RE: Requirements Document

There is a VERY big difference between "...must be a mechanism"
and "If the mechanism is required to be used"

The former is okay, the latter is not.
There is zero privacy in exchanging protocol messages that don't do
anything:
        "Inform the user that consent is needed"
        "I confirm I informed the user, and he said yes"

Unless you explicitly require cryptographically secure authentication
of consent, you are doomed, and I can't believe that we will force
such a mechanism to be used. Specified, fine. Advice on when it's
appropriate to use it, fine. Requiring it's use, not acceptable, IMO.

Of course, the whole idea that you need ever have a PROTOCOL mechanism
for this purpose is really silly. At best you have some requirement
about consent that uses words like "mandatory to implement", but it's
all one sided -- the consent mechanism is all on the provider side;
the consumer doesn't have anything to do with it. As such, it's
not subject to standardization.

I don't agree that we can have such a requirement, but if we did,
it wouldn't have anything like a protocol message exchange.

Also, we have all kinds of deployment scenarios where it's actually
user specified POLICY that decides whether to release information, not
point-of-use. That brings in other actors.

Do we all have our feet on the ground here? This isn't a protocol.
The spec would have to have words like
                "protocols using this object must define a consent mechanism
            for the provider side which must be specified as
            'mandatory-to-implement'. The mechanism must define a
            user interface element that indicates consent to release
            location information"

Do you REALLY think that is an appropriate specification?
I don't. It's WAY far away from what we usually do.

Brian

> -----Original Message-----
> From: John W Noerenberg II [mailto:jwn2@qualcomm.com]
> Sent: Monday, August 20, 2001 4:23 PM
> To: Rosen, Brian
> Cc: 'Adam Shostack'; Henning Schulzrinne; Randy Bush;
> john.loughney@nokia.com; behcet.sarikaya@usa.alcatel.com;
> geopriv@mail.apps.ietf.org
> Subject: RE: Requirements Document
>
>
> At 4:03 PM -0400 8/20/01, Brian Rosen wrote:
> >No, I think it's acceptable to have some advice to implementers.
> >I think it is unacceptable to have any kind of requirement about
> >notice or consent.
> >
> >We can lead the horse to water....
> >We can specify mechanisms to facilitate...
>
> Yes, there must be mechanisms to facilitate negotiation of consent.
> If the mechanism is required to be used, that puts a burden on
> devices where consent is not required or meaningful to do The Right
> Thing, and, moreover, take the time to exchange the messages.
> However, requiring the mechanism be used doesn't necessarily affect
> the UI or necessarily materially affect the user experience (Brian, I
> have faith in your cleverness).
>
> Requiring the mechanism does mean that revealing location information
> will always be negotiated. Overall, that's a Good Thing.
>
> best,
> --
>
> john noerenberg
> jwn2@qualcomm.com
>
> ----------------------------------------------------------------------
> Perfect authentication would mean that others know for
> certain all the
> facts about you. Happiness comes from others knowing a
> good deal less.
> -- Lawrence Lessig, "Code And Other Laws of Cyberspace", 1999
>
> ----------------------------------------------------------------------
>
Received on Tue Aug 21 09:16:19 2001