Re: [hrpc] review of draft-irtf-hrpc-research-00
Mallory Knodel <mallory@apc.org> Mon, 10 October 2016 10:18 UTC
Return-Path: <mallory@apc.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E241294DF for <hrpc@ietfa.amsl.com>; Mon, 10 Oct 2016 03:18:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.194
X-Spam-Level:
X-Spam-Status: No, score=-7.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltzCROO8fPEA for <hrpc@ietfa.amsl.com>; Mon, 10 Oct 2016 03:18:01 -0700 (PDT)
Received: from mail.gn.apc.org (mail.gn.apc.org [37.220.108.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58B7129483 for <hrpc@irtf.org>; Mon, 10 Oct 2016 03:18:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.gn.apc.org (Postfix) with ESMTP id 74ECB201926D for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:17:59 +0100 (BST)
X-Virus-Scanned: by amavisd-new at mail.gn.apc.org
Received: from mail.gn.apc.org ([127.0.0.1]) by localhost (mail.gn.apc.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fkQpQ0nA1w6r for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:17:54 +0100 (BST)
Received: from anonymous ([10.254.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mallory) by mail.gn.apc.org (Postfix) with ESMTPSA id 78D45201877B for <hrpc@irtf.org>; Mon, 10 Oct 2016 11:17:52 +0100 (BST)
To: hrpc@irtf.org
References: <d8517d0e-ea0e-305f-b478-953282ade5e1@cs.tcd.ie> <bfbdfaa0-390e-be4a-c747-985ed4796f15@article19.org> <57FB42CF.5010008@apc.org> <626501bd-3ce5-fd9a-e6f9-3a911584b953@article19.org>
From: Mallory Knodel <mallory@apc.org>
Message-ID: <57FB6ACF.6010902@apc.org>
Date: Mon, 10 Oct 2016 13:17:51 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0
MIME-Version: 1.0
In-Reply-To: <626501bd-3ce5-fd9a-e6f9-3a911584b953@article19.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="qgKIL27dJuhghaUre4utD8HlobPk0pJik"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/OR_ZAPpl-oi9pWpJ5IOgzKsL8d8>
Subject: Re: [hrpc] review of draft-irtf-hrpc-research-00
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "niels@article19.org" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 10:18:13 -0000
Great, Niels, I'll continue to send my edits via pull requests. At the moment, I'm working on a fork via the apcorg Github user. -Mallory On 10/10/16 12:24 PM, Niels ten Oever wrote: > Hi Mallory, > > Reviews and proposed edits (in the form of suggestions here on the list > and/or as pull request), are very welcome! > > If you want to focus on the abstract and the introduction that would be > great, but of course feel free to look at other sections as well. > > The latest version can always be found here: > > https://github.com/nllz/IRTF-HRPC/blob/master/draft-research.md > > Which is currently the same as: > > https://tools.ietf.org/html/draft-irtf-hrpc-research-01 > > Best, > > Niels > > Niels ten Oever > Head of Digital > > Article 19 > www.article19.org > > PGP fingerprint 8D9F C567 BEE4 A431 56C4 > 678B 08B5 A0F2 636D 68E9 > > On 10/10/2016 09:27 AM, Mallory Knodel wrote: >> Hi all >> >> I have started to edit via git but perhaps that's no longer helpful at >> this stage? I was focussed on the abstract and introductions as those, >> at a minimum, should have strong logical arguments that draw the reader >> into the longer paper. >> >> I also fully agree with Stephen about the DDoS section and if nothing >> else would be happy to proceed with working on this. >> >> However, fully aware that work needs to progress and without having been >> able to comment up to now I'd like feedback on where in the text my >> edits could be most useful. >> >> -Mallory >> >> On 09/10/16 07:31 PM, Niels ten Oever wrote: >>> Hi Stephen, >>> >>> Thanks so much for this extremely thorough review. We've responded to >>> all your comments and offered some solutions or at least some arguments >>> why we did not think it was a problem. Responses inline, and a new >>> version can be found here: >>> >>> https://tools.ietf.org/html/draft-irtf-hrpc-research-01 >>> >>> On 09/22/2016 02:33 PM, Stephen Farrell wrote: >>>> Hiya, >>>> >>>> I spent a bit of time reviewing this finally. >>> We also spent a bit of time coming up with a reply, sorry if it took >>> longer than expected (and announced). >>> >>>> Overall, I think this is a fine piece of work and I look >>>> forward to it becoming an RFC. I don't think it's nearly ready >>>> yet though, there's a lot to fix. (But see #1 below for a >>>> suggested short-cut.) >>>> >>>> Cheers, >>>> S. >>>> >>>> General, and, I think, important to handle... >>>> >>>> (1) What kind of consensus are we aiming for here? >>>> >>>> I'm not sure if this would be better off aiming to be a >>>> document that has RG consensus or not. There's a lot of fine >>>> text here, but there's also quite a few instances of text for >>>> which I think it may be quite hard to establish RG consensus, >>>> and where that may take some time and draft iterations. >>>> (You'll see some examples in my specific conments.) Clearly, >>>> processing the document aiming for RG consensus is an option, >>>> and maybe the default option, but I wondered if it'd also be an >>>> option to proceed more quickly with this documenting the >>>> author's research and opinions/conclusions (and not necessarily >>>> RG consensus) and to then later try to extract an updated >>>> version of the guidlines/questionnaire into a separate RFC >>>> aiming for RG consensus. I'm not arguing strongly for that >>>> latter plan but just wanted to ask in case it helps the RG (and >>>> Avri who I guess will have the fun of figuring this out:-). >>>> >>> Up to now we have been able to reach consensus on all points, so let's >>> not lower the bar! >>> >>>> (2) Length and structure for protocol developers. >>>> >>>> I think this is too long to be very useful for protocol >>>> developers. I doubt many of them will wade through 40+ pages >>>> to get to the bit that's really aimed at them. (And which >>>> pretty much needs a total re-write.) The plan mentioned in #1 >>>> might help there I guess but another idea might be to move >>>> section 5.3.2 to the front and make a lot of the rest of the >>>> text into subsequent explanatory material and/or appendices. >>>> >>> I think this is actually quite an apt description of the research as it >>> has been done. After we managed to get this into a document I think it >>> would be great to come up with next steps for 5.3.2, such as bringing it >>> into the IETF. >>> >>> >>>> (3) What architecture do you mean? >>>> >>>> There are 25 lines that mention the term architecture in the >>>> draft and I'm not at all sure the term is used to mean the same >>>> thing throughout. I'm also not sure that there is an accepted >>>> thing that is "the one true Internet architecture" that has >>>> IETF consensus but you seem to me to be assuming that there is >>>> such a beast. Is this just a language issue or a deep(er) >>>> problem? I'm not sure, but eliminating references to the >>>> Internet architecture where possible would I think help. See >>>> some of the specific comments below, but I'd recommend a pass >>>> over the document to check how this term is used as well. (To >>>> try head off some lines of debate that might follow