ietf-openproxy
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Content Provider Notification: Summary: Please provide feedback ASAP

2002-06-11 07:27:06
from [John Morris] [Permanent Link] 

At 6:32 PM -0400 6/10/02, Oskar Batuner wrote:

John, it looks like there are two main differences in
our approach:

1. You are looking at OPES as enabling technology that makes possible
things that do not exist now. I look at OPES mainly as a technology
standard that may facilitate deployment of services that do already
exist but are deployed in a less efficient/controllable way (like
filters, edge services, etc.)
You are correct that I am (perhaps too) focused on new services. I appreciate the need/desire to use OPES to perform existing services better. 


As a result you are more concerned with the ability of new OPES
entities to affect end-to-end interaction between content producers
and content consumers. On another hand I think that with the proper
architecture and taking into account IAB requirements (RFC3238),
especially  requirement of explicit authorization, OPES does not
create a situation that is substantially different from the existing
one. OPES deals with the threats that already exist (Trojans, spyware,
server security flaws, etc.).
I am a little unsure of what you are saying. If you are saying that "OPES will be no worse than bad stuff that is already out there, so we do not need to worry about notice, authoritzation, etc." then I cannot agree.
But I don't think you are saying that. If you are saying that so long as OPES is built with the proper architecture and consistent with the IAB requirements, it will not create new problems or perpetuate old ones, then I am fully supportive of that approach. 


OPES development requires careful consideration of all possible
threats but as a result I'd really like to see new
security/authorization/tracing/reporting methods and standards that
are equally applicable to both OPES and non-OPES systems.


Agreed.


2. You are looking at "good guys" environment - both sides are
perusing legitimate goals but may have different interests.
I'm looking also at "bad guys" - viruses, worms, DDoS bots,
spyware, persistent distributors of unwanted information and
the like.

"Bad guys" can not be trusted and have no legitimate
interests that should be protected in any way. In situations
of conflict between protection of legitimate content
distributor rights and protection of end user from malicious
intents I usually sympathize with the end-user.


Agreed.



Oskar



John
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Content Provider Notification: Summary: Please provide feedba ck ASAP, Abbie Barbir
Next by Date:  Re: http://www.ietf.org/internet-drafts/draft-ietf-opes-protocol-reqs-00.txt, Markus Hofmann
Previous by Thread:  RE: Content Provider Notification: Summary: Please provide feedback ASAP, Oskar Batuner
Next by Thread:  RE: Content Provider Notification: Summary: Please provide feedback ASAP, Oskar Batuner
Indexes:  [Date] [Thread] [Top] [All Lists]