ietf
[Top] [All Lists]

RE: WG Review: Open Pluggable Edge Services (opes)

2001-06-20 13:00:02
Well,

The discussion has been interesting so far. It seems to me that a 
compromise can be reached if appropriate hooks are put in place to do the 
following:

1. Ensure that both end points are involved in the decision process.
2. Ensure that OPES's type devices does not allow unauthorized interception 
   of traffic between source and destination.
    - Make it explict that IETF does not endorse any illegal 
      interception/modification/etc of data/content.

Here, I am trying to provide a summary of the points of agreement that have
emerged from the list.

abbie
 


-----Original Message-----
From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu]
Sent: Wednesday, June 20, 2001 2:39 PM
To: Joseph Hui
Cc: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu; Keith Moore; Barbir, Abbie 
[CAR:CC70:EXCH];
Paul Hoffman / IMC; ietf(_at_)ietf(_dot_)org; 
ietf-openproxy(_at_)imc(_dot_)org; Michael W.
Condry
Subject: Re: WG Review: Open Pluggable Edge Services (opes)


The man-in-the-middle thing can happen irrespective of what 
OPES does
or doesn't do, in the absence of end-to-end security, say TLS.
I fail to see how OPES's charter and its 
yet-to-be-developed protocol
would worsen the existing situation.

- if the interfaces designed by OPES make it easier for intermediaries
  to process traffic with the authorization of the edges, they might 
  also make it easier for intermediaries to do so without such 
  authorization.  however, with appropriate design, it may be 
possible 
  to discourage use of OPES without consent of an endpoint.
  (it wouldn't discourage modification of content by other means, but 
  at least OPES wouldn't serve to encourage such modification)

- appropriate clarification of OPES's charter would discourage those
  who want to develop tools for unauthorized modification, from
  trying to further those aims within the context of OPES.

- appropriate restriction on OPES's charter would explicitly forbid
  OPES from providiing explcit support for unauthorized interception 
  of traffic that are not needed when authorization is present.

- appropriate restrictions on OPES's charter, along with language
  included in any documents that OPES produces, would make it clear
  that IETF does not endorse unauthorized interception and alteration
  of network traffic.

Keith