Re: [hrpc] review of draft-irtf-hrpc-research-00
Mallory Knodel <mallory@apc.org> Mon, 10 October 2016 10:57 UTC
Return-Path: <mallory@apc.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 030F01294FC for <hrpc@ietfa.amsl.com>; Mon, 10 Oct 2016 03:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.194
X-Spam-Level:
X-Spam-Status: No, score=-7.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HTkKe8L-5-Qk for <hrpc@ietfa.amsl.com>; Mon, 10 Oct 2016 03:57:46 -0700 (PDT)
Received: from mail.gn.apc.org (mail.gn.apc.org [37.220.108.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2563C129507 for <hrpc@irtf.org>; Mon, 10 Oct 2016 03:57:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.gn.apc.org (Postfix) with ESMTP id EFC312017F1B for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:57:43 +0100 (BST)
X-Virus-Scanned: by amavisd-new at mail.gn.apc.org
Received: from mail.gn.apc.org ([127.0.0.1]) by localhost (mail.gn.apc.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdvSY26cpyKD for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:57:39 +0100 (BST)
Received: from anonymous ([10.254.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mallory) by mail.gn.apc.org (Postfix) with ESMTPSA id EA7B52017EFD for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:57:37 +0100 (BST)
To: hrpc@irtf.org
References: <d8517d0e-ea0e-305f-b478-953282ade5e1@cs.tcd.ie> <bfbdfaa0-390e-be4a-c747-985ed4796f15@article19.org> <57FB42CF.5010008@apc.org> <626501bd-3ce5-fd9a-e6f9-3a911584b953@article19.org> <57FB6ACF.6010902@apc.org> <ea41b871-c70f-3dc4-19fe-06ab5d2c7a4a@article19.org>
From: Mallory Knodel <mallory@apc.org>
Message-ID: <57FB741F.3010803@apc.org>
Date: Mon, 10 Oct 2016 13:57:35 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0
MIME-Version: 1.0
In-Reply-To: <ea41b871-c70f-3dc4-19fe-06ab5d2c7a4a@article19.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="NbhvbKNuw9KDW9J29C6LSRijxR9G6H731"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/1d4-BbJ3qTpBtWXa1lX0LMlbkqQ>
Subject: Re: [hrpc] review of draft-irtf-hrpc-research-00
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "niels@article19.org" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 10:57:57 -0000
Right. On 10/10/16 01:19 PM, Niels ten Oever wrote: > Excellent, but just to make sure everything is going well: I haven't > received any pull request yet. Is that correct? > > Cheers, > > Niels > > Niels ten Oever > Head of Digital > > Article 19 > www.article19.org > > PGP fingerprint 8D9F C567 BEE4 A431 56C4 > 678B 08B5 A0F2 636D 68E9 > > On 10/10/2016 12:17 PM, Mallory Knodel wrote: >> Great, Niels, I'll continue to send my edits via pull requests. At the >> moment, I'm working on a fork via the apcorg Github user. >> >> -Mallory >> >> On 10/10/16 12:24 PM, Niels ten Oever wrote: >>> Hi Mallory, >>> >>> Reviews and proposed edits (in the form of suggestions here on the list >>> and/or as pull request), are very welcome! >>> >>> If you want to focus on the abstract and the introduction that would be >>> great, but of course feel free to look at other sections as well. >>> >>> The latest version can always be found here: >>> >>> https://github.com/nllz/IRTF-HRPC/blob/master/draft-research.md >>> >>> Which is currently the same as: >>> >>> https://tools.ietf.org/html/draft-irtf-hrpc-research-01 >>> >>> Best, >>> >>> Niels >>> >>> Niels ten Oever >>> Head of Digital >>> >>> Article 19 >>> www.article19.org >>> >>> PGP fingerprint 8D9F C567 BEE4 A431 56C4 >>> 678B 08B5 A0F2 636D 68E9 >>> >>> On 10/10/2016 09:27 AM, Mallory Knodel wrote: >>>> Hi all >>>> >>>> I have started to edit via git but perhaps that's no longer helpful at >>>> this stage? I was focussed on the abstract and introductions as those, >>>> at a minimum, should have strong logical arguments that draw the reader >>>> into the longer paper. >>>> >>>> I also fully agree with Stephen about the DDoS section and if nothing >>>> else would be happy to proceed with working on this. >>>> >>>> However, fully aware that work needs to progress and without having been >>>> able to comment up to now I'd like feedback on where in the text my >>>> edits could be most useful. >>>> >>>> -Mallory >>>> >>>> On 09/10/16 07:31 PM, Niels ten Oever wrote: >>>>> Hi Stephen, >>>>> >>>>> Thanks so much for this extremely thorough review. We've responded to >>>>> all your comments and offered some solutions or at least some arguments >>>>> why we did not think it was a problem. Responses inline, and a new >>>>> version can be found here: >>>>> >>>>> https://tools.ietf.org/html/draft-irtf-hrpc-research-01 >>>>> >>>>> On 09/22/2016 02:33 PM, Stephen Farrell wrote: >>>>>> Hiya, >>>>>> >>>>>> I spent a bit of time reviewing this finally. >>>>> We also spent a bit of time coming up with a reply, sorry if it took >>>>> longer than expected (and announced). >>>>> >>>>>> Overall, I think this is a fine piece of work and I look >>>>>> forward to it becoming an RFC. I don't think it's nearly ready >>>>>> yet though, there's a lot to fix. (But see #1 below for a >>>>>> suggested short-cut.) >>>>>> >>>>>> Cheers, >>>>>> S. >>>>>> >>>>>> General, and, I think, important to handle... >>>>>> >>>>>> (1) What kind of consensus are we aiming for here? >>>>>> >>>>>> I'm not sure if this would be better off aiming to be a >>>>>> document that has RG consensus or not. There's a lot of fine >>>>>> text here, but there's also quite a few instances of text for >>>>>> which I think it may be quite hard to establish RG consensus, >>>>>> and where that may take some time and draft iterations. >>>>>> (You'll see some examples in my specific conments.) Clearly, >>>>>> processing the document aiming for RG consensus is an option, >>>>>> and maybe the default option, but I wondered if it'd also be an >>>>>> option to proceed more quickly with this documenting the >>>>>> author's research and opinions/conclusions (and not necessarily >>>>>> RG consensus) and to then later try to extract an updated >>>>>> version of the guidlines/questionnaire into a separate RFC >>>>>> aiming for RG consensus. I'm not arguing strongly for that >>>>>> latter plan but just wanted to ask in case it helps the RG (and >>>>>> Avri who I guess will have the fun of figuring this out:-). >>>>>> >>>>> Up to now we have been able to reach consensus on all points, so let's >>>>> not lower the bar! >>>>> >>>>>> (2) Length and structure for protocol developers. >>>>>> >>>>>> I think this is too long to be very useful for protocol >>>>>> developers. I doubt many of them will wade through 40+ pages >>>>>> to get to the bit that's really aimed at them. (And which >>>>>> pretty much needs a total re-write.) The plan mentioned in #1 >>>>>> might help there I guess but another idea might be to move >>>>>> section 5.3.2 to the front and make a lot of the rest of the >>>>>> text into subsequent explanatory material and/or appendices. >>>>>> >>>>> I think this is actually quite an apt description of the research as it >>>>> has been done. After we managed to get this into a document I think it >>>>> would be great to come up with next steps for 5.3.2, such as bringing it >>>>> into the IETF. >>>>> >>>>> >>>>>> (3) What architecture do you mean? >>>>>> >>>>>> There are 25 lines that mention the term architecture in the >>>>>> draft and I'm not at all sure the term is used to mean the same >>>>>> thing throughout. I'm also not sure that there is an accepted >>>>>> thing that is "the one true Internet architecture" that has >>>>>> IETF consensus but you seem to me to be assuming that there is >>>>>> such a beast. Is this just a language issue or a deep(er) >>>>>> problem? I'm not sure, but eliminating references to the >>>>>> Internet architecture where possible would I think help. See >>>>>> some of the specific comments below, but I'd recommend a pass >>>>>> over the document to check how this term is used as well. (To >>>>>> try head off some lines of debate that might follow from this >>>>>> comment, I do think there are aspects of Internet architecture >>>>>> for which we do have IETF consensus, but I don't think the IETF >>>>>> has consensus on any one way in which to put all those together >>>>>> into something that'd be rightly termed the (or an) Internet >>>>>> architecture. I think RFC1958 section 2.1 supports that >>>>>> position btw.) >>>>>> >>>>> Thank you for pointing this out. By architecture, in this text, we are >>>>> referring to the technical functioning of the Internet – as it pertains >>>>> to the remit of the IETF. Would it be better if the first mention of the >>>>> word architecture came with the following clarification: ‘Internet >>>>> architecture is a catch-all phrase. In order to ensure it does not ring >>>>> hollow we want to clarify what we mean by this term. Our definition is >>>>> partly based on the consensus understanding of the term architecture as >>>>> laid out in RFC RFC1958 section 2.1, which states: ‘Many members of the >>>>> Internet community would argue that there is no architecture, but only a >>>>> tradition, which was not written down for the first 25 years (or at >>>>> least not by the IAB). However, in very general terms, the community >>>>> believes that the goal is connectivity, the tool is the Internet >>>>> Protocol, and the intelligence is end-to-end rather than hidden in the >>>>> network. The current exponential growth of the network seems to show >>>>> that connectivity is its own reward, and is more valuable than any >>>>> individual application such as mail or the World-Wide Web. This >>>>> connectivity requires technical cooperation between service providers, >>>>> and flourishes in the increasingly liberal and competitive commercial >>>>> telecommunications environment. The key to global connectivity is the >>>>> inter-networking layer. The key to exploiting this layer over diverse >>>>> hardware providing global connectivity is the "end to end argument’. >>>>> Building on RFC1958 we hold that the word architecture, in the context >>>>> of the IETF, refers to all the protocols, procedures, processes and >>>>> their accompanying people and politics that go into ensuring the >>>>> Internet remains a medium for unfettered global connectivity.’ Would >>>>> such a definition clarify our use of the word architecture sufficiently? >>>>> >>>>> Additionally, we would like to push back a bit against the argument that >>>>> because there is no consensus in the IETF on what the term architecture >>>>> means, we cannot use it in the text. The IRTF should be the space where >>>>> we can push the boundaries on that discussion, bringing in definitions >>>>> from academia as we do in the text by referring to amongst others the >>>>> work of Prof. Denardis and Prof. Bowker on architecture. >>>>> >>>>> >>>>>> (4) What does "=" mean here? >>>>>> >>>>>> In section 2 and later (in 5.2.2) you have diagrams with >>>>>> bracketed terms on the left, then "=" and then another term on >>>>>> the right. I just don't get what you mean by that "=" sign. You >>>>>> say "combine" and "makes up" but frankly I don't get it, even >>>>>> though I was in some of the meetings where those pictures were >>>>>> presented. E.g. in section 2, I don't get how to combine >>>>>> authenticity and anonymity in any useful sense, as those are >>>>>> mostly in conflict. >>>>> The easy answer, which will probably will not be enough for you, would >>>>> be: depends on the usecase. If we for instance take the example of TLS >>>>> for .onion websites, there the security model includes anonymity as well >>>>> as authenticity. >>>>> >>>>> I think it can easily be argued than in many models of security, privacy >>>>> and anonymity play a role, in others anonymity may be less important. >>>>> >>>>> To reflect this I changed the text to: >>>>> >>>>> A combination of reliability, confidentiality, integrity, anonymity, and >>>>> authenticity is what makes up security on the Internet. >>>>> >>>>> I also changed the '=' in to an '⇒' >>>>> >>>>> >>>>>> And the 2nd picture in section 2 has >>>>>> connectivity on the RHS, which you defined as being an "extent" >>>>>> and none of the things on the LHS seem to reflect that at all. >>>>>> While those pictures may well have been ok for use in >>>>>> presentations, I'm less happy that they're useful in an RFC. >>>>>> So, what does "=" mean? Can you actually define that relation? >>>>>> (Apologies if I'm being all "techie" and anal here, but I >>>>>> really don't get it, honest;-) >>>>> Where it come to the definition of rights in 5.2.2 the relation between >>>>> the LHS and the RHS should be 'contribute to an enabling environment >>>>> for', so I replaced the '=' with '⇒' and added an explanation. >>>>> >>>>> >>>>> >>>>>> (5) The DDoS discussion is still wrong. >>>>>> >>>>>> I think the discussion of DDoS in section 5.2.11 (see below for >>>>>> specifics) is not good enough and that section needs to be >>>>>> re-written or mostly deleted. (Not all list discussions need to >>>>>> end up with a section in the document.) It may be the case that >>>>>> what is needed is some discussion of forms of protest using the >>>>>> Internet, but that I think would better be the topic for >>>>>> another document, if soeone has the energy/interest. (That >>>>>> could be interesting too!) For this document, if it is aimed at >>>>>> the IETF audience, the current text is not useful as it ends up >>>>>> as a (controversial) NOOP - "don't enable DoS" is already in >>>>>> RFC3552 since 2003. >>>>>> >>>>> The scope of this document is _very_ different from RFC3552. It analysis >>>>> a case of technology and it's impact human rights. So, it has a >>>>> completely different role from RFC3552, even though the conclusions are >>>>> largely the same. >>>>> >>>>> >>>>>> (6) The questionnaire is not good enough. >>>>>> >>>>>> 5.3.2.x.y: Please go through these questions yourself (for some >>>>>> protocol) and write down answers and see then what you think of >>>>>> the questions. I think a number of these questions will not >>>>>> produce meaningful answers in any real attempt at using them. >>>>>> I also think that someone who is not an author and who is >>>>>> developing a new protocol needs to have gone through the >>>>>> exercise at least once before we should publish this document >>>>>> as any RFC. It is far too easy to ask unanswerable or >>>>>> non-useful questions otherwise. >>>>>> >>>>> We have had four people who did an exhaustive roadtest of the >>>>> questionnaire and used it on their draft in development. They presented >>>>> the outcomes at the session in Berlin and were also posted to the list. >>>>> >>>>>> (7) Missing introductory text. >>>>>> >>>>>> I think there's a missing bit of explanatory text about rights >>>>>> in general that'd help some more IETF-oriented readers. As I >>>>>> understand it, in HR all rights are contingent in the sense >>>>>> that governments are expected to balance competing rights in >>>>>> all cases. So e.g. even though we have a right to life, >>>>>> governments can legislate for capital punishment and still >>>>>> consider themselves signed up to the UDHR. I think this is >>>>>> worth noting, as for example, it means that we do not >>>>>> necessarily want to enshrine all the fine concepts on which the >>>>>> IETF has consensus as human rights, in particular, claiming >>>>>> that one had a right to encrypt could as a side-effect allow >>>>>> some governments to claim that they had a right to limit one's >>>>>> knowledge of mathematics, if that is claimed to compete with >>>>>> other rights (e.g. to safety). I'm not sure if this is the >>>>>> right HRPC document to capture that, but it was a surprise for >>>>>> me when I first found that out, so it may be worth adding a bit >>>>>> of text explaining basic rights concepts like that here or >>>>>> somewhere else. >>>>>> >>>>> The concept of balancing rights is not an easy one and there is also no >>>>> consensus in the law community about how this should be done. There are >>>>> many scholarly papers written about this, and I would large go with the >>>>> approach in the UN Guiding Principles for Business and Human Rights. So >>>>> I would offer the following text: >>>>> >>>>> Human rights can be in conflict with each other, such as the right >>>>> to freedom of expression and the right to privacy. In such as case the >>>>> different affected rights need to be balanced. In order to do this it is >>>>> crucial that the rights impacts are clearly documented in order to >>>>> mitigate the potential harm in a proportional way. Making that process >>>>> tangible and practical for protocol developers is what this research >>>>> aims to ultimately contribute to. >>>>> >>>>>> Specific comments (without reference to importance:-) >>>>>> >>>>>> Note: I'm not quite sure why, but I read this through and >>>>>> commented as if it were a PhD thesis, which is a bit more >>>>>> stringent that e.g. IESG evaluation. Apologies if that seems >>>>>> like nitpicking, but I think given the possibly political >>>>>> (ab)uses to which this RFC could be put, and since we might >>>>>> effectively kill the impact of the RG if we do this first RFC >>>>>> badly, we might be better off to take that approach. I'm >>>>>> willing to believe that I'm being too nit-picky though:-) >>>>>> >>>>> Does this mean that if we answer all these questions to your >>>>> satisfaction we'll get a PhD ? >>>>> >>>>>> abstract: These ought not have references and I think is too >>>>>> long. I'd suggest keeping the 2nd para (minus the reference) >>>>>> and move the rest to the intro. >>>>> Proposal accepted >>>>> >>>>>> intro, p3: How do you know that "open, secure and reliable" are >>>>>> necessary conditions here? I think you're likely correct, but >>>>>> I'm not sure that claim is justified in the document or in the >>>>>> references. >>>>> Reference added (to FOC Talinn agenda) >>>>> >>>>>> intro, p3: "The Internet aims to be a global network of >>>>>> networks that provides unfettered connectivity to all users at >>>>>> all times and for any content [RFC1958]. " The "aims to be" >>>>>> there seems odd, and I don't see where 1958 says "at all times" >>>>>> which seems to me overstated. >>>>> Changed it into: >>>>> The purpose of the Internet to be a global network of networks that >>>>> provides unfettered connectivity to all users and for any content >>>>> {{RFC1958}} >>>>> >>>>>> intro, p3: "One could even argue that the Internet is not only >>>>>> an enabler of human rights, but that human rights lie at the >>>>>> basis of, and are ingrained in, the architecture of the >>>>>> network." Sure one could argue that but is that claimed as an >>>>>> RG consensus? And you're assuming that there is one true >>>>>> Internet architecture there I think, which is problematic. >>>>>> >>>>> Although there has been a lot of discussion on the extend to which human >>>>> rights were at the top of the minds of the people developing it, the >>>>> technical principles like end-to-end, decentralization etc which were >>>>> priorities for the initial developers overlap sufficiently with human >>>>> rights like freedom of speech and access to information to make this >>>>> argument stick. It might have been a happy accident, but few in the RG >>>>> have disputed that - when looking at it from this perspective - human >>>>> rights are not intrinsically weaved through the structure of the >>>>> network. We have specified our definition of Internet architecture to >>>>> mitigate your concerns there. >>>>> >>>>> >>>>>> intro, p3: "By doing so, the IETF enabled the manifestation of >>>>>> the right to privacy, through the Internet's architecture." I >>>>>> think this shows a misconception of the IETF's role, at least >>>>>> as I see it. I don't believe that the IETF controls the >>>>>> Internet's architecture in the sense implied here. If you'd >>>>>> said "through it's protocol design processes" at the end >>>>>> instead, then I think that'd be better. And saying "Enabled" >>>>>> makes it sound like a done-deal and we can all go home, which >>>>>> strikes me as pretty optimistic;-) >>>>> A little wish-fullthinking never hurt anyone I guess ;-) Incorporated >>>>> your suggestion at the end of the sentence and changed 'enabled' to >>>>> 'allowed' for. >>>>> >>>>>> intro, p3, "Openness of communications of the technical design" >>>>>> what does that mean? And how does it "foster freedom of >>>>>> communication"? I don't get the argument here. >>>>> We mean to say here that the nature of the Internet was fundamentally >>>>> open. People could just show up and hack away. Have changed the sentence >>>>> to read: The open nature of the initial technical design (open >>>>> standards, open source, etc) fostered freedom of communication as a core >>>>> value, everyone could join and everyone could submit code. Hope that >>>>> clarifies a bit. This was done to show that today's Internet is more >>>>> closed. Closed standards (and standards bodies) walled garden >>>>> applications etc. >>>>>> intro, p3, "galvanize" is overstated and the IETF doesn't >>>>>> "ensure" what happens in the network, but only in the protocols >>>>>> we define - what implementers and operators do with that is >>>>>> really up to them and not the IETF. That's an important >>>>>> distinction that's mixed up in a few places in the document, >>>>>> including in the next sentence - if the IRTF produces this RFC, >>>>>> that's great and will help to ensure better realisation of HR >>>>>> issues, but the existence of the RFC itself will not ensure >>>>>> anything. >>>>>> >>>>> Have changed the words ensuring and galvanizing for the word encourage. >>>>> And changed the word encourage in the second sentence to the word >>>>> facilitate. I understand that the IETF/IRTF does not ensure anything. >>>>> But to tone the language down all through the document would take away >>>>> from the fact that the IETF/IRTF does have a substantial role in setting >>>>> the standard (no pun intended) for what they think the network should >>>>> look like, irrespective of what implementers and operators end up doing. >>>>> >>>>>> section 2: "unfettered" - while I myself do like that term, I >>>>>> think following the approach from RFC 4084 which you quote here >>>>>> would be a good general approach for this entire document. >>>>>> 4084 section 1.2 says that it intentionally avoide pejorative >>>>>> terms so as to increase the likelihood that operators will pay >>>>>> attention. I think following that guidance in this document >>>>>> would be good. Most of the text is actually fine in this >>>>>> respect, but an editing pass based on a review from some (as >>>>>> yet uninvolved) protocol developers would be a good thing. For >>>>>> example, some of the references to companies and products later >>>>>> on might raise hackles in a way that'd be counter productive. >>>>>> Anyway, 4084 does not use the term unfettered at all so better >>>>>> to not say that here. >>>>>> >>>>> OK - removed 'unfettered'. >>>>> >>>>>> section 2, and elsewhere: I think the use of the term anonymity >>>>>> is wrong in almost all cases in this document. >>>>> Interesting. Happy to fix, but would be great if you could give me a bit >>>>> more to work with. >>>>> >>>>>> While it is the >>>>>> case that users (and non-technical folk in general, including >>>>>> law makers) may talk about anonymity, I think there are few to >>>>>> zero technical folks who think that anonymity is achievable at >>>>>> any scale today. >>>>> Anonymity has a very specific meaning in both legal and technical terms, >>>>> there I think it's important that we work on this. The UN Special >>>>> Rapporteur on Freedom of Expression has underlined the importance of >>>>> encryption and anonymity online ( >>>>> http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx >>>>> ). And eventhough it is indeed a hard technical problem, I actually >>>>> think quite a lot of people are working on this. Tor is indeed probably >>>>> the best 'running code' example, but there is also Briar, I2P, Tribler, >>>>> etc. There is also an increase in Operating Systems that are geared >>>>> towards anonymity (by integrating Tor and other measures) such as >>>>> Subgraph, Tails, and Qubes, so I think discussing it is relevant, and I >>>>> don't think we should take a step back an accept that it's not possible. >>>>> >>>>> >>>>> >>>>>> Tor may be the closest we get, but it's not at >>>>>> all clear to me that anonymity is really a requirement or a >>>>>> goal for almost all protocol designers almost all of the time. >>>>> Maybe it's not and maybe it should be. Because there is a clear human >>>>> rights impact here. The aforementioned report by the UNSR recognizes the >>>>> essential role of encryption and anonymity in realizing human rights >>>>> protected under international law, as such technology “provide[s] >>>>> individuals and groups with a zone of privacy online to hold opinions >>>>> and exercise freedom of expression without arbitrary and unlawful >>>>> interference or attacks.” >>>>> >>>>>> I do think we should consider "being hard to track" and similar >>>>>> as requirements/goals but that's different and I'm not sure we >>>>>> even have that good an idea about all the trade-offs that are >>>>>> involved here. >>>>> Isn't that something that should be documented? >>>>> >>>>>> I'd recommend checking every time you use this >>>>>> tern, and getting rid of most of them. (Will try to point out >>>>>> the ones I think are problematic below.) Note that the 4949 >>>>>> definition is probably ok(ish:-) but once there are muliple >>>>>> protocols involved things become very unclear and in real >>>>>> networks, there's almost always someone somewhere who can >>>>>> identify (or re-identify) a person, host or bit of s/w and that >>>>>> context seems to be missing here when you use the term. >>>>>> >>>>> See above. >>>>> >>>>>> 2, Defining connectivity as an "extent" is interesting. I'm not >>>>>> sure if it's precise enough though, e.g., what'd "twice better >>>>>> connectivity" mean? Not sure what to suggest but I do think >>>>>> you're right to not define it as binary. Maybe refer to RFC4084 >>>>>> here again for some different types of connectivity? >>>>> Done - added reference to RFC4084 >>>>> >>>>>> 2, "content-agnosticism" - hmm, that seems a bit broken to me >>>>>> as a definition, it is ok to treat delay intolerant traffic >>>>>> differently and we do want that sometimes. "Identically" seems >>>>>> too strong, but I'm not sure what better definition to use >>>>>> without getting into an essay about net neutrality and similar >>>>>> things that I don't know much about;-) >>>>>> >>>>> I did not change this. Because although your statement on the delay of >>>>> intolerant traffic is true, common practice does not influence the >>>>> definition of content agnosticism perse. >>>>> >>>>>> 2, "end-to-end" - I much prefer to refer to this as an argument >>>>>> and not a principle. You'll get different opinions on that >>>>>> though:-) >>>>> Could you elaborate? I think we documented the use and origins pretty >>>>> well in bodies of literature and academic discussion. >>>>>> 2, "Internet censorship" - I think this definition is too broad >>>>>> and could even be read to discourage data minimisation. It >>>>>> seems to be missing the concept that the censor is acting >>>>>> without the agreement of the endpoints, but agreement/consent >>>>>> is such a slippy concept on the Internet maybe that'd be a bad >>>>>> idea. Anyway, this seems to broad to me fwiw. >>>>> Do you have any suggestions for new language to replace it with? >>>>>> 2, "Internet Standards as an Arena for Conflict"... eh... >>>>>> What? That's not a term to define, it's an argument for over >>>>>> beer! I think you need to delete that from this section. If you >>>>>> want to include the text somewhere then find a better way to do >>>>>> that I'd say. (But I'd still then ask: where is the principle >>>>>> of constant change defined for all time? :-) >>>>>> >>>>> Agreed. Moved the text to the literature and discussion section >>>>> >>>>>> 2, "i18n" - I think you're wrong that "Many protocols..." don't >>>>>> support i18n. It's for sure true that a bunch don't do this >>>>>> well and ought, but "many" seems overstated. Did you count >>>>>> them? >>>>> We got this observation from the i18n WG in Yokohama. >>>>> >>>>> (Note that for many binary protocols i18n isn't very >>>>>> relevant at all, if one assume that i18n is mostly important >>>>>> for end-users and less so for developers or bigger operators.) >>>>>> >>>>> Here I would like to push back with the arguments Ramsey Nasser >>>>> introduced at his presentation at the hrpc session at IETF95. Based on >>>>> his programming language in Arabic he showed through 'engineering >>>>> performance art', that the Internet and its technical infrastructure is >>>>> inherently hostile to non latin characters, which send the message that >>>>> the Internet natively belongs to English speakers. This is true for >>>>> developers, operators and users alike imho. >>>>> >>>>>> 2, "Open Standards Conform" - what? That's not a term to >>>>>> define. I think you also say this elsewhere so deleting this >>>>>> would be right. And what's RFC2606 got to do with it? >>>>>> >>>>> There should have been a hard return there. The text is lifted from >>>>> RFC2606. Should be fixed now. >>>>> >>>>>> 2, "Openness" - I think this is just wrong and am not sure what >>>>>> you even want to define. You cannot for example have free >>>>>> access to hosts in my home network, no matter how openly you >>>>>> ask:-) If you want to define openness, then I think it'd have >>>>>> to be about processes and not access to hosts. >>>>>> >>>>> The definition doesn't say access to all hosts, right? I don't think I >>>>> agree with the critique. >>>>> >>>>>> 2, "permissionless innovation" is not all about new protocols. >>>>>> It's also about using existing protocols in new ways without >>>>>> having to ask. Not all such uses are usefully described as new >>>>>> protocols. >>>>> added that to the text. >>>>> >>>>>> 2, "Privacy" - I think adding some references to the HR and >>>>>> legal literature about privacy could help the more technical >>>>>> readers here. >>>>>> >>>>> Added: >>>>> The right to privacy is articulated all of the major international and >>>>> regional human rights instruments, including: >>>>> {{UDHR}} Article 12: “No one shall be subjected to arbitrary >>>>> interference with his privacy, family, home or correspondence, nor to >>>>> attacks upon his honour and reputation. Everyone has the right to the >>>>> protection of the law against such interference or attacks.” >>>>> {{ICCPR}} Article 17: “1. No one shall be subjected to arbitrary or >>>>> unlawful interference with his privacy, family, home or correspondence, >>>>> nor to unlawful attacks on his honour or reputation. 2. Everyone has the >>>>> right to the protection of the law against such interference or attacks.” >>>>> The right to privacy is also included in: >>>>> Article 14 of the United Nations Convention on Migrant Workers; >>>>> Article 16 of the UN Convention on the Rights of the Child; >>>>> Article 10 of the African Charter on the Rights and Welfare of the Child; >>>>> Article 4 of the African Union Principles on Freedom of Expression (the >>>>> right of access to information); >>>>> Article 11 of the American Convention on Human Rights; >>>>> Article 5 of the American Declaration of the Rights and Duties of Man, >>>>> Articles 16 and 21 of the Arab Charter on Human Rights; >>>>> Article 21 of the ASEAN Human Rights Declaration; and >>>>> Article 8 of the European Convention on Human Rights. >>>>> >>>>> >>>>> >>>>>> 2, reliable, resiliance and robustness - I'm surprised there're >>>>>> no references for the first two and puzzled by the references >>>>>> for the 3rd. >>>>> References added (my bad, thanks for spotting) and offered grammtical >>>>> improvements for robustness: >>>>> >>>>> : The resistance of protocols and their implementations to errors, and >>>>> to involuntary, legal or malicious attempts to disrupt its mode of >>>>> operations. {{RFC0760}} {{RFC0791}} {{RFC0793}} {{RFC1122}}. Or framed >>>>> more positively, robustness is the quality of a system that can provide >>>>> functionality consistently and without errors despite involuntary, >>>>> legal or malicious attempts to disrupt its mode of operations. >>>>> >>>>> >>>>>> There also seem to be very few reference to these >>>>>> later, which makes it odd to find them here. I wonder if the >>>>>> formalism you're using (introduced at the end of section 2) has >>>>>> caused you to shoe-horn in definitions of these? >>>>>> >>>>> Nopes - these were terms that kept returning in interviews and during >>>>> research. I also do not think they're hardly mention actually. >>>>> >>>>> >>>>>> 2, scalable - it's often a challenge in proocol design to >>>>>> ensure that a protocol scales down as well as up, in the sense >>>>>> of working well for smaller networks/deployments. Might be >>>>>> worth pointing that out as it's relevant here when one >>>>>> considers designing new protocols potentially putting too much >>>>>> emphasis on the requirements of only bigger operators (who are >>>>>> in the room). >>>>> good point, added the following language to the text. In protocol design >>>>> ensuring for the capacity to both scale up and down can be a challenge. >>>>> Yet, it is important to consider the capability of the protocol to do >>>>> both, to ensure new protocols consider the requirements of both big and >>>>> small operators. >>>>> >>>>>> 2, stateless - is used exactly once later, and stateful is not >>>>>> used at all later - do you really need this here? (Just define >>>>>> it when used, but I think protocol developers will get the >>>>>> meaning anyway.) You could also say that retaining state has >>>>>> potential privacy impact, which may not be so obvious. (That >>>>>> retaining state impacts on other protocol features such as >>>>>> hard-reboot is fairly well understood I think.) >>>>>> >>>>> Removed glossary entry >>>>> >>>>>> 2, "Strong encryption / cryptography" I don't think this is >>>>>> needed or useful - why is it here? I think the IETF community >>>>>> know this already, is it useful for some other readership? If >>>>>> so who? (Since I'm not sure it'd be that useful for any >>>>>> readership.) >>>>> It is an IRTF document, so I am hoping that it will be read by >>>>> researchers as well as protocol developers. >>>>> >>>>>> 2, "transparent" - I don't like this definition which I think >>>>>> is not actually definining the term in the sense in which you >>>>>> use it in this document. As you actually use the term, it is >>>>>> mostly about processes, which is not what RFC2775 is about. In >>>>>> fact, I think you're actually using the term in it's normal >>>>>> English usage and don't really need a specific definition. >>>>>> (Though I didn't check all uses of the term.) >>>>>> >>>>> Fair point. Removed. >>>>> >>>>> >>>>>> 2, " The combination of reliability, confidentiality, >>>>>> integrity, anonymity, and authenticity is what makes up >>>>>> security on the Internet." No. That is just wrong. For example, >>>>>> that list omits DoS resilience, bugs (and protocol flaws) that >>>>>> cause problems like heartbleed, and I think, much else besides. >>>>>> I'm not sure how to fix this. (But see my general question wrt >>>>>> "=" as used here.) >>>>>> >>>>> I think this should be solved with the solution offered above. >>>>> >>>>>> section 4: I don't accept that "protocols are politics by other >>>>>> means" - if I develop a way for two computers to interact in my >>>>>> (non-existent as it happens:-) basement, that is not politics. >>>>>> If I publish an academic paper on a faster way to do ECDH >>>>>> that's not politics. I know it's a quote, but I don't think >>>>>> you ought present that quote in that way (reading IMO as if it >>>>>> were an RG consensus statement) without qualification. The >>>>>> relevant qualification I think is tricky to formulate but has >>>>>> something to do with broad deployment or with deployment at >>>>>> some technical choke point that offers significant control to >>>>>> someone. >>>>>> >>>>> I want to push back a little on the fact that this is not RG consensus. >>>>> I think a lot of people have expressed the sentiment that their >>>>> technical protocols increasingly have an impact on the political realm >>>>> and vice-versa. As such protocols have become enveloped in politics, >>>>> whether we/the IETF/the technical community likes it or not. Not to >>>>> speak of the fact that many prominent academics, which include engineers >>>>> and computer scientists, underwrite this statement. I also do not think >>>>> it is without qualification, the text goes on to mention at least eight >>>>> different papers that carefully qualify these statements. If we however >>>>> write out there arguments we run the risk of making that bit of text >>>>> suffer from TL;DR. >>>>> >>>>>> 4: I don't get the "values-by-design" point and how it's >>>>>> relevant to the IETF. I don't recall discussions about that on >>>>>> IETF/IRTF lists. Is this perhaps something that's really being >>>>>> discussed outside the IETF/IRTF context? If so, then the >>>>>> statement that these are a "new focal point" is not correct. >>>>>> (If you want to say this should or could be a discussion to >>>>>> have, that'd be fine but that's a different statement.) >>>>> These discussions have been had on the lists, in addition to the latest >>>>> session of hpc in Berlin when United Nations Special Rapporteur David >>>>> Kaye presented his latest report on the responsibility of SDOs vis-a-vis >>>>> human rights. The HRPC work has been focused specifically on the >>>>> question of how values get translated to design, and how they should or >>>>> should not. As such, I am surprised to hear you say that you have not >>>>> seen this happen on the list. >>>>> >>>>>> 4: "tools of enforcement" - I'm not sure what you mean here. If >>>>>> you mean law enforcement then saying that would be better, but >>>>>> the sentence is vague, for me anyway so would be better >>>>>> rephrased. >>>>>> >>>>> The full quote in the paper reads: "The “theory of the blunt >>>>> instrument” says that if you can blunt the tools of your >>>>> antagonist in a tussle, you may be able to disable him. Thus, if >>>>> all users of the Internet always encrypted everything they sent, >>>>> there could be no wiretaps and no discrimination based on content. >>>>> The only tool left to the regulator (e.g., the state) would be the blunt >>>>> instrument of total disconnect. This theory is appealing to >>>>> those who see the Internet as a vehicle for contention with state >>>>> controls. And indeed, this theory is appealing and has much to >>>>> recommend it. But (again) in the extreme, it >>>>> suffers from two problems. First, we have seen states, faced with the >>>>> only option of the blunt instrument, use it. When Google >>>>> refused to continue to comply with the law of the land in >>>>> China, China threatened to revoke their license to operate >>>>> there, leaving Chinese users with the even >>>>> - more regulated alternative of Baidu. Opinions may differ, but >>>>> some argue that a little Google would be better for the Chinese >>>>> people than none. >>>>> Similarly, Burma took the step of disconnecting all international >>>>> telecommunications links during the 2007 “Saffron >>>>> Revolution”, and several >>>>> countries have blocked Facebook and YouTube. Are those countries >>>>> and their citizens better off with that outcome than with >>>>> half a loaf? Second, when law trumps technology, >>>>> baking the “blunt instrument” outcome into the architecture may >>>>> raise large complexities for actors required to comply with >>>>> regulations. When France required that Yahoo block auctions of Nazi >>>>> memorabilia to its citizens, Yahoo had to organize a table >>>>> that identified (imperfectly) IP addresses of French users. Would >>>>> it have been better or worse if the Internet made it easy to tell from >>>>> what jurisdiction a connection came?" >>>>> >>>>> See here: >>>>> http://conferences.sigcomm.org/co-next/2010/Workshops/REARCH/ReArch_papers/10-Brown.pdf >>>>> >>>>> What they mean in this case is that if the IETF were to bake the UDHR >>>>> into its protocols, countries who do not agree with that might >>>>> completely withdraw from the standard setting process. I agree that >>>>> tools of enforcement is unclear so I changed that sentence to better >>>>> reflect that sentiment. >>>>> >>>>>> 4: "This document sets out some preliminary steps and >>>>>> considerations for engineers to take into account when >>>>>> developing standards and protocols." I think that's a good and >>>>>> fair statement of where this document is at. But don't you >>>>>> elsewhere go further? >>>>> Not in this document methinks. >>>>> >>>>>> section 5: It'd be great if you could add links or references >>>>>> to the source materials here. For example, who'd you interview? >>>>>> Are the videos avaiable? What's the list of RFCs you read and >>>>>> which were considered (most) relevant? Similarly for WG lists >>>>>> analysed etc. I'm sure you have all that stuff and making that >>>>>> available for later would be great. >>>>>> >>>>> Several people only wanted to be reviewed on the basis of anonymity, >>>>> releasing an incomplete list doesn't make a lot of sense methodologically. >>>>> >>>>> There is a preliminary RFC reading list, but we let it go relatively >>>>> soon we we were able to do automated RFC analysis with this tool: >>>>> https://github.com/nllz/rfc-analysis >>>>> >>>>> The RFCs that were deemed most relevant are mentioned in the ID. >>>>> >>>>> >>>>>> 5.2.1.4 and 5.2.1.5: (See general point #4 above about "=") I >>>>>> don't think you actually have achieved this "the creation of a >>>>>> list of technical concepts that when combined create an >>>>>> enabling environment for human rights." It's a fine goal, but >>>>>> I'm not sure it's achievable in reality with the kind of >>>>>> precision claimed in this section. I don't think the terms >>>>>> used in the figure in 5.2.1.5 are at all precise TBH, e.g. the >>>>>> phrase "good enough" only occurs in this figure and nowehere >>>>>> else. >>>>>> >>>>> I hope this has been sufficiently addressed now with the fix offered above. >>>>> >>>>> >>>>>> 5.2.3: "These capabilities for network control and limitations >>>>>> of the freedom of expression by end hosts can be traced back to >>>>>> the IPv4 design..." I don't think you have justified this >>>>>> claim. My argument would be that there is no simlarly >>>>>> scaled/robust nework against which to compare IP and that does >>>>>> not have the feature that it allows deployments to limit >>>>>> freedom of expression. So it may be that this feature/bug is >>>>>> not IP specific but inherent in large networks. In any case, >>>>>> the claim seems too much to me. (That might be a useful topic >>>>>> for the RG to tackle, or maybe someone has already studied this >>>>>> issue?) >>>>>> >>>>> That thee is no scaled/robust network to compare against doesn't mean >>>>> that this cannot be true for the current one, right? Not sure if I >>>>> understand your point. >>>>> >>>>>> 5.2.3.1: On what do you base the claim that source-routing >>>>>> could be better here? Source-routing seems to usually generate >>>>>> objections from transport folks. (You'd have to ask them for >>>>>> the history of that.) Spoofed source IP is a common mechaism >>>>>> for abuse. While you do say these are not considered good >>>>>> practice, you don't say why (or provide a reference) so it >>>>>> looks to this reader as if you're saying that those "features" >>>>>> could have been better, but without evidence for that. (Tor is >>>>>> lovely, but as currently defined, would not scale to the size >>>>>> of the Internet as it was quite some years ago.) >>>>>> >>>>> What we're doing here is 'know and show' the human rights impacts of a >>>>> specific protocol, that this is the only solution that exists and works >>>>> today, doesn't mean that it doesn't have a specific impact. So it's >>>>> about documenting of impacts. I don't think we're claiming anywhere that >>>>> those features could have been better, the sentence only reads that it >>>>> _can_ be done differently, not that that solution would be better. >>>>> >>>>> I've also added a reference on source routing. >>>>> >>>>>> 5.2.3.2: are you referring to the protocol number here? (As >>>>>> listed at [1]) That has about 140 protocols many of which >>>>>> aren't in widespread use. If so, then I question the claim >>>>>> that this is really the cause of DPI - I suspect that DPI >>>>>> devices mostly look deeper into the packet. That also seems to >>>>>> be indicated when you talk about transports and spdy. I think >>>>>> this section is confused about the differences between headers >>>>>> at various layers, and our history of sending cleartext. That >>>>>> said, I could see that in future, as we encypt more Internet >>>>>> traffic, someone may find rights-invading ways to use layer 3 >>>>>> headers but I'm not sure this is a significant issue today. (If >>>>>> there is evidence of this being done, I'd be interested in >>>>>> knowing about that. I guess there may be IPv6 options that are >>>>>> in use like that or have been suggested but you don't cover >>>>>> those at all that I can see.) >>>>>> >>>>>> [1] >>>>>> https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml >>>>>> >>>>> I removed this para for now, but am still researching it. Might offer >>>>> new text later on. Need some more thinking. >>>>> >>>>>> 5.2.3.3: I don't think mobile IP could never have displaced NAT >>>>>> for IPv4. We'd still have run out of addresses. So I'm not >>>>>> sure the point made here (that there was a "viable >>>>>> alternative") is correct at all. >>>>> With NAT deployed all over we're also running out of IP addresses, so >>>>> not sure your critique holds. Mobility could have been an alternative >>>>> for NAT, not for IPv6 (or its other alternatives). >>>>> >>>>>> 5.2.4: "which enact ICANN's policy" Do you thnk that the ccTLDs >>>>>> would agree with that? I don't. >>>>> Altered the text to: "which function in line with ICANN's policy" >>>>> >>>>>> 5.2.4: I think the fact that new gTLDs are hugely expensive is >>>>>> well worth a mention, as a deterrent to various freedoms. >>>>>> >>>>> You mean that it is expensive to become a registry (starting from >>>>> 185.000 USD), or that gTLDs are expensive? If it's the first, we >>>>> probably need to address this discussion: >>>>> https://archive.icann.org/en/topics/new-gtlds/explanatory-memo-new-gtld-program-budget-22oct10-en.pdf >>>>> , for the latter I do not have any data that shows that gTLD overall are >>>>> more expensive. >>>>> >>>>>> 5.2.4: I think you're missing some points here, maybe even an >>>>>> entire subsection. One of the ways around some of the issues >>>>>> listed is for clients to choose their resolver, e.g. so as to >>>>>> pick one that does check DNSSEC or that is not subject to the >>>>>> same regime as a default resolver. That can be blocked at the >>>>>> IP level, which is one issue. But even if I do that and use >>>>>> DPRIVE, then that creates a new threat of centralisation of >>>>>> lots of queries (e.g. at 8.8.8.8) which introduces yet another >>>>>> point at which control can be enforced or where traffic can be >>>>>> analysed. Passive DNS also has good and bad aspects. I'd say >>>>>> some or all of these points would be good to note. (But I'm not >>>>>> the right person to suggest good text sorry.) >>>>> Stephane has been so nice to provide text for this: >>>>> >>>>> Users can switch to another resolver, for instance a public one such as >>>>> those operated by Telecomix [http://dns.telecomix.org/]. The distorter >>>>> can then try to block or hijack the connection to this resolver. This >>>>> may start an arm's race, the user switching to secured connections to >>>>> this alternative resolver ({{RFC7858}}), the disruptor then trying to >>>>> find more sophisticated ways to block or hijack. In some cases, this >>>>> research to find an alternative, non-disrupting resolver, may lead to >>>>> more centralisation, many people going to a few big commercial public >>>>> resolvers. >>>>>> 5.2.5: The lack of a mandate for TLS was not the only reason >>>>>> why the web started out largely cleartext. There were also >>>>>> significant performance, UI, tooling and missing infrastructure >>>>>> issues, as well as the charging per certificate business model. >>>>>> Those were more important issues IMO, even though they do not >>>>>> nicely tie into the discussion of h2 and it's lack of a mandate >>>>>> for use of TLS. While I personally regret that, it was the >>>>>> result of a real and extended and open debate, which I think >>>>>> also ought be noted. >>>>>> >>>>> replaced 'caused' with 'was one of the reasons for' >>>>> >>>>> >>>>>> 5.2.5 and 5.2.5.x: While I'm fine with you calling the >>>>>> development of TLS MitM devices and similar "malicious," I am >>>>>> pretty sure plenty of folks might argue that. It'd be better to >>>>>> skip the pejorative language I think, but it is entirely >>>>>> correct to have the references to the attacks mounted using >>>>>> such technologies. I'd also tend to not mention specific >>>>>> companies and products in the body of the text, except where >>>>>> that is really necessary to make the point. >>>>>> >>>>> Done >>>>> >>>>>> 5.2.5.1: How do you know it was Snowden's relevations that >>>>>> caused mail service providers (not ISPs!) to "follow Google's >>>>>> lead"? That may be correct, but I'm not sure there's the public >>>>>> evidence that they said that was why. (If there is, great, but >>>>>> please provide a reference, the one you do provide, [Peterson], >>>>>> is about gmail and not yahoo.) Also, Google use TLS, not SSL >>>>>> for gmail. >>>>> Done >>>>>> 5.2.5.1: "less democratic" - I think it's an error to say that, >>>>>> since many countries that are considered role models for >>>>>> democracy could do the same things, "some countries" and >>>>>> examples would be better. Same with "oppressive regimes" - >>>>>> there's no need to include that judgement here. The reference >>>>>> here [RSF] wasn't accessible to me (no route to host) from a >>>>>> hotel network and eduroam. That could be nicely ironic, or a >>>>>> badly chosen reference. (But you need a reference.) The 2012 >>>>>> Libya report also really needs a reference. >>>>>> >>>>>> [RSF] >>>>>> >>>>> https://en.rsf.org/syria-syria-using-34-blue-coat-servers-23-05-2013,44664.html >>>>> >>>>> Updated link, reference added and judgemental language removed. >>>>> >>>>>> 5.2.5.2: wrt great-cannon, you might want to note that the IESG >>>>>> issued a related statement [2]. That's a bit tangential, but I >>>>>> think is relevant for this work. >>>>>> >>>>>> [2] >>>>>> https://www.ietf.org/iesg/statement/maximizing-encrypted-access.html >>>>>> >>>>>> 5.2.5.2: "Companies like" is pejorative and the patent >>>>>> application seems irrelevant. "has been largely documented" >>>>>> calls for a reference. "Oppressive regimes" is also not needed >>>>>> here as is "little concern for bad human rights records." The >>>>>> right thing here I think is to note the documented record >>>>>> without pejoratives and to then let the reader draw their own >>>>>> conclusions. >>>>>> >>>>> Done and done >>>>> >>>>>> 5.2.5.2: I don't think the text about h2 is fair. You're >>>>>> missing a) that there was a real and open debate on the topic, >>>>>> b) that some important implementations are exclusively h2/tls >>>>>> and c) that there is a spec for OS for HTTP being developed. >>>>>> Those are all as relevant as the fact that the outcome of the >>>>>> debate was to not mandate use of TLS all the time. (Which I do >>>>>> think is worth saying in this document, but needs more complete >>>>>> context.) >>>>> I am not sure what this would add to this. It is not stated that there >>>>> was no debate or that there are no exclusive h2/tls implementation. Am >>>>> happy to write something but am not completely sure what it would add to >>>>> the the analysis of the impact of this protocol on human rights. >>>>> >>>>>> 5.2.6: I think this section is missing some things. First, the >>>>>> IETF/XSF relationship is relevant here and needs a mention. (As >>>>>> both good and bad!) >>>>> Do you have a reference / source where we can learn more about this? >>>>> Since you seem to hint at something I do not know about. >>>>> >>>>>> Second, OTR is important, as is the >>>>>> community's failure to produce a better e2e standard for xmpp. >>>>> I am hesitant to do so, because then we would be analysing another >>>>> protocol, right? >>>>> >>>>>> And lastly, I think the tendency of IM deployments to not >>>>>> deploy interoperable standarsd is missing, which also has good >>>>>> and bad aspects (good: they can do telegram etc, bad: no >>>>>> interop). I'd suggest asking an XMPP expert to review/suggest >>>>>> text. (Happy to help find you one if needed.) >>>>>> >>>>> Do we really want to get into the Facebook Messenger, Ello, Telegram, >>>>> Signal, Axolotl discussion with this? That would be a serious extension >>>>> to the discussion... in the security direction. I would like to hear >>>>> what other people think about this, because I think this document >>>>> already covers a lot of ground. On the other hand: >>>>> >>>>> >>>>> https://www.theguardian.com/technology/2016/aug/03/turkey-coup-gulen-movement-bylock-messaging-ap >>>>> >>>>> Review by experts is always welcome. I asked Peter Saint Andre a while >>>>> ago but I did not hear back. Suggestions and reviewers are always very >>>>> welcome. >>>>> >>>>>> 5.2.6: "The protocol also has facets that may stifle speech as >>>>>> users self-censor for fear of surveillance, or find themselves >>>>>> unable to express themselves freely." That's not an XMPP >>>>>> specific point - the same applies to email and the web and to >>>>>> any other protocol that supports interpersonal messaging or >>>>>> access to sensitive information. I think you ought up-level >>>>>> this point to a more generic section that calls out issues with >>>>>> multiple protocols. (Not sure where exactly, but having it here >>>>>> only isn't great.) >>>>> Agreed, have added this point to the Privacy Explanation in the >>>>> questionnaire. >>>>>> 5.2.7: Is this section about P2P in general (I'd consider P2P a >>>>>> design pattern) or about PPSPP or about BT? Each of those >>>>>> choices seems wrong. If the first, then that's not the same as >>>>>> other 5.2.x sections and doesn't mention other P2P protocols >>>>>> (e.g. RELOAD maybe). If the second, is the deployment of that >>>>>> sufficient to justify the text? If the 3rd - that's not an IETF >>>>>> protocol. So I'm not sure what to make of this. >>>>> It's the first. The reason for adding this case category to the research >>>>> was that peer-to-peer got mentioned a lot in the interviews and in >>>>> discussions on this, so we thought it would be useful for the document >>>>> to discuss it here. >>>>>> 5.2.7: Is it still true to say that P2P is an "increasingly >>>>>> becoming a popular architecture"? I thought usage stats were >>>>>> showing the opposite nowadays? The examples given are odd: as >>>>>> BTC doesn't do file sharing/interpersonal messaging, skype is >>>>>> no longer really P2P iiuc, and I don't know if spotify really >>>>>> is or not. Surely BT is the canonical real example? >>>>>> >>>>> Removed 'is becoming and added: >>>>> >>>>> "While its most common application has traditionally been >>>>> file-sharing (and other types of content delivery systems), P2P is a >>>>> popular architecture for networks and applications that require (or >>>>> encourage) decentralization. A prime example is Bitcoin (and similar >>>>> cryptocurrencies), as well as Bitcoin and proprietary multimedia >>>>> applications." >>>>> >>>>> >>>>>> 5.2.7: "mostly delegated" - I'm not sure this is correct. I >>>>>> could argue that RELOAD is a counter example. >>>>> That's why it says 'mostly', right? >>>>> >>>>>> I could further >>>>>> argue that the lack of deployment of RELOAD (iiuc) may be >>>>>> evidence that your implied argument that it'd be better for an >>>>>> organisation like the IETF to try produce complete specs in >>>>>> this space might be unwise in that it's less likely to result >>>>>> in deployment. >>>>> I think the 'conclusion' para is pretty clear on this: >>>>> >>>>> These platforms are not perfect, and more research needs to be done. >>>>> If adopted at large, well-designed and resistant P2P networks might >>>>> represent a critical component of a future secure and distributed >>>>> Internet, enabling freedom of speech and freedom of information at scale. >>>>> >>>>> I think that is not an implied argument for making everything P2P. >>>>> >>>>>> 5.2.7.3: I think ledbat has some protocol features that would >>>>>> allow deployments (if they are nice) to reduce the scope for >>>>>> tracking. That's RFC 6817 but I'd have to reread it to check if >>>>>> there's something