent.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com