from this >>>> comment, I do think there are aspects of Internet architecture >>>> for which we do have IETF consensus, but I don't think the IETF >>>> has consensus on any one way in which to put all those together >>>> into something that'd be rightly termed the (or an) Internet >>>> architecture. I think RFC1958 section 2.1 supports that >>>> position btw.) >>>> >>> Thank you for pointing this out. By architecture, in this text, we are >>> referring to the technical functioning of the Internet – as it pertains >>> to the remit of the IETF. Would it be better if the first mention of the >>> word architecture came with the following clarification: ‘Internet >>> architecture is a catch-all phrase. In order to ensure it does not ring >>> hollow we want to clarify what we mean by this term. Our definition is >>> partly based on the consensus understanding of the term architecture as >>> laid out in RFC RFC1958 section 2.1, which states: ‘Many members of the >>> Internet community would argue that there is no architecture, but only a >>> tradition, which was not written down for the first 25 years (or at >>> least not by the IAB). However, in very general terms, the community >>> believes that the goal is connectivity, the tool is the Internet >>> Protocol, and the intelligence is end-to-end rather than hidden in the >>> network. The current exponential growth of the network seems to show >>> that connectivity is its own reward, and is more valuable than any >>> individual application such as mail or the World-Wide Web. This >>> connectivity requires technical cooperation between service providers, >>> and flourishes in the increasingly liberal and competitive commercial >>> telecommunications environment. The key to global connectivity is the >>> inter-networking layer. The key to exploiting this layer over diverse >>> hardware providing global connectivity is the "end to end argument’. >>> Building on RFC1958 we hold that the word architecture, in the context >>> of the IETF, refers to all the protocols, procedures, processes and >>> their accompanying people and politics that go into ensuring the >>> Internet remains a medium for unfettered global connectivity.’ Would >>> such a definition clarify our use of the word architecture sufficiently? >>> >>> Additionally, we would like to push back a bit against the argument that >>> because there is no consensus in the IETF on what the term architecture >>> means, we cannot use it in the text. The IRTF should be the space where >>> we can push the boundaries on that discussion, bringing in definitions >>> from academia as we do in the text by referring to amongst others the >>> work of Prof. Denardis and Prof. Bowker on architecture. >>> >>> >>>> (4) What does "=" mean here? >>>> >>>> In section 2 and later (in 5.2.2) you have diagrams with >>>> bracketed terms on the left, then "=" and then another term on >>>> the right. I just don't get what you mean by that "=" sign. You >>>> say "combine" and "makes up" but frankly I don't get it, even >>>> though I was in some of the meetings where those pictures were >>>> presented. E.g. in section 2, I don't get how to combine >>>> authenticity and anonymity in any useful sense, as those are >>>> mostly in conflict. >>> The easy answer, which will probably will not be enough for you, would >>> be: depends on the usecase. If we for instance take the example of TLS >>> for .onion websites, there the security model includes anonymity as well >>> as authenticity. >>> >>> I think it can easily be argued than in many models of security, privacy >>> and anonymity play a role, in others anonymity may be less important. >>> >>> To reflect this I changed the text to: >>> >>> A combination of reliability, confidentiality, integrity, anonymity, and >>> authenticity is what makes up security on the Internet. >>> >>> I also changed the '=' in to an '⇒' >>> >>> >>>> And the 2nd picture in section 2 has >>>> connectivity on the RHS, which you defined as being an "extent" >>>> and none of the things on the LHS seem to reflect that at all. >>>> While those pictures may well have been ok for use in >>>> presentations, I'm less happy that they're useful in an RFC. >>>> So, what does "=" mean? Can you actually define that relation? >>>> (Apologies if I'm being all "techie" and anal here, but I >>>> really don't get it, honest;-) >>> Where it come to the definition of rights in 5.2.2 the relation between >>> the LHS and the RHS should be 'contribute to an enabling environment >>> for', so I replaced the '=' with '⇒' and added an explanation. >>> >>> >>> >>>> (5) The DDoS discussion is still wrong. >>>> >>>> I think the discussion of DDoS in section 5.2.11 (see below for >>>> specifics) is not good enough and that section needs to be >>>> re-written or mostly deleted. (Not all list discussions need to >>>> end up with a section in the document.) It may be the case that >>>> what is needed is some discussion of forms of protest using the >>>> Internet, but that I think would better be the topic for >>>> another document, if soeone has the energy/interest. (That >>>> could be interesting too!) For this document, if it is aimed at >>>> the IETF audience, the current text is not useful as it ends up >>>> as a (controversial) NOOP - "don't enable DoS" is already in >>>> RFC3552 since 2003. >>>> >>> The scope of this document is _very_ different from RFC3552. It analysis >>> a case of technology and it's impact human rights. So, it has a >>> completely different role from RFC3552, even though the conclusions are >>> largely the same. >>> >>> >>>> (6) The questionnaire is not good enough. >>>> >>>> 5.3.2.x.y: Please go through these questions yourself (for some >>>> protocol) and write down answers and see then what you think of >>>> the questions. I think a number of these questions will not >>>> produce meaningful answers in any real attempt at using them. >>>> I also think that someone who is not an author and who is >>>> developing a new protocol needs to have gone through the >>>> exercise at least once before we should publish this document >>>> as any RFC. It is far too easy to ask unanswerable or >>>> non-useful questions otherwise. >>>> >>> We have had four people who did an exhaustive roadtest of the >>> questionnaire and used it on their draft in development. They presented >>> the outcomes at the session in Berlin and were also posted to the list. >>> >>>> (7) Missing introductory text. >>>> >>>> I think there's a missing bit of explanatory text about rights >>>> in general that'd help some more IETF-oriented readers. As I >>>> understand it, in HR all rights are contingent in the sense >>>> that governments are expected to balance competing rights in >>>> all cases. So e.g. even though we have a right to life, >>>> governments can legislate for capital punishment and still >>>> consider themselves signed up to the UDHR. I think this is >>>> worth noting, as for example, it means that we do not >>>> necessarily want to enshrine all the fine concepts on which the >>>> IETF has consensus as human rights, in particular, claiming >>>> that one had a right to encrypt could as a side-effect allow >>>> some governments to claim