Filtering can always be done, that is the right of the network
administrator doing the filtering. That some users won't like it is
indeed an issue, but that is political and not technical.
Thinking of this as a "right" is the wrong way to think about it. A
more relevant question is whether this works well. There are a number
of problems associated with interception proxies, many related to a lack
of accountability and transparency, others related to compromises in
end-to-end security.
I also disagree that the network admen inherently has a right to
interfere in arbitrary ways with communications between parties using
his network- there are cases where this "right" may exist but it is
because of some other role of the network operator - not merely because
he is operating a network. Does a postal or courier service have the
"right" to open, alter, and reseal paper messages? Does a telephone
company have the "right" to alter conversations? The job of the network
is to carry messages transparently; and applications need to be able to
assume that the network is behaving in a simple, predictable, and
reasonably uniform manner independent of the locations of the hosts that
are participating.
Host and application security are not the job of the network. At best,
the network can cooperate with hosts and applications to enhance the
security that the hosts and applications already provide. But when the
network tries to provide security independently of host and application
policy, the result is usually degraded interoperability and rarely good
security.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf