[arch-d] Fwd: New Version Notification for draft-iab-for-the-users-01.txt
Guntur Wiseno Putra <gsenopu@gmail.com> Fri, 13 December 2019 13:19 UTC
Return-Path: <gsenopu@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210E812003F for <architecture-discuss@ietfa.amsl.com>; Fri, 13 Dec 2019 05:19:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bc_Bu36M812u for <architecture-discuss@ietfa.amsl.com>; Fri, 13 Dec 2019 05:19:50 -0800 (PST)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873C112081A for <architecture-discuss@ietf.org>; Fri, 13 Dec 2019 05:19:50 -0800 (PST)
Received: by mail-ot1-x333.google.com with SMTP id p8so6438639oth.10 for <architecture-discuss@ietf.org>; Fri, 13 Dec 2019 05:19:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EMV62/TPS8bpjFueBYzFrNdLwBFdmbUkRLOfLVuqHRA=; b=huQvpNU0aeNiWNLZs8KHUGke0vegnQBCA6Pry6rtVkgQGFvCGqMDOZ9Ww+NLiBqpLI rZk5tKEzf3NrlB65+hEnQYoWJVVIzgnlneZU9ZcaBrB0r/6OuAj57AsPq/BVYcIVnk7J iaR2H/JydLr/t0HIQ7lUGhgXCNm5haD9TUkYSOeKwQUSSSd5prCU5zS+Si4QCLiJ6ENM ON/aBgDFQ6Py3EJ8spxGfJaWUhluoTZl0R9psfbelVA+HA5qTKwGyVSCGVmVsF8Hc2JW qpQn7TUYBtbC235ujoNiJMhzRbex6AvO8siOa4SiLd1k/vHkrGK1eYnmgdaklB2X5ky7 Cj6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EMV62/TPS8bpjFueBYzFrNdLwBFdmbUkRLOfLVuqHRA=; b=MyFHqKY0/t8npmXBhmyytc5MEFHaHzMKg41oBT/4rrAYC89ejsLHxva7xjKoZ6iVE7 kOEpT7C1KisnyDcMnDg0GYKwt+zH3rp8IqjkjvZj3cRWriXjgGrbndBcNoU+WSLgN6/U 3shdrRPDKqjtPmnIHuF5Pm/WJ2pCqJrQtdDXamluxIMNhPvrhDyGfIK+EVmE3NCq8nRS PF/y/oi+ZX7uTAYnuRk5D3NLd5juCjMvmVnE5RxptAGZf9KdfqBmeIaldY8z6UKFdpl7 0OEtX9/YvIxSF/MXa3eh/fOTnSqEaseEBlVr4YGMUyOHrumCZ9+0takSmyL+vkZ3tlxI YG9Q==
X-Gm-Message-State: APjAAAWILFJvcMAsGS0gytIt6ajGjNaxghrtGO0IPIGnYoZHMVgBmy0f SoGYL/Z1iwCCDKvJEfFLVQjdwM0o6Mh+YvBtRA0=
X-Google-Smtp-Source: APXvYqwFM7v56uSuWqX945a6DOPnmRMIL2fD4uVDxB8lK0MH6YoE+x3UUCec+eYKu14umIj5+ZcQW5Js9bTfDOjstxE=
X-Received: by 2002:a9d:6654:: with SMTP id q20mr14344811otm.284.1576243189858; Fri, 13 Dec 2019 05:19:49 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6830:1155:0:0:0:0 with HTTP; Fri, 13 Dec 2019 05:19:49 -0800 (PST)
In-Reply-To: <31473650-0872-4EFE-A99C-E3DD4CDBC700@cisco.com>
References: <157403781873.6404.6154827441040413193.idtracker@ietfa.amsl.com> <01246A3C-31EC-4B7B-841D-F799EEFADCB8@mnot.net> <227662299.12784.1575991106819@appsuite-gw2.open-xchange.com> <C74D5288-709B-46E3-B9F9-4FDE0234C451@fugue.com> <429195684.13066.1575996064551@appsuite-gw2.open-xchange.com> <0C729385-1361-460C-9C16-E1BE1680A3E6@fugue.com> <1100636076.15285.1576072588087@appsuite-gw2.open-xchange.com> <4A034991-E5C8-4797-B6BF-9484BB2FA614@fugue.com> <31473650-0872-4EFE-A99C-E3DD4CDBC700@cisco.com>
From: Guntur Wiseno Putra <gsenopu@gmail.com>
Date: Fri, 13 Dec 2019 20:19:49 +0700
Message-ID: <CAKi_AEsREJzF9yNVgfts-dBjOrSXR=emh_Y7rRNoPzp84X_cHQ@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Ted Lemon <mellon@fugue.com>, "hrpc@irtf.org" <hrpc@irtf.org>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000694485059995b779"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/016_2Hk3xVCIT7o3p9gqLCERK6U>
Subject: [arch-d] Fwd: New Version Notification for draft-iab-for-the-users-01.txt
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2019 13:19:54 -0000
Dear Eliot, architecture-discuss & others (hrpc@irtf.org & Ted), Would it be about "User-Focused System" (sec. 4.2) or "Positive User Outcomes" (sec. 4.3)...? It comes to mind that Internet is about human experiences with such communication platform enabled by networks of computers: men learn and learn on what they do: experiences are about things interesting, about creativities --and thus evolutions, innovations of technologies supporting. There are networks of interests/intentions of users' & architects' being impulses of evolutions... It was examplified by IETF's concerns on evolution ( among others mentioned in Mark' reference for the draft: RFC 3724 on "evolution"); another is how the Web's inventor T. Berners-Lee contemplated its "evolvability" ( https://www.w3.org/DesignIssues/Evolution.html). Citing a paragraph I sent to public-xformsusers@w3.org with an emphasis on networks of interests of users' and architects': "For the Internet and the Web, thus networks of computer-based communications and informations --at least considering the Web goals of interoperbility and evolvability/evolution if they are still so while if it has not been changed evolution is a main concern of Internet engineers--, there would supposedly be networks of applications supported by languages: and there would also be those of intentions/interests of users' and architects'... Is'nt it so..."