that they had a right to limit one's >>>> knowledge of mathematics, if that is claimed to compete with >>>> other rights (e.g. to safety). I'm not sure if this is the >>>> right HRPC document to capture that, but it was a surprise for >>>> me when I first found that out, so it may be worth adding a bit >>>> of text explaining basic rights concepts like that here or >>>> somewhere else. >>>> >>> The concept of balancing rights is not an easy one and there is also no >>> consensus in the law community about how this should be done. There are >>> many scholarly papers written about this, and I would large go with the >>> approach in the UN Guiding Principles for Business and Human Rights. So >>> I would offer the following text: >>> >>> Human rights can be in conflict with each other, such as the right >>> to freedom of expression and the right to privacy. In such as case the >>> different affected rights need to be balanced. In order to do this it is >>> crucial that the rights impacts are clearly documented in order to >>> mitigate the potential harm in a proportional way. Making that process >>> tangible and practical for protocol developers is what this research >>> aims to ultimately contribute to. >>> >>>> Specific comments (without reference to importance:-) >>>> >>>> Note: I'm not quite sure why, but I read this through and >>>> commented as if it were a PhD thesis, which is a bit more >>>> stringent that e.g. IESG evaluation. Apologies if that seems >>>> like nitpicking, but I think given the possibly political >>>> (ab)uses to which this RFC could be put, and since we might >>>> effectively kill the impact of the RG if we do this first RFC >>>> badly, we might be better off to take that approach. I'm >>>> willing to believe that I'm being too nit-picky though:-) >>>> >>> Does this mean that if we answer all these questions to your >>> satisfaction we'll get a PhD ? >>> >>>> abstract: These ought not have references and I think is too >>>> long. I'd suggest keeping the 2nd para (minus the reference) >>>> and move the rest to the intro. >>> Proposal accepted >>> >>>> intro, p3: How do you know that "open, secure and reliable" are >>>> necessary conditions here? I think you're likely correct, but >>>> I'm not sure that claim is justified in the document or in the >>>> references. >>> Reference added (to FOC Talinn agenda) >>> >>>> intro, p3: "The Internet aims to be a global network of >>>> networks that provides unfettered connectivity to all users at >>>> all times and for any content [RFC1958]. " The "aims to be" >>>> there seems odd, and I don't see where 1958 says "at all times" >>>> which seems to me overstated. >>> Changed it into: >>> The purpose of the Internet to be a global network of networks that >>> provides unfettered connectivity to all users and for any content >>> {{RFC1958}} >>> >>>> intro, p3: "One could even argue that the Internet is not only >>>> an enabler of human rights, but that human rights lie at the >>>> basis of, and are ingrained in, the architecture of the >>>> network." Sure one could argue that but is that claimed as an >>>> RG consensus? And you're assuming that there is one true >>>> Internet architecture there I think, which is problematic. >>>> >>> Although there has been a lot of discussion on the extend to which human >>> rights were at the top of the minds of the people developing it, the >>> technical principles like end-to-end, decentralization etc which were >>> priorities for the initial developers overlap sufficiently with human >>> rights like freedom of speech and access to information to make this >>> argument stick. It might have been a happy accident, but few in the RG >>> have disputed that - when looking at it from this perspective - human >>> rights are not intrinsically weaved through the structure of the >>> network. We have specified our definition of Internet architecture to >>> mitigate your concerns there. >>> >>> >>>> intro, p3: "By doing so, the IETF enabled the manifestation of >>>> the right to privacy, through the Internet's architecture." I >>>> think this shows a misconception of the IETF's role, at least >>>> as I see it. I don't believe that the IETF controls the >>>> Internet's architecture in the sense implied here. If you'd >>>> said "through it's protocol design processes" at the end >>>> instead, then I think that'd be better. And saying "Enabled" >>>> makes it sound like a done-deal and we can all go home, which >>>> strikes me as pretty optimistic;-) >>> A little wish-fullthinking never hurt anyone I guess ;-) Incorporated >>> your suggestion at the end of the sentence and changed 'enabled' to >>> 'allowed' for. >>> >>>> intro, p3, "Openness of communications of the technical design" >>>> what does that mean? And how does it "foster freedom of >>>> communication"? I don't get the argument here. >>> We mean to say here that the nature of the Internet was fundamentally >>> open. People could just show up and hack away. Have changed the sentence >>> to read: The open nature of the initial technical design (open >>> standards, open source, etc) fostered freedom of communication as a core >>> value, everyone could join and everyone could submit code. Hope that >>> clarifies a bit. This was done to show that today's Internet is more >>> closed. Closed standards (and standards bodies) walled garden >>> applications etc. >>>> intro, p3, "galvanize" is overstated and the IETF doesn't >>>> "ensure" what happens in the network, but only in the protocols >>>> we define - what implementers and operators do with that is >>>> really up to them and not the IETF. That's an important >>>> distinction that's mixed up in a few places in the document, >>>> including in the next sentence - if the IRTF produces this RFC, >>>> that's great and will help to ensure better realisation of HR >>>> issues, but the existence of the RFC itself will not ensure >>>> anything. >>>> >>> Have changed the words ensuring and galvanizing for the word encourage. >>> And changed the word encourage in the second sentence to the word >>> facilitate. I understand that the IETF/IRTF does not ensure anything. >>> But to tone the language down all through the document would take away >>> from the fact that the IETF/IRTF does have a substantial role in setting >>> the standard (no pun intended) for what they think the network should >>> look like, irrespective of what implementers and operators end up doing. >>> >>>> section 2: "unfettered" - while I myself do like that term, I >>>> think following the approach from RFC 4084 which you quote here >>>> would be a good general approach for this entire document. >>>> 4084 section 1.2 says that it intentionally avoide pejorative >>>> terms so as to increase the likelihood that operators will pay >>>> attention. I think following that guidance in this document >>>> would be good. Most of the text is actually fine in this >>>> respect, but an editing pass based on a review from some (as >>>> yet uninvolved) protocol developers would be a good thing. For >>>> example, some of the references to companies and products later >>>> on might raise hackles in a way that'd be counter productive. >>>> Anyway, 4084 does not use the