Well,
The discussion has been interesting so far. It seems to me that a
compromise can be reached if appropriate hooks are put in place to do the
following:
1. Ensure that both end points are involved in the decision process.
2. Ensure that OPES's type devices does not allow unauthorized interception
of traffic between source and destination.
- Make it explict that IETF does not endorse any illegal
interception/modification/etc of data/content.
Here, I am trying to provide a summary of the points of agreement that have
emerged from the list.
abbie
-----Original Message-----
From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu]
Sent: Wednesday, June 20, 2001 2:39 PM
To: Joseph Hui
Cc: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu; Keith Moore; Barbir, Abbie
[CAR:CC70:EXCH];
Paul Hoffman / IMC; ietf(_at_)ietf(_dot_)org;
ietf-openproxy(_at_)imc(_dot_)org; Michael W.
Condry
Subject: Re: WG Review: Open Pluggable Edge Services (opes)
The man-in-the-middle thing can happen irrespective of what
OPES does
or doesn't do, in the absence of end-to-end security, say TLS.
I fail to see how OPES's charter and its
yet-to-be-developed protocol
would worsen the existing situation.
- if the interfaces designed by OPES make it easier for intermediaries
to process traffic with the authorization of the edges, they might
also make it easier for intermediaries to do so without such
authorization. however, with appropriate design, it may be
possible
to discourage use of OPES without consent of an endpoint.
(it wouldn't discourage modification of content by other means, but
at least OPES wouldn't serve to encourage such modification)
- appropriate clarification of OPES's charter would discourage those
who want to develop tools for unauthorized modification, from
trying to further those aims within the context of OPES.
- appropriate restriction on OPES's charter would explicitly forbid
OPES from providiing explcit support for unauthorized interception
of traffic that are not needed when authorization is present.
- appropriate restrictions on OPES's charter, along with language
included in any documents that OPES produces, would make it clear
that IETF does not endorse unauthorized interception and alteration
of network traffic.
Keith