On Apr 16, 16:22, Steve Reid wrote:

Security classification and "decent/indecent" ratings are rather different, IMHO. With security, the author of the data has to decide the best rating for his/her own security. With decent/indecent filtering, the author has to decide what is best for _other_people_. I suppose it's not as bad as that with the third-party ratings in PICS, but there will still be inconsistancies.

"As bad"?!? Actually, it's a good deal worse. See below.

The main reason I think decent/indecent filtering should be done at the application level is, if they create a ratings system and later decide that they've screwed up and another system would be better (which is quite possible, if you understand the previous paragraph), all that's really required is re-writing the application software. OTOH, if they did it at the transport layer and later decided to switch to something else, they would have to change the protocol, which is very difficult. And, depending on the changes, they may have to re-write the apps again anyways.

Also, at the application layer, ANYONE could create their own ratings system, and the market could decide which is best. (The downside of that is that there would be nonstandardized chaos for a while).

Well good. Better nonstandardized chaos than a single, arbitrarily defined and applied system. (Ref: "Parental Advisory" stickers, which were IMHO totally useless, and a doomed concept from the start.) I think that if there's going to be ratings, better to have lots of different organizations reflecting different tastes and mores than one organization reflecting political pressures and prejudices. (No real crypto relevance in the concept per say, but perhaps in the application (as Bill pointed out with the PICS excerpt).) -H