IETF Logo Mail Archive

Re: [hrpc] I-D Action: draft-irtf-hrpc-political-05.txt

Eric Rescorla <ekr@rtfm.com> Mon, 23 September 2019 16:47 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34D141200CC for <hrpc@ietfa.amsl.com>; Mon, 23 Sep 2019 09:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qG-spA3abFUy for <hrpc@ietfa.amsl.com>; Mon, 23 Sep 2019 09:47:25 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85F8D1208E3 for <hrpc@irtf.org>; Mon, 23 Sep 2019 09:47:22 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id m7so14421017lji.2 for <hrpc@irtf.org>; Mon, 23 Sep 2019 09:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=j0Gmyipas0MJdFhBChf9hrdQwqirUTEgjv4rm99nTCA=; b=GBmQdCfcfwU4vqhdwnEuwA2zvvxjQhvkXCN6q0S8vuMdg7ADjODgeA7LInmcHvMlxG f4HUktw1B/uThxGG0mbhjWYzr2xWbUY7VaQsbkPC+EIG76ajBm1zklO3JcP7cQuSIlSW AKa4ZVRLe+3kdOXJ9g89FBfEb4k4ZPlmCJ4dm+B5NozXXLcfIVvPbeWRf0BJqYzm0rT7 tt6bVv0eAHMseKz8y70aEftJt4DcEgtWRUktNKAPIF8Ggr6Fyv8upJEY8iOd/6gGeust O01E46KN4lzp/k00K+yhYxl2PIkcByBrZITiu3CrKRVETRkU8vllIsICJH7aZKC9qmlW cp9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=j0Gmyipas0MJdFhBChf9hrdQwqirUTEgjv4rm99nTCA=; b=jVQoPaRFYHvGMJNQwOnTioXWkO05r8h9UJjE9y08OWgjfrev6TuRwYQiSIGikBwbbh p9Q6ppniItneb0WVLij3pk5uVxkhu6ObhRYbSbBC6RdX6xER0NnKtcuDZ+W6ETmMghJc U4RteR0IBclK2Qjdt5CGfSPIQ2DoTJ0aVNgmHfsrf3w/8zxaD6EztLvYZggZLHoAVTpW ZiQZWJefwN/lCS6PWNG5whx06Wkw+HBitx0htNvgXCtUIrWM3omBKzUOReX0fZ8HNR5A Z8dLCebQPgMoX6BLCOc9ERRtWVVtHoXmRixOW6a0I0LWIpwpLPibiKISv0FPL5D/HE+N zXEw==
X-Gm-Message-State: APjAAAW+dMJKJ9/BCGGxt1BgxgsOShbj2cmksMnbTMgjn4wMlalMdKEi LtsOc7CQrZXBIMxzeiRFHIV4wDt+Bx0CLlBm4le7yw==
X-Google-Smtp-Source: APXvYqxNE+xgVim+IkjwpDopEMmBLvNrMppUl5DwUz0acaQ4D9no5Y27o+m8Xr4xtuKuhCE5eWjVEIQfkFIYUC9dCWM=
X-Received: by 2002:a2e:8ec1:: with SMTP id e1mr231231ljl.14.1569257240633; Mon, 23 Sep 2019 09:47:20 -0700 (PDT)
MIME-Version: 1.0
References: <156882005427.4606.6393818361687491816@ietfa.amsl.com> <a5361cda-994c-27ad-adf7-0aa06d61a8a2@nielstenoever.net> <20190920183918.d7mpxb4jyulfqqwj@anvilwalrusden.com> <CABcZeBPK8h8Bn-vhr6vq9_K9jUAE-ry5iZhLLiwjd15gpEuwHQ@mail.gmail.com> <28d4faab-cb89-34bd-d8bc-525aab96ab66@nielstenoever.net> <CABcZeBPCEiAxksRz6HnErN=eJDho+WYGg28No1YzOZEL1GjYMA@mail.gmail.com> <793367e8-7151-354e-04ca-b472760c6af7@nielstenoever.net>
In-Reply-To: <793367e8-7151-354e-04ca-b472760c6af7@nielstenoever.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 23 Sep 2019 09:46:43 -0700
Message-ID: <CABcZeBMT8JC_EQ0zd7nhjnTvPJY0szw+7kY8y=siD32f9vdT7Q@mail.gmail.com>
To: Niels ten Oever <mail@nielstenoever.net>
Cc: hrpc@irtf.org
Content-Type: multipart/alternative; boundary="00000000000063bec505933b2c76"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/IvmfmPC7y599L1iSI_tUhqpLs78>
Subject: Re: [hrpc] I-D Action: draft-irtf-hrpc-political-05.txt
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 16:47:28 -0000

Hi Niels,

I think we're sort of talking past each other, so I'm going
to focus on one point, namely the purpose of this document.

