> Keith Moore wrote:
> .  .  .
> > > > 3. Aside from the technical implications of intercepting traffic,
> > > > redirecting it to unintended destinations, or forging traffic from
> > > > someone else's IP address - there are also legal, social, moral and
> > > > commercial implications of doing so.
> > >
> > > You will need to be far more specific here.  I see absolutely nothing that
> > > is not legal, is not social, or is not moral.
> > 
> > Okay, I'll offer a few specific examples, by no means the only ones:
> > 
> > 1. an Internet service provider which deliberately intercepts traffic
> > (say, an IP packet) which was intended for one address or service,
> > and delivers it to another address or service (say that of an interception
> > proxy) may be misrepresenting the service it provides (it's not really
> > providing IP datagram delivery service because IP doesn't work this way).
> Okay, I think I see the mistake you're making. You're crossing
> abstraction layers and conflating two different things (the name of
> a service with the end point of the connection to that service). You
> are criticizing the moving of an endpoint when what you really
> object to is the misrepresentation of a service. Or do you also
> object to HTTP redirects, dynamic URL rewriting, CNAMEs, telephone
> Call Forwarding, or post office redirecting of mail after you move? 

I don't object to redirects at all, as long as they are carefully 
designed.   I do object to misrepresenting the service.    As I've 
said elsewhere, if the service wants to set up an interception proxy 
on its own network to help make its service more scalable, I have 
no problem with that.  I do have a problem with unauthorized third 
parties setting up interception proxies.  (which is according to
my understanding all the most common application of such devices)

> It may well be desireable to reroute things to get improved service at
> a higher abstraction layer. 

the problem is that one person's idea of improved service may be
another person's idea of degraded service.  getting stale data
to me faster may not be much help.  I would argue that it
is up to the producer and consumer, not the ISP, to decide what
level of service is appropriate.

> I see nothing "illegal" about Fedex
> sending my packet to Tennessee and I see nothing immoral about
> Earthlink, MCI, Cisco and CNN all getting together to route my
> packets to whichever one of Akami's caches is the most appropriate
> one for me to go to today. After all, I didn't ask CNN to send me
> packets, I asked CNN for today's news.

If CNN is okay with this, I have no problem with it.  They get to
decide what content delivery mechanisms are appropriate for their
content.  Other content providers might make different decisions.
Where I have a problem is when J. Random ISP unilaterally decides 
that some content delivery mechanism other than standard IP routing
is appropriate for CNN's data (or my data).  

And on some level, yes, you did ask CNN to send you packets.  Or you
sent packets to CNN and the network sent you some packets back purporting
to be from CNN.  You and your web client presumably knew what you were
asking for, and CNN's web server (if it was even in the loop) presumably
knew what kind of response to give.  But the network in the middle does
not know for sure how to interpret your request and CNN's response.
Just because you are sending port 80 does not even mean that you are 
using HTTP, and it certanily doesn't mean that you're using the same
version of HTTP that the interception proxy just happens to support,
and it certainly doesn't mean that you're willing to tolerate whatever
data corruption the interception proxy (whether by design or by accident)
happens to introduce.

> Now, misrepresenting myself as someone else may well be fraud, a
> well defined crime, so someone else offering me news and pretending
> it's from CNN is wrong, but that's nothing to do with IP packet
> delivery. You're thinking at the wrong abstraction layer. Changing
> IP addresses may *result* in fraud, depending upon why you do it,
> but it doesn't constitute fraud in and of itself ("routers don't
> mislead people, people mislead people..." ;-) 

You seem to be saying that because we have a higher service layered 
on top of IP that we can disregard the IP service model.  I disagree.
There are two separate problems here:

1. An interception proxy, unless it is acting with authorization 
of the content provider, is misrepresenting itself as the content 
provider.  IP address spoofing as just one particular mechanism 
by which this can be done, but regardless of the mechanism, it's 
wrong to misrepresent yourself as someone else.

2. At a different level, IP networks that don't behave like IP 
networks are supposed to behave violate the assumptions on which 
higher level protocols are based.  This degrades interoperability
and increases the complexity of higher level protocols as they
try to work around the damage done when clean layering is destroyed.
(for example of increased complexity consider the suggestions to
solve the problem by having everyone use IPsec or TLS)

(as a friend of mine said many years ago, the problem with intelligent
networks is that the network has to be smarter than the applications.)

now it happens that both of these problems are caused by interception
proxies, which is why I choose to mention both of them in the same
> Bottom line is, you seem pretty confused here. 

only if you think that discussing several related topics in a single
mail message is a sign of confusion.

> > 2. an internet service provider which deliberately forges IP datagrams
> > using the source address of a content provider, to make it appear
> > that the traffic was originated by that content provider
> > (interception proxies do this), may be misrepresenting that content
> > provider by implicitly claiming that the service conveyed to the user
> > by the ISP is the one provided by the content provider.
> Keith, this is a legal issue. We don't do legal issues here. 

that's BS.  IETF has every reason to be concerned about publishing
documents that promote illegal or clearly immoral behavior.  While it 
is true that it is not for us to judge fine points of law, it's also 
true that promoting illegal or clearly immoral behavior reflects poorly 
on IETF as an institution and would impair IETF's ability to do its work.
It is not useful to direct IETF's energies in these directions.

The alternative  - to pretend that there are no social implications
to what we are doing in IETF - strikes me as dangerous and irresponsible.

> So because someone can pick up a router and beat someone to death
> with it, we shouldn't build routers? 

no, if someone designed a router whose primary purpose were to beat
someone to death, we shouldn't endorse such a product.

> > RFCs have not been treated in this sense for many years.  And while
> > such treatment may have made sense in the early days of the ARPAnet
> > with a community of a few hundred users, it does not make sense in
> > an Internet with tens of millions of users.
> > 
> > The reality is that today, many documents submitted for RFCs are rejected.
> > I'm simply arguing that this document should be added to that set.
> > or at least, that it needs substantial revision before it is found
> > acceptable.
> So you are arguing for explicit censorship of ideas based upon your
> own moral assessment of the potential misuse of those ideas? Wow.
> Now *that* is a dangerous notion indeed. I sincerely hope it is not
> a widely held one within the echelons of the IETF...

Your use of the word "censorship" is incorrect.  I'm not arguing that 
IETF should try to prevent anybody from publishing their own ideas 
in any forum willing to support them.  Instead I'm arguing that IETF 
and the RFC Editor should not serve as that forum.  I belive that to 
do so would do harm to and the Internet and that IETF's and the RFC 
Editor's meager resources are better spent on more socially useful endeavors.

And absolutely I am making an argument based on my own assessment of 
both the morality of the practice and the technical issues associated
with that practice.  Why should it be dangerous or wrong to argue for 
what one believes is right?


Reply via email to