On Fri, Feb 29, 2008 at 5:40 PM, Brett Glass <
nnsquad@brettglass.com> wrote:
At 03:09 PM 2/29/2008, Barry Gold wrote:
>Not that it matters. You (collectively) just going to make things worse for yourselves. The more you dig into user's bitstreams, the more people will switch to IPSec, https, and other encrypted schemes.
The only motivation for doing this would be that one is violating his agreement with his ISP and wants to conceal it. ISPs will also be able to infer what is being done by the quantity of the traffic and the behavior of the node. And they'll throttle and block it for the sake of their honest customers, who -- thankfully -- are the majority.
>but what's really going to affect things are the behaviors of Comcast, Time Warner, and a couple of other big players.
Brett, I don't think you seriously believe what you are saying. The only reason to use encryption is to violate a TOS and hide from the ISP? Fortunately, I use a bigger player as an ISP, and it most definitely is not in the TOS. I suspect others on this list, including myself, are required to use encryption when connecting to any systems at work. My company went so far as to contact all of the local ISPs and sign a MOU with them stating that no matter what, we have the right to use encrypted sessions, and the ISP would not interfere with that traffic. What you have in your TOS, is of course your right, but you have have my ssh session when you pry it from my cold, dead fingers.
>If they decide to start adding advertisements to people's webpages, everything will go to https because Google doesn't want other people putting ads on (or above) their webpages,
Whether those ads appear is between the ISP and the customer. It's none of Google's business.
I disagree. Google has a copyright on their web pages. While it has yet to be challenged in court, I suspect using Google content (as an example), (hijacking a google page for displaying ISP messages) could violate the copyright. I suspect a fair use defense wouldn't work. Time will tell what the courts say.
>and neither does any other major commercial site. And if they persist in resetting P2P sessions, everything will go to IPsec.
No. The miscreants will go to IPSec and thus will become easier to identify.
So anyone using IPsec is a target? You won't allow anyone the use of a VPN either? You can't see the inherent legitimate use of IPsec? This is getting ridiculous. There are good reasons for all these protocols, not just hiding p2p. The federal government is required to use encryption now, as is all the Fortune 500 companies that I know. Heck, I can't even fill out my timesheet without accessing a https VPN, and using a https session tunneled within that. Encryption, isn't not just for p2p anymore.