Protocols at the Point of a Gun

[Henry Huang]

On Apr 16, 16:22, Steve Reid wrote:
> Security classification and "decent/indecent" ratings are rather
> different, IMHO. With security, the author of the data has to decide the
> best rating for his/her own security. With decent/indecent filtering, the
> author has to decide what is best for _other_people_. I suppose it's not 
> as bad as that with the third-party ratings in PICS, but there will still 
> be inconsistancies.

"As bad"?!?  Actually, it's a good deal worse.  See below.

> The main reason I think decent/indecent filtering should be done at the
> application level is, if they create a ratings system and later decide
> that they've screwed up and another system would be better (which is quite
> possible, if you understand the previous paragraph), all that's really
> required is re-writing the application software. OTOH, if they did it at
> the transport layer and later decided to switch to something else, they
> would have to change the protocol, which is very difficult. And, depending
> on the changes, they may have to re-write the apps again anyways. 
> 
> Also, at the application layer, ANYONE could create their own ratings
> system, and the market could decide which is best. (The downside of that 
> is that there would be nonstandardized chaos for a while).

Well good.  Better nonstandardized chaos than a single, arbitrarily
defined and applied system.  (Ref: "Parental Advisory" stickers, which
were IMHO totally useless, and a doomed concept from the start.)

I think that if there's going to be ratings, better to have lots of
different organizations reflecting different tastes and mores than
one organization reflecting political pressures and prejudices.

(No real crypto relevance in the concept per say, but perhaps in
the application (as Bill pointed out with the PICS excerpt).)

-H