ietf
[Top] [All Lists]

RE: WG Review: Open Pluggable Edge Services (opes)

2001-06-20 10:00:02
Paul has some excellent observations here.

- Bury our head in the sand and at the same time keep yelling 
"end-to-end", thereby getting sand in our mouths and having the other 
people on the beach laugh at our collective and rapidly-aging rear 
ends

Isn't it what happened not too long ago with NAT and while this was seen as
breaking the end-to-end model the industry still really needed the
functionality and did it with the known results. 

Various user services exist today, more are coming and users want them. I
don't see how this can change now that the genie is out of the bottle. And
may be in order to avoid the same issues as the one initially created by NAT
the IETF should be the place where the architecture/engineering are being
worked out.

Christian


-----Original Message-----
From: Paul Hoffman / IMC [mailto:phoffman(_at_)imc(_dot_)org]
Sent: Tuesday, June 19, 2001 4:13 PM
To: ietf(_at_)ietf(_dot_)org; ietf-openproxy(_at_)imc(_dot_)org
Subject: Re: WG Review: Open Pluggable Edge Services (opes)



Has everyone who has a reallyreallyreally strong opinion on this 
matter actually read the charter? Right there near the top, it says:

Intermediary services provided in this way are not transparent: 
Either the content requestor or provider will be aware that a 
tranformation has been performed.

OK, so the spelling is not so great, but it sure is clear. What some 
people seem to be up in arms about is that the IETF would even think 
of helping someone change the content in HTTP. Data mungers are doing 
that already, and it is bad, and it is untraceable. So what should 
the IETF do?

- Bury our head in the sand and at the same time keep yelling 
"end-to-end", thereby getting sand in our mouths and having the other 
people on the beach laugh at our collective and rapidly-aging rear 
ends

- Let some other group create a standard, even though that group 
probably cares much less about both end-to-end integrity or alerting 
one or both sides than the IETF does

- Create a standard that does a really good job of allowing one end 
(or, hopefully both ends) know what has been changed and why, in an 
interoperable fashion

If my data coming or going gets changed, I want to be notified; that 
cannot happen now.

As for the argument about "TLS everywhere", you have to ask who is 
going to pay for it. The end-user cannot demand it; only the server 
can. TLS is universally available today, and servers rarely use it 
for anything other than getting credit cards or passwords.

Data is already being changed, some of in ways that we should really 
be unhappy about, and there is no way for the folks changing it to 
tell either end. OPES gives them that capability. Post-OPES, data 
will still get changed silently without using OPES, but at least 
there can be pressure put on the changers to use OPES so that someone 
sees what is happening. Without OPES, they never will.

--Paul Hoffman, Director
--Internet Mail Consortium




<Prev in Thread] Current Thread [Next in Thread>