term unfettered at all so better >>>> to not say that here. >>>> >>> OK - removed 'unfettered'. >>> >>>> section 2, and elsewhere: I think the use of the term anonymity >>>> is wrong in almost all cases in this document. >>> Interesting. Happy to fix, but would be great if you could give me a bit >>> more to work with. >>> >>>> While it is the >>>> case that users (and non-technical folk in general, including >>>> law makers) may talk about anonymity, I think there are few to >>>> zero technical folks who think that anonymity is achievable at >>>> any scale today. >>> Anonymity has a very specific meaning in both legal and technical terms, >>> there I think it's important that we work on this. The UN Special >>> Rapporteur on Freedom of Expression has underlined the importance of >>> encryption and anonymity online ( >>> http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx >>> ). And eventhough it is indeed a hard technical problem, I actually >>> think quite a lot of people are working on this. Tor is indeed probably >>> the best 'running code' example, but there is also Briar, I2P, Tribler, >>> etc. There is also an increase in Operating Systems that are geared >>> towards anonymity (by integrating Tor and other measures) such as >>> Subgraph, Tails, and Qubes, so I think discussing it is relevant, and I >>> don't think we should take a step back an accept that it's not possible. >>> >>> >>> >>>> Tor may be the closest we get, but it's not at >>>> all clear to me that anonymity is really a requirement or a >>>> goal for almost all protocol designers almost all of the time. >>> Maybe it's not and maybe it should be. Because there is a clear human >>> rights impact here. The aforementioned report by the UNSR recognizes the >>> essential role of encryption and anonymity in realizing human rights >>> protected under international law, as such technology “provide[s] >>> individuals and groups with a zone of privacy online to hold opinions >>> and exercise freedom of expression without arbitrary and unlawful >>> interference or attacks.” >>> >>>> I do think we should consider "being hard to track" and similar >>>> as requirements/goals but that's different and I'm not sure we >>>> even have that good an idea about all the trade-offs that are >>>> involved here. >>> Isn't that something that should be documented? >>> >>>> I'd recommend checking every time you use this >>>> tern, and getting rid of most of them. (Will try to point out >>>> the ones I think are problematic below.) Note that the 4949 >>>> definition is probably ok(ish:-) but once there are muliple >>>> protocols involved things become very unclear and in real >>>> networks, there's almost always someone somewhere who can >>>> identify (or re-identify) a person, host or bit of s/w and that >>>> context seems to be missing here when you use the term. >>>> >>> See above. >>> >>>> 2, Defining connectivity as an "extent" is interesting. I'm not >>>> sure if it's precise enough though, e.g., what'd "twice better >>>> connectivity" mean? Not sure what to suggest but I do think >>>> you're right to not define it as binary. Maybe refer to RFC4084 >>>> here again for some different types of connectivity? >>> Done - added reference to RFC4084 >>> >>>> 2, "content-agnosticism" - hmm, that seems a bit broken to me >>>> as a definition, it is ok to treat delay intolerant traffic >>>> differently and we do want that sometimes. "Identically" seems >>>> too strong, but I'm not sure what better definition to use >>>> without getting into an essay about net neutrality and similar >>>> things that I don't know much about;-) >>>> >>> I did not change this. Because although your statement on the delay of >>> intolerant traffic is true, common practice does not influence the >>> definition of content agnosticism perse. >>> >>>> 2, "end-to-end" - I much prefer to refer to this as an argument >>>> and not a principle. You'll get different opinions on that >>>> though:-) >>> Could you elaborate? I think we documented the use and origins pretty >>> well in bodies of literature and academic discussion. >>>> 2, "Internet censorship" - I think this definition is too broad >>>> and could even be read to discourage data minimisation. It >>>> seems to be missing the concept that the censor is acting >>>> without the agreement of the endpoints, but agreement/consent >>>> is such a slippy concept on the Internet maybe that'd be a bad >>>> idea. Anyway, this seems to broad to me fwiw. >>> Do you have any suggestions for new language to replace it with? >>>> 2, "Internet Standards as an Arena for Conflict"... eh... >>>> What? That's not a term to define, it's an argument for over >>>> beer! I think you need to delete that from this section. If you >>>> want to include the text somewhere then find a better way to do >>>> that I'd say. (But I'd still then ask: where is the principle >>>> of constant change defined for all time? :-) >>>> >>> Agreed. Moved the text to the literature and discussion section >>> >>>> 2, "i18n" - I think you're wrong that "Many protocols..." don't >>>> support i18n. It's for sure true that a bunch don't do this >>>> well and ought, but "many" seems overstated. Did you count >>>> them? >>> We got this observation from the i18n WG in Yokohama. >>> >>> (Note that for many binary protocols i18n isn't very >>>> relevant at all, if one assume that i18n is mostly important >>>> for end-users and less so for developers or bigger operators.) >>>> >>> Here I would like to push back with the arguments Ramsey Nasser >>> introduced at his presentation at the hrpc session at IETF95. Based on >>> his programming language in Arabic he showed through 'engineering >>> performance art', that the Internet and its technical infrastructure is >>> inherently hostile to non latin characters, which send the message that >>> the Internet natively belongs to English speakers. This is true for >>> developers, operators and users alike imho. >>> >>>> 2, "Open Standards Conform" - what? That's not a term to >>>> define. I think you also say this elsewhere so deleting this >>>> would be right. And what's RFC2606 got to do with it? >>>> >>> There should have been a hard return there. The text is lifted from >>> RFC2606. Should be fixed now. >>> >>>> 2, "Openness" - I think this is just wrong and am not sure what >>>> you even want to define. You cannot for example have free >>>> access to hosts in my home network, no matter how openly you >>>> ask:-) If you want to define openness, then I think it'd have >>>> to be about processes and not access to hosts. >>>> >>> The definition doesn't say access to all hosts, right? I don't think I >>> agree with the critique. >>> >>>> 2, "permissionless innovation" is not all about new protocols. >>>> It's also about using existing protocols in new ways without >>>> having to ask. Not all such uses are usefully described as new >>>> protocols. >>> added that to the text. >>> >>>> 2, "Privacy" - I think adding some references to the HR and >>>> legal literature about privacy could help the more technical >>>> readers here. >>>> >>> Added: >>> The right to privacy is articulated all of the major international and >>> regional human rights instruments, including: >>> {{UDHR}} Article 12: “No one shall be subjected to arbitrary >>> interference with his privacy, family, home or correspondence, nor to >>> attacks upon his honour and reputation. Everyone has the right to the >>> protection of the law against such interference or attacks.” >>> {{ICCPR}} Article 17: “1. No one shall be subjected to arbitrary or >>> unlawful interference with his privacy, family, home or correspondence, >>> nor to unlawful attacks on his honour or reputation. 