> From: grenville armitage <[EMAIL PROTECTED]> > ... > If we diminish the revenue potential of invasive interception > tools with e2e encryption, what do we offer the ISP community > in return? What tools, architectures, and protocols do we offer > the ISP industry so they can generate revenue by satisfying their > customers, rather than from spying on and manipulating their > customers? How about charging enough for their legitimate services? Why must the IETF accept the dot-com theory that the only way for an ISP to survive is by lying about who its real customers are? Why must providers tell lusers that they are customers instead of the truth that they are merely eyeballs to be harvested for the providers' real customers? > From: Paul Hoffman / IMC <[EMAIL PROTECTED]> > ... > As for the argument about "TLS everywhere", you have to ask who is > going to pay for it. The end-user cannot demand it; only the server > can. Again, that makes sense only if you accept the dot-com notion that end-users will pay with only their attention and not their money. On other hand, if users pay money for services, then they can vote with their pocketbooks. If the Internet is really so worthless that it users won't pay money for it, then I think we don't need to worry about TLS anywhere or much of anything else because the Internet is toathst and everyone who hasn't been able to cash out had better start looking for a new line of work. Even if that's an exxageration, the data mungers have the right idea. Still, I hope the data muggers are wrong. > TLS is universally available today, and servers rarely use it > for anything other than getting credit cards or passwords. No, TLA is not universally available today if you mean that users can use it as opposed to most servers being able to install it. Not enough server operators have gone to the trouble to make it available except for foolishiness like credit cards. Perhaps that's because no users want it, but I think it's because most users don't know about it because most people who do know (e.g. readers of this list) have not bothered to turn it on or tell the world about it. For example, why doesn't above.proper.com or mail.imc.org answer EHLO with STARTTLS? > Data is already being changed, some of in ways that we should really > be unhappy about, and there is no way for the folks changing it to > tell either end. OPES gives them that capability. Post-OPES, data > will still get changed silently without using OPES, but at least > there can be pressure put on the changers to use OPES so that someone > sees what is happening. Without OPES, they never will. In other words, if users and content providers won't pay for uncorrupt data, then they don't care and the IETF should worry about more entertaining things, including designing and coding the OPES stuff. I agree with the conclusion, but hope the premise is wrong. Vernon Schryver [EMAIL PROTECTED]