Based on this discussion, you seem to be arguing that the
purpose is to *demonstrate* the political nature of protocols
and standards:

> >> > I certainly agree that they "can be used"
> >> > for political means, though any "can" statement is pretty weak.
> >> >
> >>
> >> If we can document *that*, we would have made a lot of progress in
> >> the IETF imho.
> >
> > I don't know anyone disagrees with that.
>
> Great. But I meet them at every IETF meeting, and it is brought up
> very regularly in discussion.


However, the draft just asserts that there is agreement on this:

   development process and its outputs, it is generally agreed that
   standards and protocols are both products of a political process, and
   they can also be used for political means.  Therefore protocols and

So, which is it, generally agreed or regularly contested?


In any case, if the point is to demonstrate that protocols
can be derived from politically derived processes and that
they can be used politically, then IMO you are going about
it entirely the wrong way, which is by using a very expansive
(and not really that familiar to the people here) definition
political and then making a strong claim which forces you
to defend cases that people think are questionable (e.g.,
NTP or SSLv2).

To the extent to which there is debate about the claims
that protocols *can* be politically derived and *can* be
deployed in political ways, the way to go about demonstrating
that is to focus on the easy cases that are clearly political
(I've named a number in this discussion). That doesn't require
going and mining the literature you are citing here, but rather
requires engaging with the history and use of these protocols.

-Ekr

On Mon, Sep 23, 2019 at 2:32 AM Niels ten Oever <mail@nielstenoever.net>
wrote:

>
>
> On 9/21/19 4:13 PM, Eric Rescorla wrote:
> >> Niels ten Oever via ietf.org <http://ietf.org>
> >>
> >> 6:10 AM (48 minutes ago)
> >>
> >> to hrpc
> >>
> >>
> >> On 9/21/19 3:32 AM, Eric Rescorla wrote:
> >> >    Whereas there might not be agreement among the Internet protocol
> >> >    community on the specific political nature of the technological
> >> >    development process and its outputs, it is generally agreed that
> >> >    standards and protocols are both products of a political process,
> and
> >> >    they can also be used for political means.
> >> >
> >> > I would like to register my agrement with Andrew and focus in on this
> >> > one point: there are many protocols (in fact, by count probably most
> >> > protocols) which are just designed by proprietary organizations.  It's
> >> > not clear on what basis you are claiming that they are the output of
> >> > political processes and this certainly doesn't seem like something
> >> > that's generally agreed.
> >>
> >> Aren't proprietary standards, and the way they make it possible and
> >> impossible to do certain things, a prime example of a political
> >> process and political impact?
> >
> > Well, I don't think without stretching the term "political" outside
> > of the point where saying something is political is trivial, no,
> > I don't think so.
> >
> > Again, let's take the example of SSL, which was designed by Netscape
> > for its own market purposes and became a de facto standard because
> > Netscape had the dominant browser and people wanted to interoperate
> > with it. What's poltical about that process?
> >
> >
>
> There are several political aspects about this, we had for instance text
> in a previous version that read about dominance and de facto standards:
>
>    Within economy studies, _de facto_ standards arise in market
>    situations where one entity is particularly dominant; downstream
>    competitors are therefore tied to the dominant entity's technological
>    solutions [Ahlborn].  Under EU anti-trust law, _de facto_ standards
>    have been found to restrict competition for downstream services in PC
>    software products [CJEU2007], as well as downstream services
>    dependent on health information [CJEU2004].
>
> Another interesting aspect that SSL introduced were of course certificate
> authorities, that served as trust anchors, which is ultimately defining
> trusted authorities.
>
> SSLv2 was introduced as open standard (while v1 was not), which of course
> was also quite a change, I reckon I don't need to elaborate on the politics
> of licensing in this audience.
>
> >
> >> > I certainly agree that they "can be used"
> >> > for political means, though any "can" statement is pretty weak.
> >> >
> >>
> >> If we can document *that*, we would have made a lot of progress in
> >> the IETF imho.
> >
> > I don't know anyone disagrees with that.
>
> Great. But I meet them at every IETF meeting, and it is brought up very
> regularly in discussion.
>
> > But in any case, demonstrating
> > that doesn't require hauling in the theoretical apparatus you
> > are trying to deploy here, but rather requires *history*. I.e.,
> > demonstrate that the process of developing some set of standards
> > involved the political process of balancing the objectives of
> > the various stakeholders, finding compromise, etc. Given that
> > every IETF standards development process I have ever been involved in
> > has had some of this, that doesn't seem hard. As a non-IETF example
> > "The Box", a history of the shipping container, has a nice description
> > of the standardization of that technology.
> > >
> >> > This is even true at some level for many standards, especially
> >> > because your definition of "standard" is so expansive:
> >> >
> >> >    Standards  'A standard is an agreed-upon way of doing something or
> >> >       measuring something.'  [Sisson]
> >> >
> >> > By this definition I think it would be pretty hard to argue that
> >> > SSLv2,  and SSLv3 weren't standards given their wide use, even
> >> > though they were just designed by people at one company.
> >>
> >> I don't see how that definition would make that impossible.
> >
> > I'm not sure I understand your response here. Are you saying that
> > protocols defined by one company and that then achieve wide use
> > are standards, or they are not?
> >
>
> SSLv2 and SSLv3 were standards because people agreed that they were the
> standard? For something to be a standard it does not need to be a formal
> process to accept them as such.
>
> >> > Another
> >> > example would be the Philips screwdriver head. What's the political
> >> > process that produced these?
> >> >
> >> >
> >>
> >> The patenting of process by Henry F. Philips, the regimes under
> >> which is was patented, its competition with other screw heads (torx,
> >> etc). There is an enormous amount of politics, and societal ordering
> >> connected with screws.
> >
> > Again, this just seems to serve to make the definition of "political"
> > meaningless. By this definition, what human commercial activity
> > would *not* be political, as it all occurs against a political
> > backdrop.
> >
>
> A transaction can be political, but of course does not need to be.
> (Trans)action, such as standards, that change the market, are political
> activities.
>
>
> >
> >> > More generally, it seems like depending on how one interprets the
> >> > major claims in this document, they are either too strong (all
> >> > protocol and standards development is political)
> >>
> >> Why is that too strong?
> >
> > For the reasons I indicated above: I don't think the development
> > of many protocols, especially the small ones which get use internally
> > as in, for instance, mobile apps, is generally political, And sometimes
> > becoome standards and that's not necessarily political either.
> >
> >
> >> > or trivial (some
> >> > protocol and standards development is political). The first is too
> >> > strong for the reasons I indicate above,
> >>
> >> I don't think so, but I am happy to discuss.
> >>
> >> and the second seems pretty
> >> > obvious and doesn't really need much theorizing;
> >>
> >> As said, I think it would be very useful if we would document this,
> >> so we don't need to repeat the discussion.
> >
> > Well, I'm not sure it matters if we repeat this discussion or
> > even come to a conclusion on it. What's at stake in the answer?
> >
> > But, again, if you want to demonstrate that standards development
> > can be political -- which, as I said, is a rather weak claim --
> > then I would discard this document and instead focus on documenting
> > the history of the development of some protocols that was clealr
> > political.
> >
> >
>
> As you know, what this draft meant to do, is to document a discussion so
> it doesn't need to be repeated in the study of every different protocol.
>
> We could paste in a lot of examples here, for instance some of the review
> of the human rights review team. But the discussion in 4.5 might be enough?
>
> >>
> >> > one needs just point
> >> > to the development of some protocol which was a political process, and
> >> > it seems like that's been pretty amply documented for a number of
> >> > protocols/standards (e.g., HTTP/2 or TLS 1.0).
> >> >
> >> > As I noted above, the claim that protocols can be used for political
> >> > means also seems relatively obvious (cf. Tor).
> >>
> >> I am happy to conclude that we agree on the two statements:
> >>
> >> - some protocol and standards development is political
> >>
> >> and
> >>
> >> - protocols can be used for political means
> >
> > Well, I don't think this document demonstrates that, it's just
> > conclusory.  To the extent to which we think these statements are
> > actually in debate and need demonstrating, then I would, as I said,
> > focus on demonstrating them with reference to actual standards
> > rather than by referring to other people's views about these
> > statements. I would think 3-5 of each of these should be sufficient
> > (though of course logically one alone is sufficient to prove
> > existence, but several is more convincing)
> >
>
> Again, the document seeks to document existing positions in the community
> and provide background in existing literature on the topic, that could then
> be a platform for further work.
>
> For instance on specific drafts, and or specific tendencies (based on case
> studies, quantitative models, etc).
>
> Best,
>
> Niels
>
>
>
>
>
> >
> >> That's progress for me in this discussion. Now let's see if we can
> >> further flesh out:
> >>
> >> - all protocol and standards development is political
> >
> > I think what would help at this point that would be for you to
> > describe some commercial activities that you think are *not*
> > political.
> >
> > -Ekr
> >
> >
>
> --
> Niels ten Oever
> Researcher and PhD Candidate
> DATACTIVE Research Group
> University of Amsterdam
>
> PGP fingerprint    2458 0B70 5C4A FD8A 9488
>                    643A 0ED8 3F3A 468A C8B3
>

v2.23.0 | Report a Bug | By Email