On July 25, 2023 5:28 PM Lucas Pardue <lucaspardue.2...@gmail.com> wrote:
* On Tue, 25 Jul 2023, 14:15 Border, John, <john.bor...@hughes.com<mailto:john.bor...@hughes.com>> wrote: I guess I may have a different view of who an end user is. For example, I see the people working in a bank as end users. But, I realize that this has never been the general view. * Workers in a bank are end users with specific needs, that of both the individual and their employer. In designing their systems of access, an employer might need certain forms of visibility but also certain kinds of security assurance. The conflict arises where a stakeholder that is neither the employee or employer might wish to create an architecture or deployment that suits their own needs (such as revealing information that would otherwise be private in order to achieve some goal) without accommodating the end user needs. That’s right. Per RFC 8890, the philosophy is to identify all possible users and focus on minimizing the harm to those who are worst off. If no one is reasonably worse off, helping bank employees is a great goal. Applications signaling information to the network are not a problem, as long as the users are given a reasonable choice to signal or not to signal without suffering severe consequences if they chose privacy. In a corporate environment, the bank owns endpoints (laptops, phones), so those can run whatever software is required for the bank’s security and compliance purposes. If those devices need to be interoperate only with the corporate networks (instead of the Internet), this can be done outside of QUIC (or in QUIC in the context of QUIC LB). - Igor