Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines-02.txt

[Gurshabad Grover <gurshabad@cis-india.org>]

Thanks a lot for the review!

I think the new version incorporates all the suggestions. If you'd like
to track something specific, please find in-line comments below.

On 28/03/19 1:15 PM, Joseph Lorenzo Hall wrote:
>       o
>         3.2: "Currently three five methods"

Fixed.

>       o
>         3.2.2, could be clearer: "seeking to understand how it might
>         provide a different ordering of the network or society."

Rephrased to "When reviewing an Internet-Draft, specific human rights
impacts might become apparent by doing a close reading of the draft and
seeking to understand how it might affect networks or society."

>       o
>         3.3.5, internet doesn't want anything: "If the Internet wants to
>         be a global network of networks, the protocols should work with
>         languages apart from English and character sets apart from Latin
>         characters."

Changed to "If IETF wants the Internet to be a global network of networks"

>       o
>         3.3.6, double reference: "[RFC4941] This is why Privacy
>         Extensions for Stateless Address Autoconfiguration in IPv6 have
>         been introduced. [RFC4941]"

Removed the first instance of the reference.

>       o
>         3.3.6, I would reorder those questions

Done, hope it reads better now.

>       o
>         3.3.8, the example seems unfinished?

That particular line is from RFC1958. It does feel a bit awkward. Not
sure what the original intent was in RFC1958, but have changed it to
"most complex such as commit protocols for distributed databases." Hope
that works.

>       o
>         3.3.10, talks about "the internet" like "hip hop" (throughout
>         the document, but especially apparent here)

Fixed by rephrasing to "The Internet should be designed [...]"

>       o
>         3.3.14, is this referring to encrypted intermediate storage? "or
>         the implementation uses an encrypted store"

Seems like it. This particular line is from RFC7624.

>       o
>         3.3.15, how is the difference here between accuracy and
>         consistency being thought out? Does consistency have a
>         temporal/stateful aspect? "Does your protocol maintain, assure
>         and/or verify the accuracy of payload data? Does your protocol
>         maintain and assure the consistency of data?"

Removed the second question; changed to "integrity" in each instance.

>       o
>         3.3.15, the MITM description should probably be improved and
>         bulleted? Should it hint at inactive MITM and should we call it
>         something other than "man"?

Right, thanks. Changed it to "on-path attacker" as
draft-knodel-terminology-01 suggests.

>       o
>         3.3.16, "man-in-the-middle-attacks" -> "man-in-the-middle
>         attacks"

Removed that phrase.

>       o
>         3.3.16, "Bob can see the data did not come from Alice but from
>         Corinne." remove "but by Corinne" as that may not be true.

Fixed.

>       o
>         3.3.16, what about non-authenticity or knowing when to not ask
>         for evidence of authenticity? E.g., attestation of hardware
>         security devices like yubikeys may lock out people who use a
>         different brand (Vanguard or Fidelity does this now).

Good point. Have added this to the Explanation: "At the same time,
authentication should not be used as a way to prevent heterogeneity
support, as is often done for vendor lock-in or digital rights
management." Please let me know if you would like any changes here, or
know papers/documents that act as good references to read about this
problem (great if in the IETF context).

>       o
>         3.3.18, impacts bullet list broken

Fixed.

>       o
>         3.3.19, typo "Does you protocol"

Fixed.

>       o
>         5, looks like this should be a bullet list? 
> 

Fixed.

Thank you.
-GG.