? Few other paragraphs of the post could be seen at https://lists.w3.org/Archives/Public/public-xformsusers/2019Dec/0018.html Regard, Guntur Wiseno Putra Pada Jumat, 13 Desember 2019, Eliot Lear <lear@cisco.com> menulis: > Hi Ted, Vittorio, and others, > > I am attempting to consolidate this thread with any discussion that might > take place on architecture-discuss (thus the CC), in large part because > this isn’t simply related to human rights, as we generally think of them. > I apologize for the length of this note. > > &TLDR; the draft needs to go a little slower on recommendations, and > should focus more on raising the issues for discussion within our > community, which are complex, as I will get into below. > > Mark and the IAB have taken on a very difficult task, which is to > establish some sort of priority for end users. The dialog in the draft has > shifted over time, and it is often difficult to understand precisely what > the practical implications of the recommendations are intended to be. In > the latest revision, Section 4 is expanded to really delve into the nature > of harm, and how we should consider harm. But there are few examples, > leading to a point where it is difficult to understand the implications of > what is being said. I do like the economic incentive discussion, but I’m > not sure whether it is broadly applicable. That should get developed a bit > more. > > It concerns me that Paul Wouters can take from this document that somehow > enterprises do not address end user interests. The example I always give > is that of a business who has a regulatory requirement to avoid leaking > PII. There are all sorts of toolsets that MITM communications in order to > *protect* the privacy of account holders. I think it would be useful for > the draft to address this example as a bit of a case study. One can > reasonably argue that an explicit proxy mechanism on at least one side of a > communication provides for this, but it begins to encroach on the so-called > “end-to-end” views (I put that in quotes because the end-to-end model is > often misused in these sorts of discussions). > > I really like the comparison between the web and IoT. I would go further: > some of the very same technology that is used to protect users on the web > may in fact be harmful to users when employed by IoT. I’ll expand on this > below. > > The most difficult part of the draft remains who gets to decide what is in > the interest of end users. IMHO whether it’s governments, NGOs, or > whoever, there is no way anyone can claim that mantel. The best we have is > rough consensus and running code, guided by whatever input participants > bring to the table. > > I would suggest that the IAB go a bit slower with recommendations, and > focus more on discussion, which is quite valuable. It’s okay not to have > all the answers, but it may be just a bit too early to make strong > recommendation to the IETF because we do not yet see the whole board. I > could definitely see this document being revised in an almost bi-annual > basis, given how fast the state of the art is moving. > > Please see below for more: > > > On 11 Dec 2019, at 18:03, Ted Lemon <mellon@fugue.com> wrote: > > > So e.g. if we were to abandon the end-to-end principle, or advocate > blocking protocols by default, that would be against the user’s interests. > If we were to advocate censorship, that would be against the users’ > interests. This is clear, because an act of censorship necessarily > implies that something the user wanted to do, the user can’t do. That’s > acting against the user’s interests. > > > As we apply these principles, one person’s censorship is another person’s > privacy control, as I discussed above and will again below, depending on > how specific mechanisms are deployed. > > Another example of the user’s interest is the user’s interest in privacy. > You will not find a user out there who doesn’t care about their own > privacy. > > > Professor Serge Egelman at ICSI has delved deeply into this, and what he > has found is that people are easily willing to trade off privacy for > convenience, and we know this to be the case with the Amazon Echo. But > they are quite a bit more reticent when they learn that most processing > goes on in the