useful there, also not sure about ledbat >>>>>> deployment. >>>>>> >>>>> You mean this? https://tools.ietf.org/html/rfc6817#section-5.1 Doesn't >>>>> seem very conclusive. >>>>> >>>>> >>>>>> 5.2.7.4: Sybil attacks in this context (e.g. astroturfing) seem >>>>>> to be relevant to more than p2p protocols. In fact wouldn't >>>>>> they be more common on web based systems, at least as exploited >>>>>> by/for governments and commercial entities? >>>>>> >>>>> Added this suggestion >>>>> >>>>>> 5.2.8: There are many kinds of VPN - I think it'd be better to >>>>>> rename this section to something like "personal VPNs" or >>>>>> similar, as you don't get into e.g. corporate VPNs. >>>>> I think the first para does cover the difference, and I don't think >>>>> there is anything in the rest of the analysis that is not true for other >>>>> kinds of VPNs? >>>>> >>>>>> 5.2.8.1: "local illegitimate wiretapping" - that's another >>>>>> pejorative term for some, "monitoring" would be just as clear. >>>>>> (Again, not because what you say is wrong, but because there's >>>>>> no point in antagonising those who read this.) >>>>>> >>>>> updated >>>>> >>>>>> 5.2.8.1: "are way less analyzed and understood" I think I >>>>>> recall some papers on these kinds of VPN that found some issues >>>>>> - be good to reference such work if possible, esp if there's a >>>>>> survey. >>>>> I've been searching a bit and did not find anything really good. Things >>>>> like: >>>>> http://dx.doi.org/10.1016/S1742-6847(06)70438-4 >>>>> http://www.ijcse.com/docs/INDJCSE14-05-04-101.pdf >>>>> >>>>> Theses ones are the best I could find: >>>>> >>>>> https://www.insinuator.net/2013/08/vulnerabilities-attack-vectors-of-vpns-pt-1/#respond >>>>> >>>>> http://ieeexplore.ieee.org.proxy.uba.uva.nl:2048/stamp/stamp.jsp?arnumber=7314859 >>>>> So I referenced them in the text. >>>>> >>>>> >>>>>> 5.2.8.3: " VPN providers should at least be transparent on what >>>>>> information do they store and for how long is being kept" I >>>>>> fully agree with this, but what's it telling the IETF >>>>>> readership? Perhaps that RFCs ought identity potentially >>>>>> sensitive logged data or for how long that needs to be retained >>>>>> for technical reasons? That migth not belong here anyway but >>>>>> could be relevant somewhere in the document. >>>>>> >>>>> Changed 'shoud' into 'would' and added your suggestion to the privacy >>>>> question in the questionnaire. >>>>> >>>>>> 5.2.9: This could be shorter and may better as a part of >>>>>> section 5.2.5 - why is this one status code so important? >>>>> reduced the text substantially. >>>>>> 5.2.10: I'm really not sure this (all) belongs here. The >>>>>> middlebox debate is old and won't be resolved here, so I'm >>>>>> don't think it's worthwhile regurgitating the arguments in such >>>>>> detail. And I think you already said what you need to say when >>>>>> discussing NATs. I'd say deleting this section is maybe right. >>>>> deleted it. >>>>>> 5.2.10: (If you keep it) "IETF's role to prevent such >>>>>> censorship" again, the IETF is not the Internet police and does >>>>>> not "prevent" things like that. If you refer to the SPUD BoF, >>>>>> you should include references to the minutes etc. >>>>>> >>>>> deleted it. >>>>> >>>>>> 5.2.10: "Middleboxes are becoming a proxy for the debate on the >>>>>> extent to which commercial interests are a valid reason to >>>>>> undermine the end- to-end principle." That seems like an >>>>>> opinion, and one I'd be surprised had consensus. Do you need to >>>>>> say that? >>>>> deleted it. >>>>> >>>>>> 5.2.11: "Some people may say that DDoS attacks are the only >>>>>> mean to be heard, in the current Internet." Some people say >>>>>> that the moon landings were faked. Vague reportage like that is >>>>>> useless. I'd say this entire section needs to be redone with a >>>>>> strong statement that there is no valid use-case for DDos, and >>>>>> that DDoS is not a valid form of protest. I think such a >>>>>> statement is one that would have RG and indeed IETF consensus. >>>>>> I'm very sure that no concept of DDoS as a valid form of >>>>>> protest would garner consensus in either the RG or the IETF. >>>>> Done >>>>>> 5.2.11: "seem to suggest that the IETF should try to ensure >>>>>> that their protocols cannot be used for DDoS attacks" That's >>>>>> very understated and maybe even misleading. I would say that >>>>>> the IETF has long-standing consensus that DDoS is an attack >>>>>> that protocols should mitigate to the extent they can and that >>>>>> DDoS vectors in protocols are basically bugs. RFC3552 (section >>>>>> 4.6) from 2003 covers this and says that standards MUST >>>>>> describe DoS issues. >>>>>> >>>>> Text added: >>>>> >>>>> All of these issues seem to suggest that the IETF should try to >>>>> ensure that their protocols cannot be used for DDoS attacks, which in >>>>> consistent with the long-standing IETF consensus that DDoS is an attack >>>>> that protocols should mitigate them to the extent they can {{RFC3552}}. >>>>> >>>>>> 5.2.11: The linkage between private sector control of networks >>>>>> and DDoS is IMO entirely unconvincing. NRENs are generally >>>>>> private sector and have major issues with DDoS. (I'm sitting in >>>>>> a talk on that topic right now.) It is not at all clear that >>>>>> anyone who'd claim that they are using a DDoS attack to protest >>>>>> would actually be protesting about a network operator - it is >>>>>> much more likely they are protesting about some content owner, >>>>>> who may be public or private sector. >>>>>> >>>>> Removed >>>>> >>>>>> 5.2.11: I don't think we need or want the argument based on PM >>>>>> here at all. The argument about motivations for PM in RFC7258 >>>>>> depends on there being some justifiable reasons for monitoring. >>>>>> (Otherwise we would not need to even point out that motivations >>>>>> don't matter.) There are no such close-to-good arguments at all >>>>>> for DDoS, so drawing that analogy is misleading. >>>>>> >>>>> Removed >>>>> >>>>>> 5.2.11: If the RG feel there is a need to discuss a possibility >>>>>> for fully opted-in people to collectively protest, (I do not) >>>>>> then you should invent a new term for that and clearly say that >>>>>> even though such protest might appear to the network as beng >>>>>> the same as a DDoS (and hence be treated as an attack), that is >>>>>> not the same as a DDoS, where 100% of real cases involve >>>>>> compromised hosts or hosts being used as reflectors without >>>>>> permission. If the RG feel there is a need to discuss forms of >>>>>> protest on the Internet, then I think an entirely different >>>>>> section is needed, probably with a different structure. >>>>>> >>>>> Removed >>>>> >>>>>> 5.3.1: I'm not sure the "HR threats" model is the right thing >>>>>> here. The same was true of rfc6973 as well, as you say, but in >>>>>> this case, I'm not sure you really even need the concept. 5.3.2 >>>>>> just says stuff like "did you think about <foo>" so I don't see >>>>>> a need to say that "<foo> is a threat." I don't think you lose >>>>>> anything by losing that concept entirely. There is also a >>>>>> danger in including that risk analysis model here in that doing >>>>>> so might cause later disussion to be somewhat blinkered. >>>>> Not sure if I share your view. There are concrete threats, that we can >>>>> people to be cognizant of by thinking and documenting issues that could >>>>> arise, through the use of the questionnaire. I don't see how the use of >>>>> 'threat' here is problematic. >>>>>> 5.3.1: "This is by no means an attempt to cherry picks rights, >>>>>> if other rights seem relevant, please contact the authors >>>>>> and/or the hrpc mailinglist." I'd delete that, it's not that >>>>>> appropriate for an RFC (it was for an I-D). But if you do want >>>>>> to say something about a contact point, the RG list would be >>>>>> better. (The phrasing "cherry pick" is also a bit odd.) >>>>> Rewrote: This is by no means an attempt to exclude specific rights or >>>>> proritize some rights over others, if other rights seem relevant, please >>>>> contact the research group mailinglist. >>>>> >>>>>> 5.3.2: The title here is a bit inaccurate and misleading. >>>>>> You're presenting guidelines for protocol designers, and not >>>>>> for "HR considerations." >>>>>> >>>>> Seems in line with the dictionary definition here: >>>>> >>>>> Simple Definition of consideration >>>>> : careful thought : the act of thinking carefully about something you >>>>> will make a decision about >>>>> : a desire to avoid doing something that will make another person sad, >>>>> upset, angry, etc. >>>>> : something that you think about when you make a choice or decision >>>>> >>>>> from: http://www.merriam-webster.com/dictionary/consideration >>>>> >>>>>> 5.3.2: I don't think that many IETFers follow or read RFC4101. >>>>>> (RFC4101 is a useful, good thing, but one that's not much used >>>>>> iiuc.) >>>>>> >>>>>> >>>>> It seem quite useful though, I do not necessarily see a reason to remove >>>>> it. >>>>> >>>>>> 5.3.2.1.2: We're updating RFC3552 now, and the update will >>>>>> include some guidance on privacy considerations. I'm not sure >>>>>> if it'd be better to reference that draft now or not though, as >>>>>> it's early days. Probably best to refer to BCP72 though, as >>>>>> that'll remain the right reference when the 3552bis work is >>>>>> done. >>>>> Replaced everymention of RFC3552 with BCP72 >>>>> >>>>>> 5.3.2.1.2: "Could your protocol counter traffic analysis, or >>>>>> data minimization?" oops - I don't think you want to counter >>>>>> data minimisation. Better to split that into two questions >>>>>> probably. >>>>> Done. >>>>>> 5.3.2.1.3: This set of questions need work. All protocols "look >>>>>> at the packet content" or else do nothing at all. I think you >>>>>> want to ask people to think about which fields in the packet >>>>>> they need to access and to try to minimize those, and if >>>>>> possible, discourage others from looking at the rest (e.g. by >>>>>> enabling encryption of those). I also have no clue what " Is >>>>>> the protocol transparent about its decisions?" means. And the >>>>>> last question is also pretty meaningless when looked at in >>>>>> isolation. (I think I already commented on the agnosticism >>>>>> phrase as used here before. The same issues apply to the >>>>>> explanatory text here.) >>>>> I've rewrote the section: >>>>> >>>>> If your protocol impacts packet handling, does it look at the packet >>>>> payload? Does it look at Is it making decisions based on the payload of >>>>> the packet? Does your protocol prioritize certain content or services >>>>> over others in the routing process ? Is the protocol transparent about >>>>> the priotization that is made (if any)? >>>>> >>>>> >>>>>> 5.3.2.1.5: "readable by humans" is not the right criterion >>>>>> here. What you need to say is that "have to be understood by >>>>>> humans." For example, DNS names are mostly readable but IDNs >>>>>> are not, depending on which form one uses. >>>>> Accepted. >>>>> >>>>>> For some protocols >>>>>> it is entirely fine still to use ascii for human-readable >>>>>> labels, if those are only seen by developers or more capable >>>>>> admins. >>>>> I would push back on this in relation to the presentation of and points >>>>> made by Ramsey Nasser that I already referenced above. >>>>> >>>>>> 5.3.2.1.6: Re-using existing identifiers (e.g. MAC addresses) >>>>>> is the more