[ih] [IP] EFF calls for signatures from Internet Engineers against censorship

Wed Dec 21 17:03:52 PST 2011

since this thread isn't about internet history i think i'll stop posting
beyond this note.

On 12/21/2011 10:18 PM, John Curran wrote:
> On Dec 21, 2011, at 10:44 AM, Paul Vixie wrote:
>
>>
>> I think you'd be wrong to support such a bill, whose positive impact
>> could never be more than to signify the government's displeasure toward
>> a certain kind of content -- it would not protect children from this
>> kind of abuse -- whereas its negative impacts would be far reaching. See:
>>
>> http://thehill.com/blogs/congress-blog/technology/199435-mandates-cant-alter-facts
> Paul - 
>  
>   ... I received numerous orders when
>   running two nationwide ISPs to take action with respect to child
>   porn, and while the due process was rather expeditious and there
>   were occasions of mistakes and compensated parties, I never had
>   any regret in acting on the orders nor do I expect did any of the
>   folks in law enforcement.

nor did i in the years i ran AS6461. but that's not the point.

>  ... and if pursuit of the culprits requires alteration
>   or blocking of DNS, in most states one can face being charged as 
>   an accessory for failure to act in preventing its distribution.

dns blocking isn't about pursuit of culprits, so, that's not the point
either.

>   We should not meddle in the Internet infrastructure (DNS and IP 
>   service) for routine commercial disputes but in my view that's 
>   irrelevant when it comes to prosecution for this crime of great 
>   harm to innocent victims. Luckily, the existing statutes are 
>   already more than sufficient, and can shutdown everything from
>   any communications service to a container ship or Fedex hub if 
>   that is what it takes to get the job done.

no objections from me to any of that.

>   We need to keep in mind that some folks view the business and
>   economic impact from copyright violators with similar priority, 
>   and that any perceived technical limitations that we assert are
>   going to be quickly dismissed as irrelevant.  This will continue 
>   unless/until we can move the discussion in another direction (such 
>   as requiring more international law enforcement cooperation)

my point in revisiting this thread twice now is just to say, mandated
dns blocking is not an effective method of  halting the distribution of
objectionable materials (whether child abuse materials, or stolen
copyrighted material, or sale of brand infringing material). it will not
be effective, on its best day. but a law requiring it be done, and the
infrastructure necessary to implement such a law, would completely
change the assumptions that a DNSSEC initiator (such as an
edge-validating browser using DANE to authenticate a self-signed X.509
cert) must be able to make when faced with a missing or invalid
signature. as you (john) know, the error path is paramount in all
security work.

no good, and much harm, is what would come from mandated DNS filtering
at the ISP level. that fact remains no matter whether the domain being
blocked is doing web service for child abuse materials, or anything
else. there are no corner cases here. the facts remain no matter what
the content is and no matter what the law is.

i apologize to those i've annoyed by continuing this non-history thread.
i will respond only 1x1 from now forward, unless it's an on-topic thread.

paul