On Tue, Mar 19, 2019 at 6:42 PM Stephen Farrell <stephen.farr...@cs.tcd.ie>
wrote:
>
> Hiya,
>
> One individualistic data point on this sub-topic, and a real point:
>
> On 20/03/2019 01:13, Jared Mauch wrote:
> > My impression is there are people who will not be satisfied until all
> traffic looks
> > identical and you have zero way to protect your home,
>
> I do not claim that everyone ought do the same, but I absolutely
> do claim that encouraging voluntary policy adherence by dealing
> with the people using the n/w is preferable to many egregiously
> invasive attempts to force technical policy enforcement on
> unwilling serf-like users.
>
So, this is the problem:
- If a network operator has any policy that is enforceable, ONLY the
technical policy enforcement model scales.
- In such an environment, there are only, ever, "willing users", because,
in order to use the network, they are required to agree to the policies.
This makes the argument you have above, a vacuously defined one.
You want to encourage voluntary policy adherence for a non-existent set of
otherwise unwilling users.
I understand your position: you would prefer that {some,all} networks were
not employing policies that {you,some people} disagree with.
I sympathize, but I disagree. What we need are mechanisms that scale.
My position (personally) is that we find ways to have scalable, technical
mechanisms.
They should allow users (or machine administrators) to be as compliant as
they are willing, and no more.
They should allow networks to enforce their policies, while treading as
lightly as possible.
It should be possible to use technical means to handle this negotiation
with little to no user input required.
The analogy is roughly that of escalation-of-force in law enforcement,
starting at a level of "polite requests".
You can disagree, but I implore you: please don't stand in the way of those
wanting to find consensus on scalable, flexible, technical solutions that
encompass a wide range of network policies and enforcement needs.
The main point is, I believe the end result will be mechanisms that allow
you to deploy networks that meet your needs, and software that you can
configure to bypass such controls, but that neither of those should ever be
the default configurations.
If the results allow you to do what you want/need, and also allow others to
do what they want/need, everyone should be happy enough with the result.
Can we at least agree on this as a desired goal for this work?
Brian
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
