Re: [arch-d] Possible new IAB program on Internet trust model evolution

Guntur Wiseno Putra <> Thu, 30 January 2020 04:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8560512006B for <>; Wed, 29 Jan 2020 20:42:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Xo2tv-K24G4V for <>; Wed, 29 Jan 2020 20:42:13 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0D9D012006E for <>; Wed, 29 Jan 2020 20:42:13 -0800 (PST)
Received: by with SMTP id q81so2300253oig.0 for <>; Wed, 29 Jan 2020 20:42:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OJqZacWtpuJza1KTqLi0ZSy1hP2aitzufnhGbBOyWFk=; b=dHa2rSa40szLrn+sBAJ4zyp86cYqSEjlnH8YQeL6o83DkwdlSX4iDUorLNoRdcZDLH mU3aTUqOZm2B4jPa6QjhhX0hbkRrFczV60BiTc2zgTCLv4wY1WSWgpmJp5j+TwkEMiUk rae56Rhyg0uKNZEEMp07pKSjNZDcwOBvDGESFnEjrUBox7J6Tn2ven+79fciNrg+TzBR UUKza72hqBgZrRONsW6pbQglUkKJuApbe4j5g4T9bHU7KI8Dx8Tmd9cakZp16zjdkM5t hx620M8qWBDXi6Eb8uJAm+qEsr3OCuLVgshdBUPUqMIEeOPNI6FU4KfbXSL/fgeNkTtl grzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OJqZacWtpuJza1KTqLi0ZSy1hP2aitzufnhGbBOyWFk=; b=qbajN0//cYYqTzFleRpVUN9Ux/z/rraOPaQj/cg+cRqwn7L6oQHzXvlUiTWeBmgaTD trodOXaA00CNpVc3wroPKzeKvCI6vQ0CLwRDmM5N9GZLewPURV5+nwg7vmCc6Ru3hHuW SLZr1hPvmi8lZO+6Ti17Y03WEGQt45r8vW4CixGcj1/V1s1BTMDMMhLlC2AzfofG9/B2 D82vjBkul47TtrGPeg+7zVCV/xrNQa8Ve1JNx1Tqp1yGS2rLJPBc9TGr8TudvtnLfW4s 7u4qjEFnWrCK+hsTj8yGMs0ZxMCGBtKpzEi7+clkJV2mG5vuuPdOCa7dGEKktIYpS6Sp B0jQ==
X-Gm-Message-State: APjAAAXYIKOP062e3mXzxJjk6bCgoBReHlgMNG8ALyyoGQlVCsSnXQjc wUioVXGGg0vYbzQiEavfxSrR36Ff4F2QPrHzjV8=
X-Google-Smtp-Source: APXvYqzQBrKyyjFqOr+jS6qNRVd/Hde8CRDpp820mLx+mHuqaZCK1YizVfprAOjtI+CujKIa2RIt6XuJC7n8YVcdHjQ=
X-Received: by 2002:a54:4396:: with SMTP id u22mr1749677oiv.128.1580359332329; Wed, 29 Jan 2020 20:42:12 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6830:1155:0:0:0:0 with HTTP; Wed, 29 Jan 2020 20:42:11 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Guntur Wiseno Putra <>
Date: Thu, 30 Jan 2020 11:42:11 +0700
Message-ID: <>
To: Robin Wilton <>
Cc: Eliot Lear <>, Bernard Aboba <>, Toerless Eckert <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="0000000000009efe48059d541407"
Archived-At: <>
Subject: Re: [arch-d] Possible new IAB program on Internet trust model evolution
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Jan 2020 04:42:15 -0000

Dear Mr. Wilton and architecture-discuss,

"User", "agency", "intentions" and "preferences" and "system": do phrases
made by those words  refer to, exemplified by the Web operation, networks
of languages...?

"The Internet works because of interoperability between different
computers, despite different hardware, operating systems, local language
context, and software supplier. Users of the web sign on to the use of
these languages when they use the Internet".
 (Tim Berners-Lee, "Stack of Specifications" in "Design Issues:
Architectural and Philosophical Points)

That was ever to be part of the discussion:
Re: [arch-d] Fwd: New Version Notification for
draft-iab-for-the-users-01.txt (December 15th 2019) (2)


That to which I so far understand that:
In network societies, an individual/person is a synthesis, or a conflict
domain, of networks of things/languages with/for/to/among which s/he
celebrates/affirmes her/his life/existence...


