From: grenville armitage <gja(_at_)UREACH(_dot_)COM>
...
If we diminish the revenue potential of invasive interception
tools with e2e encryption, what do we offer the ISP community
in return? What tools, architectures, and protocols do we offer
the ISP industry so they can generate revenue by satisfying their
customers, rather than from spying on and manipulating their
customers?
How about charging enough for their legitimate services? Why must the
IETF accept the dot-com theory that the only way for an ISP to survive
is by lying about who its real customers are? Why must providers tell
lusers that they are customers instead of the truth that they are merely
eyeballs to be harvested for the providers' real customers?
From: Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org>
...
As for the argument about "TLS everywhere", you have to ask who is
going to pay for it. The end-user cannot demand it; only the server
can.
Again, that makes sense only if you accept the dot-com notion that
end-users will pay with only their attention and not their money. On
other hand, if users pay money for services, then they can vote with
their pocketbooks. If the Internet is really so worthless that it users
won't pay money for it, then I think we don't need to worry about TLS
anywhere or much of anything else because the Internet is toathst and
everyone who hasn't been able to cash out had better start looking for
a new line of work. Even if that's an exxageration, the data mungers
have the right idea. Still, I hope the data muggers are wrong.
TLS is universally available today, and servers rarely use it
for anything other than getting credit cards or passwords.
No, TLA is not universally available today if you mean that users can
use it as opposed to most servers being able to install it. Not enough
server operators have gone to the trouble to make it available except
for foolishiness like credit cards. Perhaps that's because no users
want it, but I think it's because most users don't know about it
because most people who do know (e.g. readers of this list) have not
bothered to turn it on or tell the world about it. For example, why
doesn't above.proper.com or mail.imc.org answer EHLO with STARTTLS?
Data is already being changed, some of in ways that we should really
be unhappy about, and there is no way for the folks changing it to
tell either end. OPES gives them that capability. Post-OPES, data
will still get changed silently without using OPES, but at least
there can be pressure put on the changers to use OPES so that someone
sees what is happening. Without OPES, they never will.
In other words, if users and content providers won't pay for
uncorrupt data, then they don't care and the IETF should worry
about more entertaining things, including designing and coding the
OPES stuff. I agree with the conclusion, but hope the premise is wrong.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com