common way that (re-)identification is enabled in >>>>>> protocols. You should point that out. I think the "make ... >>>>>> transparent" point is worth splitting from the identifier issue >>>>>> too - identifiers are very common, but making filtering >>>>>> apparent is much less so, and will be missed if you bundle >>>>>> these two things together. The last two questions aren't really >>>>>> useful though and are more explanatory text then real new >>>>>> questions. >>>>>> >>>>> Changed text, but I think last two questions are still useful for context. >>>>> >>>>> >>>>>> 5.3.2.1.7: These are not useful, as phrased for IETFers. The >>>>>> only useful part here is the 2nd last question (use other >>>>>> things that are proprietary), the rest are not as they are >>>>>> already handled in IETF processes, and we do not want yet more >>>>>> bureaucracy. The explanatory material is way too long and also >>>>>> not useful for the IETF audience. The example given is an >>>>>> interesting thing, but far from a typical protocol, so >>>>>> therefore is not a good example. >>>>> Not sure about this. That this is picked up in other IETF processes >>>>> doesn't mean it shouldn't be discussed here from the human rights angle. >>>>> Else also wouldn't need to discuss security, etc. Plus I think there is >>>>> ample reference to the existing IETF procedures hear to ensure that >>>>> there is no duplication of efforts. >>>>>> 5.3.2.1.8: This entire section is useless for IETFers, except >>>>>> the last question about extensibility. The explanatory text and >>>>>> example however don't address that and are also not useful. >>>>>> >>>>> Pretty strong statement with not too much argumentation, could you >>>>> elaborate pls? >>>>> >>>>> >>>>>> 5.3.2.1.9: The question was asked already. Anonymity is not a >>>>>> useful goal in almost all IETF protocols, and if it were, it'd >>>>>> be a first order requirement (e.g. if we wrote an RFC for Tor) >>>>>> and would not be missed. Delete this section entirely. >>>>>> >>>>> I don't agree, especially since anonymity is such a concept that is both >>>>> legally and technically understood, but hard to achieve. And as you said >>>>> previously, the combination of protocols make anonymity harder, which is >>>>> actually a case to raise awareness about anonymity in all protocols. >>>>> >>>>>> 5.3.2.1.10: The emphasis here is wrong. You should be asking >>>>>> about whether the protocol generates or processes anything that >>>>>> can be, or be tightly correlated with, PII. Many protocols have >>>>>> identifiers that are perfectly safe, until the host running the >>>>>> protocol is something that a person carries with them. The >>>>>> section needs a rewrite to take that approach. >>>>> Suggested text added. >>>>> >>>>>> 5.3.2.1.11: Mixing accessibility and statefulness is wrong. >>>>>> Both are fine questions, but should not be bundled. >>>>> I think it helps if you look in the glossary for the different >>>>> definitions of accessibility, that might clarify things, or in the >>>>> explanation. >>>>> >>>>>> The >>>>>> example is bad - HTML5 is the current spec and is not that RFC. >>>>> Reference changed. >>>>> >>>>>> 5.3.2.1.12: I think this is arguably duplicative and the issue >>>>>> will (or should) be caught via other IETF processes apart from >>>>>> HR considerations. I'd delete this, though it's mostly harmless >>>>>> here. >>>>>> >>>>> I'm hesitant here (again) to remove this because this gets a different >>>>> meaning from the human rights perspective imho. >>>>> >>>>>> 5.3.2.1.13: Again, this bundles things in a counterproductive >>>>>> manner. Split the topology/architecture points from the >>>>>> discriminaton/implication ones. (Even if you think those relate >>>>>> in terms of HR, that does not mean that they ought be bundled >>>>>> together in a questionnaire.) >>>>>> >>>>> Why not? I think the explanation and example tie it together nicely. >>>>> >>>>>> 5.3.2.1.14: I don't think this belongs in the questionnaire >>>>>> either. It's covered alredy in other IETF processes, when most >>>>>> relevant, so is not useful to ask about here. >>>>>> >>>>> I'm hesitant here (again) to remove this because this gets a different >>>>> meaning from the human rights perspective imho. >>>>> >>>>>> 5.3.2.1.15: This needs to be rewritten, there are 13 questions >>>>>> in the text which is entirely pointless. I would not bother to >>>>>> try answer those. >>>>> Hmmmmm. This is not a MUST, but it helps people structure their >>>>> thinking. Granularity can help with that, especially in an issue such >>>>> problematic and little understood such as Informed Consent, etc. >>>>> >>>>>> You should just ask how confidentiality is >>>>>> supported and between what endpoints and how keying is done. >>>>>> (Or something like that, I didn't try the full re-write that is >>>>>> needed.) The re-write should also bundle this with most of the >>>>>> next two sections. (See below.) >>>>>> >>>>>> 5.3.2.1.15: The cryptographic parts of this should be merged >>>>>> into a rewritten 5.3.2.1.14. If there are non-crypto bits of >>>>>> this then those need better explanatory text as it'd not be >>>>>> relevant for most protocols. (I mean things like database >>>>>> consistency.) I'm not sure if anything would remain when this >>>>>> and the previous section were re-written.) >>>>> Having a hard time understanding this, because it are inherently >>>>> different issue from a rights perspective. Merging them would not be >>>>> helpful imho, but am happy to be convinced. >>>>> >>>>>> 5.3.2.1.17: As per 5.3.2.1.16. >>>>> I assume you think these two should be merged? I could be convinced of >>>>> that, but would that make it easier to understand? Or just for the sake >>>>> of making it shorter? I do not think this Research Draft necessarily >>>>> needs to be short because it outlines the full research. If we take this >>>>> work further we can have a closer look at usability and streamlining it >>>>> with other relevant reviews that are ongoing in the IETF, IESG, etc. >>>>> >>>>>> 5.3.2.1.18: This is entirely duplicative and should be deleted. >>>>> Agreed, removed. >>>>>> 5.3.2.1.19: I've no clue if this'd be useful to ask. Only >>>>>> testing would tell. (It might be, but I'm really not sure.) >>>>>> >>>>>> Nits/editorial... >>>>>> >>>>>> lots of places: there are too many over-long sentences that >>>>>> make this hard to read and less clear. I'd really recommend >>>>>> getting rid of as many of those as you can. The first non-quote >>>>>> paragraph of the intro is a good example. >>>>> During RG last call we'll do a full editorial review. >>>>>> intro, "the core of the Internet, its architectural design >>>>>> is..." Using "core" is a bad term there, mostly we mean >>>>>> something quite different when we talk about the Internet's >>>>>> core or similar. (And that's another assumption that there's >>>>>> one true architecture.) >>>>>> >>>>> Hmmm, not sure. Compare: >>>>> http://www.wrr.nl/fileadmin/en/publicaties/PDF-Rapporten/The_public_core_of_the_internet_Web.pdf >>>>> >>>>>> intro, "properly defined, described and protected as such" - I >>>>>> don't think "defined" is needed there, and it might not be >>>>>> correct either. >>>>>> >>>>> Why not? I think defining is always the first step to make something >>>>> tangible. Also inline with >>>>> https://business-humanrights.org/sites/default/files/media/documents/ruggie/ruggie-guiding-principles-21-mar-2011.pdf >>>>> >>>>>> intro, "New protocols, particularly those that upgrade the core >>>>>> infrastructure of the Net, should be designed to continue to >>>>>> enable fundamental human rights." I'd drop the "core >>>>>> infrastructure" bit there, it's a distraction and liable to >>>>>> generate argument about what is or is not core, e.g. BGP is >>>>>> clearly core but is not otherwise mentioned in this document, >>>>>> and maybe correctly. >>>>>> >>>>> We have thought of BGP as one of the cases actually, and it is one that >>>>> I would love to to. >>>>> >>>>> I do think it makes sense to put in some prioritization of human rights >>>>> impacts assessments in here though. I don't think core or non-core needs >>>>> to be binary as well. Some things are simply bound to be used more and >>>>> thus can have a bigger potential impact. >>>>> >>>>>> intro, "The authors believe that the issues that have been >>>>>> raised by the reviewers have been addressed." Sorry to be >>>>>> raising more:-) >>>>> That should have been taken care of now ;) >>>>> >>>>>> section 2: I think some better formatting is needed here to >>>>>> distinguish the terms defined from the text, which in some >>>>>> cases is fairly long. Just add bullets or quoting or something. >>>>> But this is the standard glossary approach, right? Will take this up (in >>>>> due time) with the RFC editor who probably has some good ideas about this. >>>>> >>>>>> 2: "In the discussion of human rights and Internet architecture >>>>>> concepts developed in computer science, networking, law, >>>>>> policy-making and advocacy are coming together" Sorry, what is >>>>>> coming together in what discussion(s)? Too many commas there to >>>>>> be sure I think. (BTW, "architecture concepts" may well be an >>>>>> ok use of that word:-) >>>>>> >>>>> Concepts developed in different fields come together. >>>>> >>>>>> 2, "censorship resistance" does not "prevent" censorship, I'd >>>>>> say mitigate is better than prevent. >>>>> Accepted >>>>> >>>>>> 2, "confidentiality" - why not refer to 4949 there? >>>>>> >>>>> Done >>>>> >>>>>> 2, "debugging" - the term debug is not used in the draft, why >>>>>> do you need the definition? >>>>> Tossed. >>>>> >>>>>> 2, "decentralized" - why is "opportunity for" needed in this >>>>>> definition? I don't get that. >>>>> Tossed. >>>>>> 2, "technical this means..." needs fixing. >>>>>> >>>>> Fixed. >>>>> >>>>>> 2, "Heterogenity" typo >>>>> Fixed >>>>> >>>>>> 2, "autonomous organizations" do you mean ASes? If so, say so. >>>>>> If not, better to avoid the word autonomous here. >>>>>> >>>>> Changed autonomous with independent. >>>>> >>>>>> 2, "integrity" - why not refer to 4949? >>>>> Added. >>>>> >>>>>> 2, "Inter-operable" is normally not hyphenated in the IETF >>>>>> >>>>> Fixed >>>>> >>>>>> 2, i18n - funny line breaks there make that hard to read >>>>> Fixed >>>>> >>>>>> 2, l10n - you don't actually use that abbreviation so why >>>>>> define it? >>>>>> >>>>> Because many people use it, so it might provide some clarity. Don't >>>>> think it hurts. >>>>> >>>>>> 2, "The combination of the end-to-end principle, >>>>>> interoperability, resilience, reliability and robustness are >>>>>> the enableing factors that result in on the Internet. " That >>>>>> (non-)sentence needs fixing. I don't even know what you want to >>>>>> say tbh. >>>>>> >>>>> Fixed: The combination of the end-to-end principle, interoperability, >>>>> resilience, reliability and robustness are the enableing factors that >>>>> result in connectivity to and on the Internet. >>>>> >>>>>> section 3: I think this short section is missing text to the >>>>>> effect that you think the answer to question 2 is yes. >>>>> But it would be weird to answer that question here, right? That is what >>>>> we're doing in the rest of the document. >>>>> >>>>>> section 4: you say "five clear positions" but they are not >>>>>> clearly delineated in the document. I'd suggest using some >>>>>> headings or some other way to make these more distinct