cloud, or that other people are listening, or when it is > their children or guests that are being recorded. . This has ramifications > for the IETF in as much as our mechanisms are used to enable end-to-end > communication between Amazon and the home. OTOH, exactly how much > information a service keeps once they have it is not something this > organization can impact. > > Complicating matters, privacy cannot be the only concern. Let’s say that > a law was passed that required some local processing to address privacy > concerns. No matter how you slice it, that harms the environment, > requiring more power usage, more memory, and more CPU, that eventually > generates more e-Waste. If you missed that, it’s an argument in favor of > end-to-end encryption, but against privacy protections in our protocol > suite. > > Looking at an industrial IOT example, the user may not be typing on the > interface that controls electrical power or manages a dam, but this may > have far more impact to individuals than their information being captured > by hackers. How does auditing occur when we cannot reasonably trust that > an end device is secure? The draft seems to recognize this challenge, > but I’m not sure that’s reflected in recommendations. And to just add fuel > to the dumpster fire, there is plenty of PII mixed in at certain points in > some industrial environments. > > Given the above examples, one could reasonably argue that we should be > developing 3rd party authorization models for encryption to protect both > safety and privacy. But if we do so, would that cause more harm than good > when dealing with bad actor governments? I can’t answer that, and anyone > who can is demonstrating hubris. The draft can be misinterpreted, I think, > to say, “if one person benefits and another person is harmed, then do > nothing”. Lives are put at risk either way, and while looking at the whole > board is hard, we have a responsibility to do so to produce least harm, > assuming we are well suited to even make a call. > > You may find users who would like to violate other user’s [sic] privacy, > > > I hope you will be pleased to learn that at least some research (not just > Egelman’s) shows that people generally don’t like doing this, and in fact > they won’t sell off other people’s information. On the other hand, you and > I have a mutual friend who got royally miffed when I drop shipped to him a > gift off of the web. That showed my ignorance at the time that there was > even a privacy concern to be had. And so it is not a matter of liking or > not liking but understanding when that violation is occurring. Your point > about transparency is very apt, although the use of “online service > provider” can be ambiguously interpreted: when we got into this, people in > this organization viewed telcos as a big threat. The world has *really* changed > since then, no? > > Eliot >
- [arch-d] Fwd: New Version Notification for draft-… Mark Nottingham
- Re: [arch-d] [hrpc] New Version Notification for … Eliot Lear
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- Re: [arch-d] [hrpc] New Version Notification for … Paul Wouters
- Re: [arch-d] [hrpc] New Version Notification for … Eliot Lear
- Re: [arch-d] New Version Notification for draft-i… S Moonesamy
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra
- Re: [arch-d] Fwd: New Version Notification for dr… S Moonesamy
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- Re: [arch-d] New Version Notification for draft-i… Mark Nottingham
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- Re: [arch-d] New Version Notification for draft-i… S Moonesamy
- Re: [arch-d] New Version Notification for draft-i… Mark Nottingham
- Re: [arch-d] New Version Notification for draft-i… Eliot Lear
- Re: [arch-d] New Version Notification for draft-i… Mark Nottingham
- Re: [arch-d] New Version Notification for draft-i… S Moonesamy
- Re: [arch-d] New Version Notification for draft-i… Vittorio Bertola
- Re: [arch-d] New Version Notification for draft-i… Mark Nottingham
- Re: [arch-d] New Version Notification for draft-i… S Moonesamy
- [arch-d] Fwd: New Version Notification for draft-… Guntur Wiseno Putra
- Re: [arch-d] Fwd: New Version Notification for dr… S Moonesamy
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra
- Re: [arch-d] Fwd: New Version Notification for dr… S Moonesamy
- Re: [arch-d] Fwd: New Version Notification for dr… Guntur Wiseno Putra