On 23-aug-2007, at 12:33, John C Klensin wrote:
I trust you understand that "anything not explicitly permitted
is prohibited" is equivalent to "there will be no innovation
from this point forward except by breaking the rules".
I disagree. This means that we need to make our protocols extensible
from the start rather than come up with hacks to extend something
that wasn't designed to be extensible. The most important part here
is capability negotiation. However, this is a problem in store-and-
forward communication.
Not a network environment I want to live in. YMMD.
You're already living there. Try using the RFC 1323 window scale
option through a firewall. Despite the fact that this has been around
for more than a decade and the firewall can easily see what's going
on, a good percentage of them handle this incorrectly.
Consider what would happen if there were no societal consensus
that breaking into houses and stealing things was a bad thing
[...]
It would also encourage any burglar who wanted to expand her
business to create ways of hiding or changing identities so that
the prohibition on second and subsequent break-ins after
notification would not apply or be unenforceable.
Sounds like today's internet to me: no law enforcement to speak of.
From that perspective, the real question here is how bad things
have to get before society decides to effectively criminalize
the behavior. Technical measures that temporarily make things a
little less bad for some populations are the equivalent of the
half-meter increase in fence height and mostly serve to make the
bad guys more sophisticated, to reduce general quality of life,
and to give legislators and regulators excuses to continue to
delay action.
I don't share your pessimism regarding technical solutions. In most
cases, the technology isn't the weakest link, however. But
technological measures can make crime less profitable and also help
in target selection: I don't have to run faster than the lion, I just
need to avoid being the slowest person running away from the lion.
A very big problem is that non-criminal organizations benefit from
crime, so they're more interested in managing it rather than getting
rid of it completely. For instance, if a bank sells you credit
monitoring, they make money. If they implement better identity checks
so that people can't take out loans using false credentials, that
costs them money. (And customers that don't understand what the fuss
is all about until they're a victim.)
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf