Richard Bennett wrote:
Not to be too flip about it, but It's not clear to me that helping
people break the law falls in the scope of the requirements for this
working group or of the IETF in general.
What is "breaking the law" in one place is "supporting the human rights
of the oppressed" in another.
But there's also corporate applications where there may be IT policy in
place that restricts employees from sending lists of IP addresses of
other users of that application in plaintext.
I admit that in both cases traffic analysis can be used to find *some*
of the participating nodes, but a system where larger numbers of
candidate nodes are transmitted to the ISP for ranking in plaintext is
clearly not as safe as one where candidate nodes are transmitted to a
trusted ISP for ranking in a secure form and that is not as safe as one
where a trusted third party can anonymize the requests prior to having
them ranked.
Given my position, I'm not really able to go on speculating more about
what specific types of applications users might develop on top of the
overlay network I implement for them, as it is important that my design
be as generic as possible and not tailored to any specific use,
particularly a use which might not be legal somewhere. What I can do it
point out that a requirement that has come to me is that if I have my
overlay use something like ALTO in order to build a more optimal
overlay, some developers don't want node information being transmitted
in plaintext, and others don't want it being transmitted at all.
Matthew Kaufman
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
