Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution
John C Klensin <john-ietf@jck.com> Tue, 28 January 2020 16:20 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E411D120A14; Tue, 28 Jan 2020 08:20:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdvSTlfS1Jyp; Tue, 28 Jan 2020 08:20:53 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0055120A06; Tue, 28 Jan 2020 08:20:53 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1iwTbe-000Ico-Hz; Tue, 28 Jan 2020 11:20:50 -0500
Date: Tue, 28 Jan 2020 11:20:45 -0500
From: John C Klensin <john-ietf@jck.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Eliot Lear <lear=40cisco.com@dmarc.ietf.org>
cc: architecture-discuss@ietf.org, model-t@iab.org
Message-ID: <78E09CC1706F7D66D5F8DE1E@PSB>
In-Reply-To: <66867749-85fd-8c1e-16b5-b261239a9ba3@joelhalpern.com>
References: <E2D709DC-DD01-4946-B2F1-7EE0E101DEF0@piuha.net> <dff1c31e-44d4-6045-aaeb-03ac1e855200@gmail.com> <CABcZeBOYsP+SBNdLqc-wmyJAs1A+hvWbKud_XfvDgi9zJVMD+w@mail.gmail.com> <CA+9kkMDFm7nboqQY2OjNvmcWxs_30d_5NtBv8Nd1eLBnWKBaBw@mail.gmail.c om> <6a1a019b-8666-269c-56ca-ebae4b69e9e8@huitema.net> <C7FDAD8F-D66A-4618-9F87-B1BB9CEA191B@cisco.com> <CABcZeBPKFEEDqQEGXZAD87n5cCsA75+uMGp-brq0JXBoW91LjQ@mail.gmail.com> <96A32815-C313-4C08-90FF-DDAFAD591287@cisco.com> <CACsn0ck9PDAOhZrbBZ7e4UVU7eNiSgrfVO7JL9zaYaX3if2WVw@mail.gmail.com> <DCE750AF-6439-4961-A4DA-ED855807F68E@cisco.com> <66867749-85fd-8c1e-16b5-b261239a9ba3@joelhalpern.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/rA6YwyT0GZJ0_iF50fMK2ffduPE>
Subject: Re: [arch-d] [Model-t] Possible new IAB program on Internet trust model evolution
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 16:20:56 -0000
--On Tuesday, January 28, 2020 10:16 -0500 "Joel M. Halpern" <jmh@joelhalpern.com> wrote: > I am a bit concerned by the emphasis on what appear to be > application policy, business policy, or government policy. To > the degree that these are decoupled from the technology we > define, my impression is that the IETF is neither skilled at > nor influential with regard to these topics. We can spend a > lot of time and energy on them. They are interesting topics. > But are they really our business? Joel, I've been trying, not very successfully, to follow this very lively discussion, but two observations which I hope are not out of context: (1) I think that "neither skilled nor influential ... [and therefore] not our business" leads us down a path whose destination is irrelevancy. Even for link encryption (and perhaps more so when the scope is broadened), we should probably recognize that mounting pressures from law enforcement (both associated with governments some of us like if they like any governments at all and those they don't like or who are viewed with more suspicion) could easily lead to regulations for government access to keys or other backdoors or even to outright bans on public use of cryptography. Even noting that arguments from the technical community had major influence on killing the Clipper Chip effort and that making those arguments was very far from "not our business", it seems to me that good engineering requires that we not put our heads in the sand and pretend that the world is different then it actually is or might be becoming when we design protocols. In particular, that may mean that, in some places, we should be writing specifications less in terms of "if you want to have privacy, you MUST do X" and more in terms of "...SHOULD do X unless that is not feasible but, if it isn't, then the fallback approach SHOULD include Y and Z". In the real world, "feasible" may include political of other constraints, not just constraints imposed by physics. We may not always be able to figure out good alternatives to our preferred recommendations, but I suggest that making a balanced and good faith effort to understand the problems and the environments in which we expect our protocols will be used will lead to better design even when we don't have good solutions. Or, to put it more negatively, if we fail to understand and try to account for those environments, we risk being put in a position in which _we_ are the ones responsible for Internet fragmentation and/or for protocol work moving to bodies other than the IETF because regulators make conforming implementations of IETF protocols illegal or commercial firms discover that conforming implementations cannot be developed and sold. (2) If I correctly understand the issues that Eliot, Watson, and Kathleen are exploring, the key involves the