in the >>>>>> document. >>>>> Hmm, it's one position per para, and in it even mentioned which number >>>>> they are. >>>>> >>>>>> 4: "embedded into the Internet's architecture" (top of p13) has >>>>>> another claim that there's one true Internet architecture. You >>>>>> could change this one to be the set of protocols defined by the >>>>>> IETF or something similar. >>>>> The conception of Internet architecture of the authors is broader than that. >>>>> >>>>>> 4: " As it stems from the issues as they arise in the field of >>>>>> technical engineering." That's not a sentence. >>>>> I also don't think it adds much, so it's removed. >>>>> >>>>>> 5: "step taken by the research group" that's ambiguous - I >>>>>> think you mean the set of authors and their research groups at >>>>>> home and not the HRPC, which I don't think collectively read >>>>>> all the RFCs you mean. (I think it's fine to say that the >>>>>> authors were the one who did the work, if that's what you >>>>>> mean.) >>>>> I made it: authors and contributors >>>>> >>>>>> 5.1: This section duplicates the intro to section 5. Is there a >>>>>> new point being made? >>>>> Yeah - methodology and datasources are inherently different parts that >>>>> both need to be justified afaik. Mixing them up would just be messy. >>>>> >>>>>> 5.2: "(detailed under "2.vocabulary used")" do you mean section >>>>>> 2 there? Saying "Section 2" with the right xml2rfc incantation >>>>>> will cause the tools rendering to make that a link, which'd be >>>>>> nice. >>>>> I think that should also be working now. >>>>> >>>>>> 5.2.1.1: "was assembly" typo. >>>>> Fixed. >>>>> >>>>>> 5.2.1.5: figures are better numbered and with captions. >>>>> Done >>>>> >>>>>> 5.2.2.1: I guess there's a heading level bug here in the >>>>>> document sounce? >>>>> Fixed. >>>>> >>>>>> 5.2.3.1: "ability for those hosts to assemble or to >>>>>> consensually express themselves" huh? When/how do hosts >>>>>> assemble or do things consensually? Confusing people and hosts >>>>>> like that is odd. >>>>> Fixed. >>>>> >>>>>> 5.2.3.2: Why refer to spdy and not h2? And is that even a good >>>>>> reference? The 4906 reference also puzzled me. (Even more:-) >>>>> That was removed, but we might introduce it in another for again later on. >>>>> >>>>>> 5.2.5: Why "because of it's simple design"? I'd have thought it >>>>>> was more complicated than that and that a combination of HTTP, >>>>>> HTML, open-source browsers and web servers and cool content was >>>>>> involved. >>>>> Rewrote into: Its simple design strongly contributed to the fact that >>>>> HTTP...... >>>>> >>>>>> 5.2.5: TLS and SSL could do with references. >>>>> Added >>>>> >>>>>> 5.2.5: Gen-ART? Huh? That's wrong. Gen-ART are fine people but >>>>>> they don't do what you say they do any more than any other set >>>>>> of IETFers. Are you confusing them with the IAB statement on >>>>>> encryption perhaps? Otherwise that is quite the puzzle for >>>>>> me:-) >>>>> Removed >>>>>> 5.2.5.1: What does "of the first" mean? "From the start"? >>>>>> >>>>> Dutchism - Fixed by changeing it into: >>>>> >>>>> E-mail providers such as riseup.net were the first ones to enable SSL by >>>>> default. >>>>> >>>>>> 5.2.5.1: "have been corrected in TLS1.3" is in the wrong tense >>>>>> - "are being corrected" is correct. >>>>> Fixed >>>>> >>>>>> 5.2.5.1: TEMPORA, XKEYSCORE etc need references. Those can get >>>>>> hard to find later, at least good references can be hard to >>>>>> find. >>>>> Added. >>>>> >>>>>> 5.2.6.1: I assume the URLs [1] and [2] don't need to be there >>>>>> and are xml2rfc artefacts to be fixed. Also, you should use >>>>>> example.com and example.net as per the usual way of handling >>>>>> examples in RFCs. >>>>> Will take this up with the RFC editor in due time. >>>>> >>>>>> 5.2.7: "often seen" - by whom? I'm not sure that IETFers would >>>>>> share that opinion, so better to say who you do mean. "remains >>>>>> critical" is also overstated. >>>>> "regularly described" and "remains imporant" >>>>>> 5.2.7.1: "directed directly" typo >>>>> changed into: aimed directly >>>>> >>>>>> 5.2.7.2: "throtteling" typo >>>>> Fixed >>>>> >>>>>> 5.2.7.5: Why does only this section have a conclusions >>>>>> subsction? I'd say be consistent. >>>>> Heading tossed. >>>>> >>>>>> 5.2.8.1: you could lose the heading here (consistency again:-) >>>>>> >>>>> Heading tossed. >>>>> >>>>>> 5.2.8.1: some VPNs (but not the ones you care about) are not >>>>>> point-to-point. >>>>> Fixed with: >>>>> The Virtual Private Networks (VPN) that are being discussed here are >>>>> point-to-point connections that enables two computers to communicate >>>>> over an encrypted tunnel. >>>>> >>>>>> 5.2.8.1: "There are multiple implementations and protocols used >>>>>> in provisioning a VPN" do you really mean provisioning a VPN >>>>>> there? That'd mean something else for some IETFers. I think you >>>>>> mean setting up a personal VPN for a single user but not quite >>>>>> sure. >>>>> Fixed with: "There are multiple implementations and protocols used in >>>>> the deployment of VPNs," >>>>> >>>>>> 5.2.8.5: The URL for [PET2015VPN] didn't work for me. I found >>>>>> the paper elsewhere though. >>>>>> >>>>> Works fine for me. >>>>> >>>>>> 5.2.8.7: This bit seems fairly repetitive, other than the >>>>>> timing/correlation issues. You could maybe say that more >>>>>> briefly. >>>>> Tossed the first two sentences. >>>>>> 5.2.10: The URL for [Walfish] doesn't point at the named paper >>>>>> - what's up there? >>>>> Fixed - but then we removed the whole section :) >>>>> >>>>>> 5.2.11 (and elsewhere): "Many individuals, not excluding IETF >>>>>> engineers, have argued..." I hate constructs like that that >>>>>> assert that somebody somewhere (unnamed) thinks/says something. >>>>>> I don't see why any such assertions (of rumour basically) ought >>>>>> be in the RFC series. There are other examples of this >>>>>> construct in the draft. >>>>>> >>>>> It has been argued on the list. Would you prefer a link to the list >>>>> email? I think this a quite broadly shared opinion, so I don't really >>>>> think it's problematic. >>>>> >>>>>> 5.2.11: Not all DoS attacks flood with traffic. Some might >>>>>> consume CPU cycles, in future some will consume limited power, >>>>>> and could be used in a DDoS. I don't think it's useful here >>>>>> (for the IETF audience) to define 3 types of DDoS attack. >>>>>> >>>>> Fixed: >>>>> >>>>> Technically DDoS attacks are when one or multiple host overload the >>>>> bandwidth or resources of another host by flooding it with traffic or >>>>> making resource intensive requests, >>>>> >>>>> Re: Definition: why not? >>>>> >>>>>> 5.3: "Having established how..." I don't think you established >>>>>> the "how." It'd be fair to do s/how/that/ though. (Twice.) That >>>>>> sentence is also overlong. Also "... by detailing how..." is >>>>>> similarly not correct. >>>>>> >>>>> In the previous steps we have established that human rights relate to >>>>> standards and protocols and offered a common vocabulary of technical >>>>> concepts that impact human rights and how these technical concept can be >>>>> combined to ensure that the Internet remains an enabling environment for >>>>> human rights. With this the contours of a model for developing human >>>>> rights protocol considerations has taken shape. This subsection provides >>>>> the last step by detailing how specific technical concepts identified >>>>> above relate to human rights, and what questions engineers should ask >>>>> themselves when developing or improving protocols. In short, it presents >>>>> a set of human rights protocol considerations. >>>>> >>>>>> 5.3.1: 1st para is repetitive. Delete it. >>>>>> >>>>> I feel like some concrete cases here bring the focus back to the >>>>> questionnaire. >>>>> >>>>>> 5.3.1: The term "ICTs" isn't common in the IETF community. I'd >>>>>> say rephrase stuff to not use that. >>>>> But it is used in the slides of Bless and Orwat, that's why it's there. >>>>> >>>>>> 5.3.2.x.y: Having such deep levels of TOC makes life harder for >>>>>> readers and those commenting and later using this. Flatten it >>>>>> tall out. Or, do you even need the 5.3.2.x.y headings at all? >>>>>> (Some of the section titles don't map that well to the >>>>>> content.) >>>>> What doesn't map out? I think the numbers have been extremely handy in >>>>> reviewing. If people share this opinion I can remove them at the end of >>>>> Research Group Last Call >>>>>> 5.3.2.1.1: s/e2e principle/e2e argument/ again:-) >>>>>> >>>>> We cut the discussion up in the doc, but here it makes sense I'd say, >>>>> because it can concretely impact human rights. >>>>> >>>>> >>>>>> 5.3.2.1.1: the communication content would be concealed, not >>>>>> the act of communication >>>>> Fixed. >>>>> >>>>>> 5.3.2.x.y: It'd be a very good idea to add an appendix that >>>>>> lists the questionnaire questions only (with those being >>>>>> numbered). That way, people who want to do this analysis can >>>>>> just use that part (at least the 2nd time). If doing that, >>>>>> please ensure each question also has an unique number/label in >>>>>> the body of the document too, so that folks can find/correlate >>>>>> things. >>>>> I would prefer doing this in another document once this one is done. >>>>> >>>>>> 5.3.2.1.4: The last para of explanatory material should not >>>>>> re-define COMSEC etc. Just point people at RFC3552/BCP72. (But >>>>>> as BCP72.) The global adversary is also not purely passive, I'd >>>>>> lose that phrase. >>>>> Done. >>>>> >>>>>> 5.3.2.1.5: "many protocols" is not usefully true I think. >>>>> Maybe you should take up that problem with >>>>> https://tools.ietf.org/html/rfc2277#section-2 ;) >>>>>> 10.2: delete this. >>>>>> >>>>> Done! >>>>> >>>>> Thanks again! >>>>> >>>>> Corinne & Niels >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> hrpc mailing list >>>>> hrpc@irtf.org >>>>> https://www.irtf.org/mailman/listinfo/hrpc >>>> -- >>>> Mallory Knodel >>>> Association for Progressive Communications :: apc.org <https://apc.org> >>>> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780 >>>> >>>> >>>> _______________________________________________ >>>> hrpc mailing list >>>> hrpc@irtf.org >>>> https://www.irtf.org/mailman/listinfo/hrpc >>>> >>> >>> _______________________________________________ >>> hrpc mailing list >>> hrpc@irtf.org >>> https://www.irtf.org/mailman/listinfo/hrpc >> -- >> Mallory Knodel >> Association for Progressive Communications :: apc.org <https://apc.org> >> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780 >> >> >> _______________________________________________ >> hrpc mailing list >> hrpc@irtf.org >> https://www.irtf.org/mailman/listinfo/hrpc >> > > > _______________________________________________ > hrpc mailing list > hrpc@irtf.org > https://www.irtf.org/mailman/listinfo/hrpc -- Mallory Knodel Association for Progressive Communications :: apc.org <https://apc.org> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
- [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 avri doria
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 avri doria
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Joseph Lorenzo Hall
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Corinne Cath
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Joseph Lorenzo Hall
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Harry Halpin
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever