Re: [hrpc] Fwd: [] New paper from IGP on Standards and Human Rights
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 01 December 2020 23:13 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 993713A0BD7 for <hrpc@ietfa.amsl.com>; Tue, 1 Dec 2020 15:13:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FW8Buq_NFlmH for <hrpc@ietfa.amsl.com>; Tue, 1 Dec 2020 15:13:20 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD413A0B26 for <hrpc@irtf.org>; Tue, 1 Dec 2020 15:13:19 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C8560BE47; Tue, 1 Dec 2020 23:13:16 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNqewQ2wf_Ck; Tue, 1 Dec 2020 23:13:13 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 978B7BE1C; Tue, 1 Dec 2020 23:13:13 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1606864393; bh=CAIj+Vzu5/Ic6XjanGc328KDL+u8lDNrkIKS00abkUI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=zTIGRoicoKd6jN/JQQTu4SGGbP65yzyGBoJ3/9KqYpKF6FDhEEtTcwB/aKlyEeGbe 3xfibnPfKVz7CN3o9qKFe92PkVSDdQV2s/0Pzl1srkw2iflsadSA0zLIHLt9b9Pjf7 hhXjsYvEv2dEMig02ltRaI6trhH3iWji1EPono+o=
To: avri@acm.org, hrpc@irtf.org
References: <BN6PR07MB28654E467D074EAD7E5A154BA1FC0@BN6PR07MB2865.namprd07.prod.outlook.com> <dc94bc83-5e05-8ecb-696a-63799874f5db@acm.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <404e48b9-08d6-1df1-15bb-a22234bf5133@cs.tcd.ie>
Date: Tue, 01 Dec 2020 23:13:12 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <dc94bc83-5e05-8ecb-696a-63799874f5db@acm.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="2R8AwJFNi5RS8xTdMXUJUNyhKG4YCDU18"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/EHMkpgTLMfrPjjfQT_ZzMLYXUdY>
Subject: Re: [hrpc] Fwd: [] New paper from IGP on Standards and Human Rights
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 23:13:30 -0000
Hiya, On 01/12/2020 19:37, avri doria wrote: > Hi, > > Possibly interesting to some. Had a read. I think it's wrong as to the motivations for TLS1.3 - Snowdonia was IMO only one of those, we had had a long series of documented attacks on TLS so TLS1.3 probably would've happened anyway because of those and the potential RTT improvements. It also ignores the role of academic cryptographers in the process of developing TLS1.3 - their proofs and formal methods and the tools they had for producing those lead to some of the design choices rather than any political anything. There's also a few minor factual errors in the dramatis personnae, and some omissions of relevant players. I suspect those may have been driven by the tools that we have available for re-constructing working group histories post-facto, as talking to people involved in the process should have avoided those. The errors really are minor and of no real impact, but if they are down to the methodology used by the authors, but not described, that's a bit more of interest. I've no opinion as to whether the history backs any of the three theoretical explanatory frameworks or not, but the paper's interesting as an example of a reasonable but imperfect reconstruction of what happened. Cheers, S. > > avri > > > > -------- Forwarded Message -------- > > IGP releases a new research paper on the politics of the new Transport > Layer Security standard: Standardizing Security: Surveillance, Human > Rights, and TLS 1.3. > > > > Standardizing Security develops a conceptual framework for understanding > the relationship between technical standards and political/social > effects. We identify three distinct ways of understanding this > relationship: 1) by examining the interest groups who shaped the > standard, which we call the Political Economy of Standardization (PES); > 2) by focusing on the Societal Effects of Standards (SES) which refers > to cumulative effects of adoption and implementation decisions over > time; and 3) the idea that politics and rights are embedded in the > standard; i.e., that Protocols Have Politics (PHP). We then perform a > detailed analysis of the controversies around the design, adoption and > implementation of TLS 1.3. > > > > We find that the PHP approach had limited explanatory value compared to > the PES and SES approaches. TLS 1.3 does in fact strengthen privacy – > and technical efficiency – if adopted and implemented as intended. But > the design of TLS 1.3’s stronger confidentiality measures met with > resistance from corporate network operators who wanted more visibility > into their internal networks and some governmental interests, leading to > the development of an alternate standard by ETSI. There are also > technical measures that can be deployed to undermine perfect forward > secrecy. Additionally, authoritarian governments are now taking measures > to block use of the new protocol. TLS 1.3 was an improvement, but its > effects were limited. > > > > By conveying the idea that political, economic and social effects can be > hard coded into protocol designs, the protocols-have-politics view > short-circuits careful analysis of the way standards contribute to > governance. It also drastically overstates the role of protocol design > in internet governance. Rights advocates and internet governance > participants need to have more realistic ideas about what measures > advance human rights on the internet. > > > > Download the paper here: > https://www.internetgovernance.org/wp-content/uploads/StandardizingSecurity-TLS.pdf > <https://www.internetgovernance.org/wp-content/uploads/StandardizingSecurity-TLS.pdf> > > > > > Dr. Milton L Mueller > > Georgia Institute of Technology > > School of Public Policy > > IGP_logo_gold block > > > > _______________________________________________ > hrpc mailing list > hrpc@irtf.org > https://www.irtf.org/mailman/listinfo/hrpc >
- [hrpc] Fwd: [] New paper from IGP on Standards an… avri doria
- Re: [hrpc] Fwd: [] New paper from IGP on Standard… Stephen Farrell
- Re: [hrpc] Fwd: [] New paper from IGP on Standard… Corinne Cath