[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocols at the Point of a Gun



Steve Reid writes:
>Really, the apropriate place for content filtering is at the application 
>layer. It *could* be done at the transport layer, but that's really not 
>the place for it.

Izzat so?  So explain to me what the difference between the PICS type
ratings and security classifications is.  If something is labelled "Top
Secret" with some compartments, it means "do not deliver this to a
principal which hasn't been authorized to receive it".  If something is
labelled "Not suitable for minors", it means "do not deliver this to a
minor".  "Age of majority" is really no different than a security
clearance to receive certain information in the CDA context.

Clearly the IETF believed that the network layer was an appropriate
place for general classification when they developed IPv4.  I haven't
verified it, but I suspect that IPv6 has (or will have) an appropriate
mechanism for indicating security classification.  The identical
mechanism may be used for packet labelling, with the broad
classification indicating the distinctions between "G", "PG", "PG-13",
"R", and "NC-17", and the compartments available for such things as
"violence", "nudity", "adult language", "sexual content",
"advertising", and so forth.

>Analogy: It would be like putting a license plate on the engine of a car. 
>It *could* be done that way, if you redesign the car so that the engine
>protrudes out from the back with a place for the license plate (let the
>technical people handle the technical details of that). But the best place
>for a license plate is on the outside body of the car, and the best place
>for content filtering is at the application layer. 

Of course, putting it at the application layer is like requiring that
every driver create his own license plate and hold it out the window
while driving.