On 05/12/2013 09:34, Bruce Perens wrote:
> So, we're just going to give the entire web all of the instructions, and we
> don't actually _care_ if they implement HTTP 2.0 or not. We're not
> responsible
> if they do.
That is exactly right. All IETF standards are voluntary standards.
Whether they are implemented or deployed is utterly outside the IETF's
hands.
> Sort of like handing someone a weapon, and then disclaiming responsibility
> for
> what happens afterward because you had no idea he'd actually use it!
Engineers have certain ethical responsibilities, indeed. You could
certainly argue that the IETF has historically been too lax about
security and privacy vulnerabilities in our specifications - I reviewed
some of that history in my plenary talk in Vancouver - so what we
"handed over" was a network vulnerable to spying and spoofing.
> Sorry, this seems to me to be specious.
Exactly not. There is a clear line between the technology (which needs
to be secure) and society's use of the technology (which needs to be
ethical). The IETF is on the technology side, and our ethical
responsibility is to make the technology capable of being secure.
I think this thread is off topic for this list, so I will leave it there.
Brian
>
> Thanks
>
> Bruce
>
> On 12/04/2013 10:58 AM, Brian E Carpenter wrote:
>> Whether
>> implementors and operators choose to implement the resulting counter-
>> measures is a separate question that does have political, legal or
>> societal aspects.
>>
>> I think that Bruce's concerns apply to deployment, not to the
>> IETF's work.
>>
>
> .
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