2. Everyone has the >>> right to the protection of the law against such interference or attacks.” >>> The right to privacy is also included in: >>> Article 14 of the United Nations Convention on Migrant Workers; >>> Article 16 of the UN Convention on the Rights of the Child; >>> Article 10 of the African Charter on the Rights and Welfare of the Child; >>> Article 4 of the African Union Principles on Freedom of Expression (the >>> right of access to information); >>> Article 11 of the American Convention on Human Rights; >>> Article 5 of the American Declaration of the Rights and Duties of Man, >>> Articles 16 and 21 of the Arab Charter on Human Rights; >>> Article 21 of the ASEAN Human Rights Declaration; and >>> Article 8 of the European Convention on Human Rights. >>> >>> >>> >>>> 2, reliable, resiliance and robustness - I'm surprised there're >>>> no references for the first two and puzzled by the references >>>> for the 3rd. >>> References added (my bad, thanks for spotting) and offered grammtical >>> improvements for robustness: >>> >>> : The resistance of protocols and their implementations to errors, and >>> to involuntary, legal or malicious attempts to disrupt its mode of >>> operations. {{RFC0760}} {{RFC0791}} {{RFC0793}} {{RFC1122}}. Or framed >>> more positively, robustness is the quality of a system that can provide >>> functionality consistently and without errors despite involuntary, >>> legal or malicious attempts to disrupt its mode of operations. >>> >>> >>>> There also seem to be very few reference to these >>>> later, which makes it odd to find them here. I wonder if the >>>> formalism you're using (introduced at the end of section 2) has >>>> caused you to shoe-horn in definitions of these? >>>> >>> Nopes - these were terms that kept returning in interviews and during >>> research. I also do not think they're hardly mention actually. >>> >>> >>>> 2, scalable - it's often a challenge in proocol design to >>>> ensure that a protocol scales down as well as up, in the sense >>>> of working well for smaller networks/deployments. Might be >>>> worth pointing that out as it's relevant here when one >>>> considers designing new protocols potentially putting too much >>>> emphasis on the requirements of only bigger operators (who are >>>> in the room). >>> good point, added the following language to the text. In protocol design >>> ensuring for the capacity to both scale up and down can be a challenge. >>> Yet, it is important to consider the capability of the protocol to do >>> both, to ensure new protocols consider the requirements of both big and >>> small operators. >>> >>>> 2, stateless - is used exactly once later, and stateful is not >>>> used at all later - do you really need this here? (Just define >>>> it when used, but I think protocol developers will get the >>>> meaning anyway.) You could also say that retaining state has >>>> potential privacy impact, which may not be so obvious. (That >>>> retaining state impacts on other protocol features such as >>>> hard-reboot is fairly well understood I think.) >>>> >>> Removed glossary entry >>> >>>> 2, "Strong encryption / cryptography" I don't think this is >>>> needed or useful - why is it here? I think the IETF community >>>> know this already, is it useful for some other readership? If >>>> so who? (Since I'm not sure it'd be that useful for any >>>> readership.) >>> It is an IRTF document, so I am hoping that it will be read by >>> researchers as well as protocol developers. >>> >>>> 2, "transparent" - I don't like this definition which I think >>>> is not actually definining the term in the sense in which you >>>> use it in this document. As you actually use the term, it is >>>> mostly about processes, which is not what RFC2775 is about. In >>>> fact, I think you're actually using the term in it's normal >>>> English usage and don't really need a specific definition. >>>> (Though I didn't check all uses of the term.) >>>> >>> Fair point. Removed. >>> >>> >>>> 2, " The combination of reliability, confidentiality, >>>> integrity, anonymity, and authenticity is what makes up >>>> security on the Internet." No. That is just wrong. For example, >>>> that list omits DoS resilience, bugs (and protocol flaws) that >>>> cause problems like heartbleed, and I think, much else besides. >>>> I'm not sure how to fix this. (But see my general question wrt >>>> "=" as used here.) >>>> >>> I think this should be solved with the solution offered above. >>> >>>> section 4: I don't accept that "protocols are politics by other >>>> means" - if I develop a way for two computers to interact in my >>>> (non-existent as it happens:-) basement, that is not politics. >>>> If I publish an academic paper on a faster way to do ECDH >>>> that's not politics. I know it's a quote, but I don't think >>>> you ought present that quote in that way (reading IMO as if it >>>> were an RG consensus statement) without qualification. The >>>> relevant qualification I think is tricky to formulate but has >>>> something to do with broad deployment or with deployment at >>>> some technical choke point that offers significant control to >>>> someone. >>>> >>> I want to push back a little on the fact that this is not RG consensus. >>> I think a lot of people have expressed the sentiment that their >>> technical protocols increasingly have an impact on the political realm >>> and vice-versa. As such protocols have become enveloped in politics, >>> whether we/the IETF/the technical community likes it or not. Not to >>> speak of the fact that many prominent academics, which include engineers >>> and computer scientists, underwrite this statement. I also do not think >>> it is without qualification, the text goes on to mention at least eight >>> different papers that carefully qualify these statements. If we however >>> write out there arguments we run the risk of making that bit of text >>> suffer from TL;DR. >>> >>>> 4: I don't get the "values-by-design" point and how it's >>>> relevant to the IETF. I don't recall discussions about that on >>>> IETF/IRTF lists. Is this perhaps something that's really being >>>> discussed outside the IETF/IRTF context? If so, then the >>>> statement that these are a "new focal point" is not correct. >>>> (If you want to say this should or could be a discussion to >>>> have, that'd be fine but that's a different statement.) >>> These discussions have been had on the lists, in addition to the latest >>> session of hpc in Berlin when United Nations Special Rapporteur David >>> Kaye presented his latest report on the responsibility of SDOs vis-a-vis >>> human rights. The HRPC work has been focused specifically on the >>> question of how