Guntur Wiseno Putra

Pada Kamis, 30 Januari 2020, Robin Wilton <> menulis:

> Thanks, both. As I read your comments, one phrase kept presenting itself
> to me...
> “user agency”. What is it, in the system, that is giving effect to the
> user’s intention and preferences. I’m not even going to try and guess which
> layer(s) that thing (or those things) reside, at this point, and I entirely
> agree that this is an opportunity to take a few deep breaths and consider
> the problem space.
> Best wishes,
> Robin
> ------------------------------
> *From:* Eliot Lear <>
> *Sent:* Wednesday, January 29, 2020 9:48:32 AM
> *To:* Bernard Aboba <>
> *Cc:* <>rg>;
> <>rg>; Toerless Eckert <>
> *Subject:* Re: [Model-t] [arch-d] Possible new IAB program on Internet
> trust model evolution
> Hi Bernard and thanks for your valuable thoughts.
> On 28 Jan 2020, at 23:50, Bernard Aboba <> wrote:
> Eliot --
> The examples you describe are difficult to capture within
> protocol-specific threat models (RFC 3552) or privacy considerations (RFC
> 6973).  For practicality, those analyses need to maintain a narrow focus,
> yet at the same time we understand that systemic privacy and security
> issues can only be understood when analyzing the system that a protocol is
> embedded in.  As a result, even protocols that successfully address the
> original threat models can be the source of major systemic vulnerabilities.
> For example, we could not have expected the authors of RFC 1945 (HTTP 1.0)
> to have anticipated the security and privacy problems arising from today's
> social media implementations - some of which were discussed during the
> Internet Privacy Workshop summarized in RFC 6462.
> I really cannot say what, if any, protocol changes I would suggest at this
> point to handle some of the cases I mentioned.  Assuming there is interest
> in this approach, I would suggest a bit of a collection and a culling.
> I want to address one related point: Joel doesn’t think the program should
> get up into layer 9 too much, and I would say that it would be necessary to
> do so to figure out where we as a community want to make some Lessiguesque
> law, and when perhaps we need to leave that to others, but see below.
> However, I do think that you're on to something important that is worth
> IAB consideration.
> It strikes me that in a number of the examples you cite the "endpoint" is
> not acting in the interest of the "end user", at least in the sense
> described in draft-iab-for-the-users.  As was noted in Section 4.2:
>    In contrast, the Internet of Things (IoT) has not yet seen the
>    emergence of a natural role for representing the needs of the end
>    user.  Perhaps as a result of this, that ecosystem and its users face
>    serious challenges.
> For example, consider how some of the IoT behavior you describe might be
> handled within a permission model implemented in a browser or a mobile
> device:
> 1. Would a user grant permission to access to camera or microphone?   In
> the example of the device that did not advertise that it contained a
> microphone, presumably, the answer would be "no" (although the microphone
> was not initially enabled so perhaps permission might not have been
> requested).
> 2. Would the user grant permission to access personal information such as
> location?  In the example of the device with embedded trackers, again the
> user would probably not have granted access to location and other data
> (although we know that location can easily be obtained in circumvention of
> browser or mobile device protections).
> Very well put.
> I think that leads us into a bit of futuristic scenario planning about how
> that permission model would work, what the control points are, *then* how
> they interact, etc.  The L9 discussions come in the form, I think, of
> incentive modeling to address the for-the-users point.  But that’s for
> later.  For now, what are the problems?
> To Toerless’ point:
> Yes, i think we can agree that we would like all Internet end-to-end
> transport must not even allow for a misconfigured option to use null
> encryption, but i think when TLS 1.3 was standardized, there should have
> been a better solution than to completely oppress the needs of those
> other use-cases.
> And my suggestion is that we take three steps back before we even go
> there.  Let’s not treat this like an IETF working group, but pause and take
> deep breaths and work the problem space just a bit.
> Eliot