On 10/05/2018 03:17 PM, Thomas Corte wrote:
> Hello,
>
> On 10/5/18 15:01, Niels ten Oever wrote:
>
>> If this would be a standard in response to a demand, that would be fine.
>> But I am rather afraid this is a standard that will create policy and
>> practice. Namely the practice of 3rd party identity verification
>> providers. Since there is legislation that demand this afaik, I think we
>> should be hesitant to standardize such a thing because of the
>> potentially severe implications as pointed out by the review.
>
> Not having a standard for this process will not prevent bad actors from
> establishing it anyway (they'll simply use proprietary extensions).
> However, it will force good actors requiring similar processes to also
> implement their own solutions, which hurts interoperability and makes
> life harder for everybody.
We could simply standardize good solutions and not standardize the bad
ones. Interoperability is not the only value at play here, right?
> In this respect, this is somewhat similar to
> an argument brought forward by opponents of weapon control in the US: "If
> weapons become illegal, only illegal people will have weapons".
>
> Generally, technical standards are IMHO not the appropriate place for
> fighting political or societal issues. This battle needs to be fought
> elsewhere, i.e. in the voting booth or by people walking away from a bad
> product.
>
But what if people cannot walk away from a bad product and are forced to
use 3rd party verification? There is not always a choice, and we do have
a role here by saying 'we will do this' or 'we will not do this'.
We cannot simply wish political implications of our work away.
Best,
Niels
> Best regards,
>
> Thomas
>
--
Niels ten Oever
Researcher and PhD Candidate
Datactive Research Group
University of Amsterdam
PGP fingerprint 2458 0B70 5C4A FD8A 9488
643A 0ED8 3F3A 468A C8B3
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
