ietf-openproxy
[Top] [All Lists]

RE: IAB Requirement for OPES

2001-11-19 14:19:32

At 01:03 PM 11/19/2001, John Morris wrote:

I also would agree with Leslie.  My thinking goes as follows:

Most Internet/web communications involve up to five basic categories of entities:

   A. the sender
   B. one or more ISPs that provide access and other services to the sender
C. network/backbone operators who have no direct relationship with sender or receiver D. one or more ISPs that provide access and other services to the recipient
   E. the recipient

If the OPES service is provided for the benefit of A or E, then obtaining at least "one-party" should not be a problem.

If the OPES service is provided for the benefit of B (or D) AND is viewed as a normal, legitimate action of the ISP/provider (such as billing, etc.), then the OPES service could be covered by the ISP's "terms of service" and, as a contractual matter, A (or E) could be required to consent to the OPES service as a condition of obtaining service from B (or D).

If the OPES service is provided for the benefit of B (or D) but it is NOT something that the ISP/provider would be able to obtain contractual consent from their customer A (or E), then it strikes me that the OPES protocol should not facilitate such an unconsented action by B (or D).

Doesn't this apply to all such proxy services, OPES or not?


Finally, that leaves possible OPES services provided for the benefit of C (a scenario that seems less likely than A, B, D, or E). I for one am comfortable saying that OPES cannot be used to provide unconsented services to C, even recognizing that one can hypothesize some mundane network measurement services that might be desired by C.

Again, I think it is INCORRECT to interpret this as OK if you are doing this but not conforming to OPES standards, yes????????


All of this leads me to conclude that a one-party consent rule is appropriate, and that such a rule should not be a significant obstacle to the deployment of OPES services.

John Morris


At 8:30 PM +0100 11/19/01, Patrik Johansson wrote:
I agree with you Leslie. Reading can definitely be destructive. For me it's
like tapping a phone conversation, you "read" without "modifying".

By the way, according to Swedish law, if the security police wants to tap a
telephone conversation a public prosecutor first must approve. But if one
person taking part in the tele conversation is aware of the bugging no
approval is needed. You don't even have to be a police to tap it.

So I also recommend at least one-party consent for reading.

/Patrik


 > -----Original Message-----
 > From: owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org
 > [mailto:owner-ietf-openproxy(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of 
Leslie Daigle
 > Sent: Monday, November 19, 2001 5:21 PM
 > To: Markus Hofmann
 > Cc: Ian Cooper; OPES Group; floyd(_at_)aciri(_dot_)org
 > Subject: Re: IAB Requirement for OPES
 >
 >
 >
 > Howdy,
 >
 > Speaking for myself, I would propose that even "read only" services
 > like logging/billing should require at least one-party consent.
 > It's still a traffic diversion, and reading is sometimes as
 > destructive
 > as a modify.
 >
 > Leslie.
 >
 > Markus Hofmann wrote:
 > >
 > > Ian Cooper wrote:
 > >
 > > > The examples you give seem more closely related to ones
 > that could be
 > > > performed in a proxy, or indeed a router (depending on
 > which layer you
 > > > want your logs/bills to consider).  As such I don't
 > really see what they
 > > > would have to do with OPES per se., though I can
 > understand why you're
 > > > asking the question.
 > >
 > > Yup, agreed, the given services are typically more closely
 > related to
 > > devices such as the ones you mentioned (hmm..., a "proxy" could
 > > possible run a local OPES proxylet for logging/billing, what about
 > > this case?).
 > >
 > > I'm just wondering whether this consideration rules out
 > realizing such
 > > services in an OPES framework and whether this is intentional or
 > > whether we need more clarification on this.
 > >
 > > -Markus
 >
 > --
 >
 > -------------------------------------------------------------------
 > "An essential element of a successful journey
 >     is recognizing when you have arrived."
 >    -- ThinkingCat
 >
 > Leslie Daigle
 > leslie(_at_)thinkingcat(_dot_)com
 > -------------------------------------------------------------------
 >

----------------------------------------
John B. Morris, Jr.
Director, Internet Standards, Technology
   & Policy Project
Center for Democracy and Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
(202) 637-9800
(202) 637-0968 fax
jmorris(_at_)cdt(_dot_)org
http://www.cdt.org
----------------------------------------

Michael W. Condry
Director,  Network Edge Technology


<Prev in Thread] Current Thread [Next in Thread>