values get translated to design, and how they should or >>> should not. As such, I am surprised to hear you say that you have not >>> seen this happen on the list. >>> >>>> 4: "tools of enforcement" - I'm not sure what you mean here. If >>>> you mean law enforcement then saying that would be better, but >>>> the sentence is vague, for me anyway so would be better >>>> rephrased. >>>> >>> The full quote in the paper reads: "The “theory of the blunt >>> instrument” says that if you can blunt the tools of your >>> antagonist in a tussle, you may be able to disable him. Thus, if >>> all users of the Internet always encrypted everything they sent, >>> there could be no wiretaps and no discrimination based on content. >>> The only tool left to the regulator (e.g., the state) would be the blunt >>> instrument of total disconnect. This theory is appealing to >>> those who see the Internet as a vehicle for contention with state >>> controls. And indeed, this theory is appealing and has much to >>> recommend it. But (again) in the extreme, it >>> suffers from two problems. First, we have seen states, faced with the >>> only option of the blunt instrument, use it. When Google >>> refused to continue to comply with the law of the land in >>> China, China threatened to revoke their license to operate >>> there, leaving Chinese users with the even >>> - more regulated alternative of Baidu. Opinions may differ, but >>> some argue that a little Google would be better for the Chinese >>> people than none. >>> Similarly, Burma took the step of disconnecting all international >>> telecommunications links during the 2007 “Saffron >>> Revolution”, and several >>> countries have blocked Facebook and YouTube. Are those countries >>> and their citizens better off with that outcome than with >>> half a loaf? Second, when law trumps technology, >>> baking the “blunt instrument” outcome into the architecture may >>> raise large complexities for actors required to comply with >>> regulations. When France required that Yahoo block auctions of Nazi >>> memorabilia to its citizens, Yahoo had to organize a table >>> that identified (imperfectly) IP addresses of French users. Would >>> it have been better or worse if the Internet made it easy to tell from >>> what jurisdiction a connection came?" >>> >>> See here: >>> http://conferences.sigcomm.org/co-next/2010/Workshops/REARCH/ReArch_papers/10-Brown.pdf >>> >>> What they mean in this case is that if the IETF were to bake the UDHR >>> into its protocols, countries who do not agree with that might >>> completely withdraw from the standard setting process. I agree that >>> tools of enforcement is unclear so I changed that sentence to better >>> reflect that sentiment. >>> >>>> 4: "This document sets out some preliminary steps and >>>> considerations for engineers to take into account when >>>> developing standards and protocols." I think that's a good and >>>> fair statement of where this document is at. But don't you >>>> elsewhere go further? >>> Not in this document methinks. >>> >>>> section 5: It'd be great if you could add links or references >>>> to the source materials here. For example, who'd you interview? >>>> Are the videos avaiable? What's the list of RFCs you read and >>>> which were considered (most) relevant? Similarly for WG lists >>>> analysed etc. I'm sure you have all that stuff and making that >>>> available for later would be great. >>>> >>> Several people only wanted to be reviewed on the basis of anonymity, >>> releasing an incomplete list doesn't make a lot of sense methodologically. >>> >>> There is a preliminary RFC reading list, but we let it go relatively >>> soon we we were able to do automated RFC analysis with this tool: >>> https://github.com/nllz/rfc-analysis >>> >>> The RFCs that were deemed most relevant are mentioned in the ID. >>> >>> >>>> 5.2.1.4 and 5.2.1.5: (See general point #4 above about "=") I >>>> don't think you actually have achieved this "the creation of a >>>> list of technical concepts that when combined create an >>>> enabling environment for human rights." It's a fine goal, but >>>> I'm not sure it's achievable in reality with the kind of >>>> precision claimed in this section. I don't think the terms >>>> used in the figure in 5.2.1.5 are at all precise TBH, e.g. the >>>> phrase "good enough" only occurs in this figure and nowehere >>>> else. >>>> >>> I hope this has been sufficiently addressed now with the fix offered above. >>> >>> >>>> 5.2.3: "These capabilities for network control and limitations >>>> of the freedom of expression by end hosts can be traced back to >>>> the IPv4 design..." I don't think you have justified this >>>> claim. My argument would be that there is no simlarly >>>> scaled/robust nework against which to compare IP and that does >>>> not have the feature that it allows deployments to limit >>>> freedom of expression. So it may be that this feature/bug is >>>> not IP specific but inherent in large networks. In any case, >>>> the claim seems too much to me. (That might be a useful topic >>>> for the RG to tackle, or maybe someone has already studied this >>>> issue?) >>>> >>> That thee is no scaled/robust network to compare against doesn't mean >>> that this cannot be true for the current one, right? Not sure if I >>> understand your point. >>> >>>> 5.2.3.1: On what do you base the claim that source-routing >>>> could be better here? Source-routing seems to usually generate >>>> objections from transport folks. (You'd have to ask them for >>>> the history of that.) Spoofed source IP is a common mechaism >>>> for abuse. While you do say these are not considered good >>>> practice, you don't say why (or provide a reference) so it >>>> looks to this reader as if you're saying that those "features" >>>> could have been better, but without evidence for that. (Tor is >>>> lovely, but as currently defined, would not scale to the size >>>> of the Internet as it was quite some years ago.) >>>> >>> What we're doing here is 'know and show' the human rights impacts of a >>> specific protocol, that this is the only solution that exists and works >>> today, doesn't mean that it doesn't have a specific impact. So it's >>> about documenting of impacts. I don't think we're claiming anywhere that >>> those features could have been better, the sentence only reads that it >>> _can_ be done differently, not that that solution would be better. >>> >>> I've also added a reference on source routing. >>> >>>> 5.2.3.2: are you referring to the protocol number here? (As >>>> listed at [1]) That has about 140 protocols many of which >>>> aren't in widespread use. If so, then I question the claim >>>> that this is really the cause of DPI - I suspect that DPI >>>> devices mostly look deeper into the packet. That also seems to >>>> be indicated when you talk about transports and spdy. I think >>>> this section is confused about the differences between headers >>>> at various layers, and our history of sending cleartext. That >>>> said, I could see that in future, as we encypt more Internet >>>> traffic, someone may find rights-invading ways to use layer 3 >>>> headers but I'm not sure this is a significant issue today. (If >>>> there