> Keith Moore wrote:
> . . .
> > You seem to be saying that because we have a higher service layered
> > on top of IP that we can disregard the IP service model. I disagree.
>
> No, I'm saying you purported to be offended by IP address
> redirection when what you really objected to was unauthorized
> spoofing of services and the delivery of something other than what
> the user and/or information provider would have expected.
Actually I have objections to both - though the objections
to the former are purely technical and mostly in response
to folks who claim that such redirection is deserving of
standardization, or in general is anything more than a crude
short-term hack. The objections to the latter are both moral
and technical.
> That in
> turn resulted in your calling for a ban on publication of a
> technical document describing a technique which you admit has quite
> legitimate applications (e.g. when CNN knows that such IP
> interception is going on) because it *could* be used in a manner you
> judge to be immoral (i.e. in a case when neither client nor server
> knew).
I did not call for a ban on publication of any document. I suggested
that the RFC Editor consider not devoting its energies to publishing
the document - and I only suggested this after I suggested several
things that could be done to "fix" the document. Clearly the document
can be published by other means, nor would I try to prevent such publication.
What you may not realize is that fixing the bugs in documents such
as this one - which at best are on the margin of IETF's mission -
tends to consume inordinate amounts of effort on the part of IESG
and/or the RFC Editor, who already have lots of work on their plates.
Their effort, I believe, is better spent on getting more deserving
documents out the door.
(Such waste of resources is especially annoying when the motivation for
having the document published appears to be lend IETF's imprimatur
to an approach by having it published as an RFC - and therefore,
can be cited as if it were a standard - language in the RFC preamble
to the contrary notwithstanding.)
> So write an RFC Draft and call it "IP Address Spoofing Considered
> Harmful". Argue eloquently. Convince everyone and you will be famous
> to generations of students to come as the person who saved us from
> this pernicious practice, right up there with Djkstra and GOTOs.
> Fight ideas with ideas. But banning mention of the technique because
> it can be misused? Puuleeze.
again, you're using "ban" incorrectly.
> You know, I've been pretty uncomfortable over the past few years at
> what I perceive as a growing hostility in some quarters towards
> innovation in the name of purity and stability. I agree the Internet
> is "important", and we must consider the consequences of our
> actions, but personally I think you've gone way over a line here...
I do take a hostile attitude toward so-called innovations which impair
the flexibility and reliability of the Internet and Internet applications,
and I make no apology for it.
> > now it happens that both of these problems are caused by interception
> > proxies, which is why I choose to mention both of them in the same
> > discussion.
>
> Actually, you mistyped "both problems are caused by the *misuse* of
> interception proxies".
tell that to the marketing departments of companaies who are selling
interception proxies to ISPs and as local web caches. such applications
of interception proxies *do* cause harm, and yet most of the companies
selling such products would claim that these are legitimate uses.
> And you advocate that the IETF prevent
> discussion of the very technique because it can be misused.
nope, not prevent discussion - clearly we are discussing it here -
I'm advocating that IETF not spend resources publishing a biased
description of this technique.
> We need to build publishing and distribution services that can scale
> to millions, if not billions, of users, and we need them now.
> Address interception is a perfectly legitimate technique in our
> arsenal of ideas for this task, with some dangers.
I will agree that legitimate uses of the technique exist, but given
the widespred misuse of this technique (there seems to be a great
deal more misuse than appropriate use) "perfectly legitimate"
seems like an oversimplificatiaon.
>
> > > Bottom line is, you seem pretty confused here.
> >
> > only if you think that discussing several related topics in a single
> > mail message is a sign of confusion.
>
> Sorry, you're not convincing me you understand my point. You
> acknowledge that it's okay to intercept if CNN knows you're doing
> it.
not quite. I said "if it's okay with CNN". Knowledge != explicit consent.
> So why don't we document how to do that? Oh, you say - that's
> because the idea can be misused. "Let these dangerous kooks publish
> their innovations elsewhere, so we don't sully the IETF brand".
> Fine, if we do that, I guarantee that new ideas will simply migrate
> out of this forum. Be careful what you ask for, as you're liable to
> get it...
sometimes it's useful if new ideas migrate elsewhere. in certain
circles this is known as the Golgafrinchian Ark B principle.
> Publishing of a technical document is not promoting "illegal or
> clearly immoral behaviour", any more than publishing instructions on
> driving a car is promoting carjacking.
I would argue that publication of this document, regardless of the
*intent* in doing so, is likely to have the *effect* of promoting
illegal and/or immoral behavior. If the decision is made to publish
the document in some form, the question becomes one of how to minimize
this negative effect.
> > The alternative - to pretend that there are no social implications
> > to what we are doing in IETF - strikes me as dangerous and irresponsible.
> >
> > > So because someone can pick up a router and beat someone to death
> > > with it, we shouldn't build routers?
> >
> > no, if someone designed a router whose primary purpose were to beat
> > someone to death, we shouldn't endorse such a product.
>
> Okay, I'll see your moral indignation and raise you a moral outrage.
> Since when is the publishing of technical information for the
> education of the IETF community endorsement of anything other than
> the free exchange of ideas?
and those who cite such documents as if they were standards, in order
to mislead their customers - they're also contributing to the free
exchange of ideas?
it mystifies me how it's quite legitimate to promote dubious and clearly
harmful technical practices (this is defended as the free exchange of
ideas) but to suggest that such publication is likely to cause harm and
to consume precious energies which are better spent elsewhere is not
part of the free exchange of ideas - it is branded as censorship.
I suppose calling it censorship is also part of the free exhcnage of
ideas, but it's not exactly persuasive.
> Frankly *I'm* morally offended at that
> notion as I think it strikes at the very heart of the IETF and what
> made it a successfully organization worthy of my support. If this
> were to become the way this organization actually does work in the
> future, I would predict its speedy demise as a useful place for the
> free interchange of ideas.
Get over it. The RFC has been exercising editorial discretion - or if
you prefer - rejecting ideas for RFCs, for many years now.
> > And absolutely I am making an argument based on my own assessment of
> > both the morality of the practice and the technical issues associated
> > with that practice. Why should it be dangerous or wrong to argue for
> > what one believes is right?
>
> Because nobody died and made you king and TWIAVBP. I'm offended at
> the notion that a former Area Director of the IETF would advocate
> censoring what others can publish in the Internet's premier
> technical exchange forum based not on the quality of the technical
> information, but on how that information may be misused.
as far as I can tell, you think that my having served on the IESG
means that I have given up the right to speak out against dangerous
and harmful practices and against poor uses of the IESG's and RFC
Editor's energies.
IMHO, that's not merely naive, that's delusional.
Keith
