Keith,
Either the publishers care, or they don't. If they don't, we can sing
"end-to-end" until we are blue in the face, but that will do little to
stop business plans and other "value added" services. If they do, they
are faced with the trade-off that you describe, increase the publishing
cost or surrender control of the content to intermediaries. The best the
IETF can do is to ease that trade-off, by reducing as much as possible
the cost of TLS.
Reducing the cost of TLS is actually a very achievable goal. The
components of that cost are key negotiation and encryption. Encryption
using RC4 is generally considered adequate and cheap; it certainly
achieves the objective of thwarting putative value-adding proxies. If
keys could be negotiated easily, then we would have come a long way
towards generalizing the use of encryption.
-- Christian Huitema
-----Original Message-----
From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu]
Sent: Tuesday, June 19, 2001 12:20 PM
To: Christian Huitema
Cc: Brian E Carpenter; Maciocco, Christian; Mark Nottingham; Daniel
Senie;
Scott Brim; ietf(_at_)ietf(_dot_)org
Subject: Re: WG Review: Open Pluggable Edge Services (opes)
What about option 4, "information publishers who don't like
interference
by transport providers use TLS/SSL to enforce actual end-to-end
transmission of the content" ? As we gain experience in implementing
TLS, this is a certainly a possibility!
so we increase the burden on publishers who want content integrity in
the
name of decreasing the burden on intermediaries who want to corrupt
content?
somehow that doesn't seem like a socially beneficial tradeoff.
Keith