is evidence of this being done, I'd be interested in >>>> knowing about that. I guess there may be IPv6 options that are >>>> in use like that or have been suggested but you don't cover >>>> those at all that I can see.) >>>> >>>> [1] >>>> https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml >>>> >>> I removed this para for now, but am still researching it. Might offer >>> new text later on. Need some more thinking. >>> >>>> 5.2.3.3: I don't think mobile IP could never have displaced NAT >>>> for IPv4. We'd still have run out of addresses. So I'm not >>>> sure the point made here (that there was a "viable >>>> alternative") is correct at all. >>> With NAT deployed all over we're also running out of IP addresses, so >>> not sure your critique holds. Mobility could have been an alternative >>> for NAT, not for IPv6 (or its other alternatives). >>> >>>> 5.2.4: "which enact ICANN's policy" Do you thnk that the ccTLDs >>>> would agree with that? I don't. >>> Altered the text to: "which function in line with ICANN's policy" >>> >>>> 5.2.4: I think the fact that new gTLDs are hugely expensive is >>>> well worth a mention, as a deterrent to various freedoms. >>>> >>> You mean that it is expensive to become a registry (starting from >>> 185.000 USD), or that gTLDs are expensive? If it's the first, we >>> probably need to address this discussion: >>> https://archive.icann.org/en/topics/new-gtlds/explanatory-memo-new-gtld-program-budget-22oct10-en.pdf >>> , for the latter I do not have any data that shows that gTLD overall are >>> more expensive. >>> >>>> 5.2.4: I think you're missing some points here, maybe even an >>>> entire subsection. One of the ways around some of the issues >>>> listed is for clients to choose their resolver, e.g. so as to >>>> pick one that does check DNSSEC or that is not subject to the >>>> same regime as a default resolver. That can be blocked at the >>>> IP level, which is one issue. But even if I do that and use >>>> DPRIVE, then that creates a new threat of centralisation of >>>> lots of queries (e.g. at 8.8.8.8) which introduces yet another >>>> point at which control can be enforced or where traffic can be >>>> analysed. Passive DNS also has good and bad aspects. I'd say >>>> some or all of these points would be good to note. (But I'm not >>>> the right person to suggest good text sorry.) >>> Stephane has been so nice to provide text for this: >>> >>> Users can switch to another resolver, for instance a public one such as >>> those operated by Telecomix [http://dns.telecomix.org/]. The distorter >>> can then try to block or hijack the connection to this resolver. This >>> may start an arm's race, the user switching to secured connections to >>> this alternative resolver ({{RFC7858}}), the disruptor then trying to >>> find more sophisticated ways to block or hijack. In some cases, this >>> research to find an alternative, non-disrupting resolver, may lead to >>> more centralisation, many people going to a few big commercial public >>> resolvers. >>>> 5.2.5: The lack of a mandate for TLS was not the only reason >>>> why the web started out largely cleartext. There were also >>>> significant performance, UI, tooling and missing infrastructure >>>> issues, as well as the charging per certificate business model. >>>> Those were more important issues IMO, even though they do not >>>> nicely tie into the discussion of h2 and it's lack of a mandate >>>> for use of TLS. While I personally regret that, it was the >>>> result of a real and extended and open debate, which I think >>>> also ought be noted. >>>> >>> replaced 'caused' with 'was one of the reasons for' >>> >>> >>>> 5.2.5 and 5.2.5.x: While I'm fine with you calling the >>>> development of TLS MitM devices and similar "malicious," I am >>>> pretty sure plenty of folks might argue that. It'd be better to >>>> skip the pejorative language I think, but it is entirely >>>> correct to have the references to the attacks mounted using >>>> such technologies. I'd also tend to not mention specific >>>> companies and products in the body of the text, except where >>>> that is really necessary to make the point. >>>> >>> Done >>> >>>> 5.2.5.1: How do you know it was Snowden's relevations that >>>> caused mail service providers (not ISPs!) to "follow Google's >>>> lead"? That may be correct, but I'm not sure there's the public >>>> evidence that they said that was why. (If there is, great, but >>>> please provide a reference, the one you do provide, [Peterson], >>>> is about gmail and not yahoo.) Also, Google use TLS, not SSL >>>> for gmail. >>> Done >>>> 5.2.5.1: "less democratic" - I think it's an error to say that, >>>> since many countries that are considered role models for >>>> democracy could do the same things, "some countries" and >>>> examples would be better. Same with "oppressive regimes" - >>>> there's no need to include that judgement here. The reference >>>> here [RSF] wasn't accessible to me (no route to host) from a >>>> hotel network and eduroam. That could be nicely ironic, or a >>>> badly chosen reference. (But you need a reference.) The 2012 >>>> Libya report also really needs a reference. >>>> >>>> [RSF] >>>> >>> https://en.rsf.org/syria-syria-using-34-blue-coat-servers-23-05-2013,44664.html >>> >>> Updated link, reference added and judgemental language removed. >>> >>>> 5.2.5.2: wrt great-cannon, you might want to note that the IESG >>>> issued a related statement [2]. That's a bit tangential, but I >>>> think is relevant for this work. >>>> >>>> [2] >>>> https://www.ietf.org/iesg/statement/maximizing-encrypted-access.html >>>> >>>> 5.2.5.2: "Companies like" is pejorative and the patent >>>> application seems irrelevant. "has been largely documented" >>>> calls for a reference. "Oppressive regimes" is also not needed >>>> here as is "little concern for bad human rights records." The >>>> right thing here I think is to note the documented record >>>> without pejoratives and to then let the reader draw their own >>>> conclusions. >>>> >>> Done and done >>> >>>> 5.2.5.2: I don't think the text about h2 is fair. You're >>>> missing a) that there was a real and open debate on the topic, >>>> b) that some important implementations are exclusively h2/tls >>>> and c) that there is a spec for OS for HTTP being developed. >>>> Those are all as relevant as the fact that the outcome of the >>>> debate was to not mandate use of TLS all the time. (Which I do >>>> think is worth saying in this document, but needs more complete >>>> context.) >>> I am not sure what this would add to this. It is not stated that there >>> was no debate or that there are no exclusive h2/tls implementation. Am >>> happy to write something but am not completely sure what it would add to >>> the the analysis of the impact of this protocol on human rights. >>> >>>> 5.2.6: I think this section is missing some things. First, the >>>> IETF/XSF relationship is relevant here and needs a mention. (As >>>> both good and bad!) >>> Do you have a reference / source where we can learn more about this? >>> Since you seem to hint at something I do not know about. >>> >>>> Second, OTR is important, as is the >>>> community's failure to produce a better