From: Thorfinn (thorfinn@tertius.net.au)
Date: Tue Jan 16 2001 - 23:38:12 CST
On Tue 16 Jan 2001 at 07:42:58PM -0800, in <20010116194258.A26759@main.templetons.com>,
Brad Templeton <brad@templetons.com> wrote:
> On Tue, Jan 16, 2001 at 12:53:20PM -0800, Russ Allbery wrote:
> > [ encrypted trace headers are a pain ]
> Yes, sometimes you have to put up with some pain in order to have civil
> rights. That may sound trite to you, but it means a lot to some people.
Not enough to enough people, IMO. Sorry.
> I'm not saying use tokens because it's easier. Do it because it's right.
This is an interoperability and protocol standard. It's not supposed
to mandate ethics in any particular direction. Ethical quibbling over
random headers is one of the reasons this document is *waaay* behind
schedule, IMO.
> > Nonetheless, you just completely lost 80% of the people who run news
> > servers.
> There is no need to have them involved. It is something software authors
> would do. The time they would be lost would be when you call them up
> to say, "I want to complain about postings from the user coded xxxxxxx."
> If you are eager you can say, "I see you run Q News. Go to the web page
> at yyyy to find out how you can map the string xxxxxx to the user's real
> identity."
Gah. That's a *huge* pain in the proverbials.
> This is not trivial to do, but it's worth it.
Worth it to who? And why? And whose system of values and ethics are
you using? Some of us *don't* care that much about privacy.
Personally, I think privacy is bullshit. If random people want to
find out everything about me (including what pr0n newsgroups I may or
may not read, what (or who) I like to do in bed, what I talk about,
what my random ethical opinions are), for all I care, they can ask me,
and I'll probably tell them.
I *do* respect *your* right to think that I'm a nutter, but I don't
respect your claim that your ethical point of view is "Right",
therefore it MUST be enforced as a SHOULD in an interoperability
standard.
There's nothing stopping you hacking up code to do good encrypted hash
injector info headers, plus adding some tools to make life easy for
the news server admin when he needs to crack open that injector info
header, and open sourcing them, and submitting that suite of code to
every news server source tree in existence. Probably you can even get
it accepted into many of them. Go to it. Nothing stops you from
doing so.
Do it now, with NNTP-Posting-Host, or just prematurely commit to
Injector-Info: or have it use X-Injector-Info:, or
X-Encrypted-Trace-Header:, or whatever.
> The question is, do we need a design weighted entirely to the convenience
> of the person tracking down the abuser or not?
Yes. We do. What's *in* the Injector-Info header is a "Quality of
Implementation" issue, not an interoperability issue.
By all means, agitate for news server authors to put encryption code
into the tracing headers, and in fact, I think wording to the effect
that privacy concerns Ought to be taken into account should be in the
document.
But it's in no way a SHOULD.
Later,
Thorf
PS: Charles - I should've brought it up earlier, but there are quite
a few places where "Ought" is being used where the language would flow
much better with an "Ought to". "ought" on its own tends to be
somewhat awkward, much more so than "should". IMO, "Ought to" sounds
better.
--
<a href="http://tertius.net.au/~thorfinn">thorfinn@tertius.net.au</a>
Those who know how to play can easily leap over the adversaries of
life. And one who knows how to sing and laugh never brews mischief.
-- Ighulik Eskimo proverb