rather classic security issues of authorization and authentication --who should have access to particular information and how do we tell they are who they claim to be? In a way, maintaining and enforcing a non-trivial list of authorized parties but keeping everyone and everything else out (the example of some doctors and the patients themselves is very helpful for thinking about this) is a lot harder than keeping everyone out except those who control the endpoints (whatever that means). But most of that problem is technical and, if we don't have the expertise (I'm tempted to say "any more") that is a problem for us. In both cases, it seems to me that an IAB Program (or at least one or more serious workshops) are exactly the right model for addressing these problems for at least two reasons: The IAB is in a much better position than, say, an IETF WG, to recruit specific expertise to cover perspectives and areas of expertise that are not widely available in the IETF. It is also perfectly reasonable for such a program to produce recommendations about issues that need to be considered even if they have no good solutions or even if they are convinced that there are no solutions out there. I can only hope that the IAB will hold itself to a very high standard of including multiple perspectives (even perspectives with which IAB members and their perception of IETF consensus are in significant disagreement) and a broad range of expertise in the Program and that the community will hold the IAB accountable if they do not. If the way the IAB were to recruit Program members involved asking for volunteers from within the IETF community and then further narrowing the Program's perspective by selecting people from among those volunteers who agreed with the IAB's own views, the Program would likely be a waste of time or worse. john
- [arch-d] Possible new IAB program on Internet tru… Jari Arkko
- Re: [arch-d] [Model-t] Possible new IAB program o… Joachim Fabini
- Re: [arch-d] Possible new IAB program on Internet… Brian E Carpenter
- Re: [arch-d] [Model-t] Possible new IAB program o… Eric Rescorla
- Re: [arch-d] [Model-t] Possible new IAB program o… Stephen Farrell
- Re: [arch-d] [Model-t] Possible new IAB program o… Eliot Lear
- Re: [arch-d] [Model-t] Possible new IAB program o… Ted Hardie
- Re: [arch-d] [Model-t] Possible new IAB program o… Bernard Aboba
- Re: [arch-d] [Model-t] Possible new IAB program o… Christian Huitema
- Re: [arch-d] [Model-t] Possible new IAB program o… Eliot Lear
- Re: [arch-d] [Model-t] Possible new IAB program o… Eric Rescorla
- Re: [arch-d] [Model-t] Possible new IAB program o… Eliot Lear
- Re: [arch-d] Possible new IAB program on Internet… Guntur Wiseno Putra
- Re: [arch-d] [Model-t] Possible new IAB program o… Vittorio Bertola
- [arch-d] Yes, building blocks ; -) Re: not buildi… Eliot Lear
- Re: [arch-d] [Model-t] Possible new IAB program o… Kathleen Moriarty
- Re: [arch-d] [Model-t] Possible new IAB program o… Joel M. Halpern
- Re: [arch-d] [Model-t] Possible new IAB program o… John C Klensin
- Re: [arch-d] [Model-t] Possible new IAB program o… Kathleen Moriarty
- Re: [arch-d] [Model-t] Possible new IAB program o… Brian E Carpenter
- Re: [arch-d] not building blocks (was: Re: [Model… Toerless Eckert
- Re: [arch-d] [Model-t] Possible new IAB program o… Stephen Farrell
- Re: [arch-d] not building blocks (was: Re: [Model… Eliot Lear
- Re: [arch-d] not building blocks (was: Re: [Model… Stephen Farrell
- Re: [arch-d] not building blocks (was: Re: [Model… Stephen Farrell
- Re: [arch-d] [Model-t] Possible new IAB program o… S Moonesamy
- Re: [arch-d] [Model-t] Possible new IAB program o… Kathleen Moriarty
- Re: [arch-d] [Model-t] Possible new IAB program o… Bernard Aboba
- Re: [arch-d] Possible new IAB program on Internet… Toerless Eckert
- Re: [arch-d] [Model-t] Possible new IAB program o… Watson Ladd
- Re: [arch-d] [Model-t] Possible new IAB program o… Eliot Lear
- Re: [arch-d] Possible new IAB program on Internet… Jari Arkko
- Re: [arch-d] [Model-t] Possible new IAB program o… Jari Arkko
- Re: [arch-d] [Model-t] Possible new IAB program o… Toerless Eckert
- Re: [arch-d] [Model-t] Possible new IAB program o… Robin Wilton
- Re: [arch-d] Possible new IAB program on Internet… Guntur Wiseno Putra
- Re: [arch-d] [Model-t] Possible new IAB program o… Eliot Lear
- Re: [arch-d] Possible new IAB program on Internet… Guntur Wiseno Putra
- Re: [arch-d] Possible new IAB program on Internet… Eric Rescorla
- Re: [arch-d] Possible new IAB program on Internet… Guntur Wiseno Putra