Keith Moore wrote:
. . .
You seem to be saying that because we have a higher service layered
on top of IP that we can disregard the IP service model. I disagree.
No, I'm saying you purported to be offended by IP address
redirection when what you really objected to was unauthorized
spoofing of services and the delivery of something other than what
the user and/or information provider would have expected. That in
turn resulted in your calling for a ban on publication of a
technical document describing a technique which you admit has quite
legitimate applications (e.g. when CNN knows that such IP
interception is going on) because it *could* be used in a manner you
judge to be immoral (i.e. in a case when neither client nor server
knew).
There are two separate problems here:
1. An interception proxy, unless it is acting with authorization
of the content provider, is misrepresenting itself as the content
provider. IP address spoofing as just one particular mechanism
by which this can be done, but regardless of the mechanism, it's
wrong to misrepresent yourself as someone else.
So write an RFC Draft and call it "IP Address Spoofing Considered
Harmful". Argue eloquently. Convince everyone and you will be famous
to generations of students to come as the person who saved us from
this pernicious practice, right up there with Djkstra and GOTOs.
Fight ideas with ideas. But banning mention of the technique because
it can be misused? Puuleeze.
2. At a different level, IP networks that don't behave like IP
networks are supposed to behave violate the assumptions on which
higher level protocols are based. This degrades interoperability
and increases the complexity of higher level protocols as they
try to work around the damage done when clean layering is destroyed.
(for example of increased complexity consider the suggestions to
solve the problem by having everyone use IPsec or TLS)
You know, I've been pretty uncomfortable over the past few years at
what I perceive as a growing hostility in some quarters towards
innovation in the name of purity and stability. I agree the Internet
is "important", and we must consider the consequences of our
actions, but personally I think you've gone way over a line here...
(as a friend of mine said many years ago, the problem with intelligent
networks is that the network has to be smarter than the applications.)
now it happens that both of these problems are caused by interception
proxies, which is why I choose to mention both of them in the same
discussion.
Actually, you mistyped "both problems are caused by the *misuse* of
interception proxies". And you advocate that the IETF prevent
discussion of the very technique because it can be misused. The bad
guys have proved pretty adept at misusing whatever technologies we
create, but the fact that search engines *can* be misused to leak
information wouldn't have been a reason to ban discussion of Archie
10 years ago, and the fact that the Web can carry porn wasn't a
reason to ban the publishing of an RFC on HTTP five years ago. The
final line of the argument is left as an exercise for the reader...
We need to build publishing and distribution services that can scale
to millions, if not billions, of users, and we need them now.
Address interception is a perfectly legitimate technique in our
arsenal of ideas for this task, with some dangers. So document the
dangers, but if you seek to ban the ideas themselves, I will tap my
head, stick out my tongue and speak in a terrible French accent in
your general direction.
Bottom line is, you seem pretty confused here.
only if you think that discussing several related topics in a single
mail message is a sign of confusion.
Sorry, you're not convincing me you understand my point. You
acknowledge that it's okay to intercept if CNN knows you're doing
it. So why don't we document how to do that? Oh, you say - that's
because the idea can be misused. "Let these dangerous kooks publish
their innovations elsewhere, so we don't sully the IETF brand".
Fine, if we do that, I guarantee that new ideas will simply migrate
out of this forum. Be careful what you ask for, as you're liable to
get it...
2. an internet service provider which deliberately forges IP datagrams
using the source address of a content provider, to make it appear
that the traffic was originated by that content provider
(interception proxies do this), may be misrepresenting that content
provider by implicitly claiming that the service conveyed to the user
by the ISP is the one provided by the content provider.
Keith, this is a legal issue. We don't do legal issues here.
that's BS. IETF has every reason to be concerned about publishing
documents that promote illegal or clearly immoral behavior. While it
is true that it is not for us to judge fine points of law, it's also
true that promoting illegal or clearly immoral behavior reflects poorly
on IETF as an institution and would impair IETF's ability to do its work.
It is not useful to direct IETF's energies in these directions.
If we're going to be foul-mouthed about it, then to quote Saturday
Night Live -
"Jane, you ignorant slut".
Publishing of a technical document is not promoting "illegal or
clearly immoral behaviour", any more than publishing instructions on
driving a car is promoting carjacking. *That's* the conflation of
ideas I charged you with, not simply carrying two ideas in a single
posting.
The alternative - to pretend that there are no social implications
to what we are doing in IETF - strikes me as dangerous and irresponsible.
So because someone can pick up a router and beat someone to death
with it, we shouldn't build routers?
no, if someone designed a router whose primary purpose were to beat
someone to death, we shouldn't endorse such a product.
Okay, I'll see your moral indignation and raise you a moral outrage.
Since when is the publishing of technical information for the
education of the IETF community endorsement of anything other than
the free exchange of ideas? Frankly *I'm* morally offended at that
notion as I think it strikes at the very heart of the IETF and what
made it a successfully organization worthy of my support. If this
were to become the way this organization actually does work in the
future, I would predict its speedy demise as a useful place for the
free interchange of ideas.
. . .
So you are arguing for explicit censorship of ideas based upon your
own moral assessment of the potential misuse of those ideas? Wow.
Now *that* is a dangerous notion indeed. I sincerely hope it is not
a widely held one within the echelons of the IETF...
Your use of the word "censorship" is incorrect. I'm not arguing that
IETF should try to prevent anybody from publishing their own ideas
in any forum willing to support them. Instead I'm arguing that IETF
and the RFC Editor should not serve as that forum.
Fortunately, I don't think your view really reflects the spirit of
the majority, but I will say again I find it dangerous and offensive
in the extreme. You are advocating that the IETF censor ideas, for
what you claim are the best of reasons. Frankly, I think you value
the IETF brand too much, and the free exchange of ideas too little.
. . .
And absolutely I am making an argument based on my own assessment of
both the morality of the practice and the technical issues associated
with that practice. Why should it be dangerous or wrong to argue for
what one believes is right?
Because nobody died and made you king and TWIAVBP. I'm offended at
the notion that a former Area Director of the IETF would advocate
censoring what others can publish in the Internet's premier
technical exchange forum based not on the quality of the technical
information, but on how that information may be misused. Heck, I'm
also offended that you've dropped the 'the" in front of the term
"the IETF", as it always makes me think of the old "Royal We" that
the Queen of England allegedly uses and I don't want to be thinking
of the Queen of England every time I read one of your postings. Why
can't I demand the IETF forbid any mail posted from you without the
leading "the"?
Okay, it's Friday and I'm being silly, but the underlying concept
here is most definitely censorship of ideas in a most pernicious
form. It's the censorship of ideas based upon how those ideas may be
misused. That always the first step justification used by those who
would protect us from ourselves. Shame on you...
- peterd
--
----------------------------------------------------------------------
Peter Deutsch work email: pdeutsch(_at_)cisco(_dot_)com
Technical Leader
Content Services Business Unit private:
pdeutsch(_at_)earthlink(_dot_)net
Cisco Systems or : peterd(_at_)the(_dot_)web
Alcohol and calculus don't mix. Never drink and derive.
----------------------------------------------------------------------