From: Mark Nottingham <mnot(_at_)mnot(_dot_)net>
...
The point is, deploying a working OPES means that people will have
more opportunity to stick their noses where they don't belong, and to
ignore application semantics on the grounds of "well, the vectoring
technology takes care of that." Just think - with OPES, anyone with
half a clue (or less) and a OPES server can interpose their newest,
niftiest 'value-added service' into your application data stream.
I still say that's the wrong with to look at the stuff. The worst
villainy around here is not that of the fools would would take
advantage of the opportunities for adding valuable services to
other people's data, but that of the lazy who chose to be vulnerable.
Instead of fighting such things, the IETF should actively encourage
them. Look at OPES and similar as forced education on the need for
end-to-end authentication and integrity, and confidentiality when
needed. Only when people finally understand that the wires and routers
outside their DMZ's are hostile will they do the obvious, and then the
value added services will disappear. A few more RFC's to join the
hundreds that no one reads without head shaking is a small price to pay.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com