Since the Internet is full of proxy servers which
control users access to services, I do not see why the
OPES effort should be picked out. IP telephony is
based on control and the proxy servers in SIP are
designed to enforce adminstrative policy on access to
servces among other things. Why is OPEs considered to
be of such importance in this?
--- John Morris <jmorris(_at_)cdt(_dot_)org> wrote:
FYI, below are comments circulated a few days ago to
the IESG, providing a
public policy perspective on some of the issues
raised by the OPES working
group proposal. Many of the issues discussed have
been discussed on this
list and/or the IETF list; some are addressed in the
current charter draft,
while others are not. Whether or not the IETF
working group is
established, I am hopeful that these comments can
make a constructive
contribution to the discussion of the proposed OPES
tools. John Morris
----------------------------------------
John B. Morris, Jr.
Director, Internet Standards, Technology
& Policy Project
Center for Democracy and Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
(202) 637-9800
(202) 637-0968 fax
jmorris(_at_)cdt(_dot_)org
http://www.cdt.org
----------------------------------------
1.0 Summary
We write to outline serious policy concerns raised
by the proposal that the
IETF/IESG create a working group on "Open Pluggable
Edge Services" (OPES).
As outlined below, OPES would further diminish the
"end to end" principles
that have been so important to the development of
the Internet. OPES would
reduce both the integrity, and the perception of
integrity, of
communications over the Internet, and would
significantly increase
uncertainly about what might have been done to
content as it moved through
the network. OPES would also increase the risk that
ISPs can exercise
bottleneck control over users' access to the
Internet, and could favor
certain content and application providers over
others.
On the threshold question of whether the IETF should
sponsor and sanction
the proposed OPES working group, we believe that the
risks of OPES outweigh
the benefits of IETF review and control. In the
event that the IESG
approves the creation of the OPES working group, we
suggest below a set of
requirements for OPES that would mitigate policy
concerns.
2.0 Background
The Center for Democracy and Technology first became
aware of the OPES
proposals through the work of its newly created
Internet Standards,
Technology & Policy Project [see
http://www.cdt.org/standards/]. (The
comments below are submitted on behalf of CDT, and
not the Project
participants.) CDT is a nonprofit public interest
group that promotes civil
liberties and democratic values online. CDT has over
the years been very
involved in protecting free speech, privacy, and
openness on the Internet,
and these comments reflect those public policy
goals.
3.0 Concerns Raised by OPES
3.1 Content Manipulation, Free Expression, and
Privacy
OPES would significantly increase the risk of
unauthorized interference
with or manipulation of communications as they
traverse the Internet. OPES
would diminish end to end network design principles
and facilitate
third-party alteration of, or action based on,
communications without the
notice or consent of end point parties. As such it
creates major concerns
for free expression and privacy online.
The one party consent model defined in the proposed
charter poses a threat
to the model of trust built into the end to end
model, as well as allowing
third parties to interfere with the free flow of
information that has
become a hallmark of Internet communication. For
example, OPES could
facilitate third-party or state-sponsored censorship
of Internet content
without the knowledge or consent of end users; OPES
could also facilitate
third-party manipulation of content for commercial
purposes (such as
advertising) without the consent of the end parties.
OPES could also
facilitate surveillance systems like Carnivore,
risking individual privacy
and discouraging unpopular expression on the web.
Those who wish to
publish content with complete integrity may be
forced to use end-to-end
encryption of communications, raising barriers to
entry in the cost of
publishing and decreasing potential benefits of
caching.
Undeniably, as proposed, OPES would require the
consent of either the
sender or receiver. Also undeniably, the IETF
process would likely ensure
that this and other security and privacy concerns
would be honored in a
proper implementation of OPES.
At bottom, however, OPES is not a protocol for
communications between
computers or networks, but rather is a
self-contained facility to
manipulate content. The core functions of OPES
(rule-based review of
content, diversion of selected content, and
execution of proxylets or other
content manipulations) can be implemented entirely
within one server (or
linked servers). There is no fundamental need that
certain protections and
guidelines be followed to, for example, ensure
interoperability among
networks. It appears unlikely that meaningful
security and validation
requirements could be made to be so integral to OPES
that such requirements
could not be easily overridden within an individual
implementation of OPES.
The wide proliferation of OPES implementations
would, it seems, be likely
to lead to the modification of such implementations
to facilitate
unauthorized manipulations of content. The
incentives for unauthorized
manipulations are clearly present on the Internet,
and OPES would make such
improper actions easier to implement. Just very
recently we have seen
examples of largely unauthorized manipulation of
content for marketing
purposes by third parties. [See, e.g.,
http://slashdot.org/features/01/07/31/2015216.shtml
or
http://www.salon.com/tech/feature/2001/08/02/parasite_capital/index.ht
ml]. OPES seems likely to facilitate such schemes.
3.2 Facilitating Gatekeepers
OPES could further promote the creation of
bottleneck power in the hands of
Internet Service Providers. Over the past few
years, the Internet has seen
broadband ISPs move toward a business model of
contracting with "preferred"
content providers and facilitating the fast delivery
of that content over
competing, non-preferred content. OPES would
significantly increase the
potential of ISPs to enter into preferential or even
exclusive contracts
with service providers ("the exclusive language
translation services
offered to users of XYZ ISP"). These preferred and
exclusive arrangements
can serve to reduce innovation and competition for
content and services on
the Internet. Although high bandwidth content is
already subject to
potential discrimination in delivery over some ISPs,
OPES would likely
increase such potential for discrimination among
service
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/