e2e standard for xmpp. >>> I am hesitant to do so, because then we would be analysing another >>> protocol, right? >>> >>>> And lastly, I think the tendency of IM deployments to not >>>> deploy interoperable standarsd is missing, which also has good >>>> and bad aspects (good: they can do telegram etc, bad: no >>>> interop). I'd suggest asking an XMPP expert to review/suggest >>>> text. (Happy to help find you one if needed.) >>>> >>> Do we really want to get into the Facebook Messenger, Ello, Telegram, >>> Signal, Axolotl discussion with this? That would be a serious extension >>> to the discussion... in the security direction. I would like to hear >>> what other people think about this, because I think this document >>> already covers a lot of ground. On the other hand: >>> >>> >>> https://www.theguardian.com/technology/2016/aug/03/turkey-coup-gulen-movement-bylock-messaging-ap >>> >>> Review by experts is always welcome. I asked Peter Saint Andre a while >>> ago but I did not hear back. Suggestions and reviewers are always very >>> welcome. >>> >>>> 5.2.6: "The protocol also has facets that may stifle speech as >>>> users self-censor for fear of surveillance, or find themselves >>>> unable to express themselves freely." That's not an XMPP >>>> specific point - the same applies to email and the web and to >>>> any other protocol that supports interpersonal messaging or >>>> access to sensitive information. I think you ought up-level >>>> this point to a more generic section that calls out issues with >>>> multiple protocols. (Not sure where exactly, but having it here >>>> only isn't great.) >>> Agreed, have added this point to the Privacy Explanation in the >>> questionnaire. >>>> 5.2.7: Is this section about P2P in general (I'd consider P2P a >>>> design pattern) or about PPSPP or about BT? Each of those >>>> choices seems wrong. If the first, then that's not the same as >>>> other 5.2.x sections and doesn't mention other P2P protocols >>>> (e.g. RELOAD maybe). If the second, is the deployment of that >>>> sufficient to justify the text? If the 3rd - that's not an IETF >>>> protocol. So I'm not sure what to make of this. >>> It's the first. The reason for adding this case category to the research >>> was that peer-to-peer got mentioned a lot in the interviews and in >>> discussions on this, so we thought it would be useful for the document >>> to discuss it here. >>>> 5.2.7: Is it still true to say that P2P is an "increasingly >>>> becoming a popular architecture"? I thought usage stats were >>>> showing the opposite nowadays? The examples given are odd: as >>>> BTC doesn't do file sharing/interpersonal messaging, skype is >>>> no longer really P2P iiuc, and I don't know if spotify really >>>> is or not. Surely BT is the canonical real example? >>>> >>> Removed 'is becoming and added: >>> >>> "While its most common application has traditionally been >>> file-sharing (and other types of content delivery systems), P2P is a >>> popular architecture for networks and applications that require (or >>> encourage) decentralization. A prime example is Bitcoin (and similar >>> cryptocurrencies), as well as Bitcoin and proprietary multimedia >>> applications." >>> >>> >>>> 5.2.7: "mostly delegated" - I'm not sure this is correct. I >>>> could argue that RELOAD is a counter example. >>> That's why it says 'mostly', right? >>> >>>> I could further >>>> argue that the lack of deployment of RELOAD (iiuc) may be >>>> evidence that your implied argument that it'd be better for an >>>> organisation like the IETF to try produce complete specs in >>>> this space might be unwise in that it's less likely to result >>>> in deployment. >>> I think the 'conclusion' para is pretty clear on this: >>> >>> These platforms are not perfect, and more research needs to be done. >>> If adopted at large, well-designed and resistant P2P networks might >>> represent a critical component of a future secure and distributed >>> Internet, enabling freedom of speech and freedom of information at scale. >>> >>> I think that is not an implied argument for making everything P2P. >>> >>>> 5.2.7.3: I think ledbat has some protocol features that would >>>> allow deployments (if they are nice) to reduce the scope for >>>> tracking. That's RFC 6817 but I'd have to reread it to check if >>>> there's something useful there, also not sure about ledbat >>>> deployment. >>>> >>> You mean this? https://tools.ietf.org/html/rfc6817#section-5.1 Doesn't >>> seem very conclusive. >>> >>> >>>> 5.2.7.4: Sybil attacks in this context (e.g. astroturfing) seem >>>> to be relevant to more than p2p protocols. In fact wouldn't >>>> they be more common on web based systems, at least as exploited >>>> by/for governments and commercial entities? >>>> >>> Added this suggestion >>> >>>> 5.2.8: There are many kinds of VPN - I think it'd be better to >>>> rename this section to something like "personal VPNs" or >>>> similar, as you don't get into e.g. corporate VPNs. >>> I think the first para does cover the difference, and I don't think >>> there is anything in the rest of the analysis that is not true for other >>> kinds of VPNs? >>> >>>> 5.2.8.1: "local illegitimate wiretapping" - that's another >>>> pejorative term for some, "monitoring" would be just as clear. >>>> (Again, not because what you say is wrong, but because there's >>>> no point in antagonising those who read this.) >>>> >>> updated >>> >>>> 5.2.8.1: "are way less analyzed and understood" I think I >>>> recall some papers on these kinds of VPN that found some issues >>>> - be good to reference such work if possible, esp if there's a >>>> survey. >>> I've been searching a bit and did not find anything really good. Things >>> like: >>> http://dx.doi.org/10.1016/S1742-6847(06)70438-4 >>> http://www.ijcse.com/docs/INDJCSE14-05-04-101.pdf >>> >>> Theses ones are the best I could find: >>> >>> https://www.insinuator.net/2013/08/vulnerabilities-attack-vectors-of-vpns-pt-1/#respond >>> >>> http://ieeexplore.ieee.org.proxy.uba.uva.nl:2048/stamp/stamp.jsp?arnumber=7314859 >>> So I referenced them in the text. >>> >>> >>>> 5.2.8.3: " VPN providers should at least be transparent on what >>>> information do they store and for how long is being kept" I >>>> fully agree with this, but what's it telling the IETF >>>> readership? Perhaps that RFCs ought identity potentially >>>> sensitive logged data or for how long that needs to be retained >>>> for technical reasons? That migth not belong here anyway but >>>> could be relevant somewhere in the document. >>>> >>> Changed 'shoud' into 'would' and added your suggestion to the privacy >>> question in the questionnaire. >>> >>>> 5.2.9: This could be shorter and may better as a part of >>>> section 5.2.5 - why is this one status code so important? >>> reduced the text substantially. >>>> 5.2.10: I'm really not sure this (all) belongs here. The >>>> middlebox debate is old and won't be resolved here, so I'm >>>> don't think it's worthwhile regurgitating the arguments in such >>>> detail. And I think you already said what you need to say when >>>> discussing NATs. I'd say deleting this section is maybe right. >>> deleted it. >>>> 5.2.10: (If you keep it) "IETF's role to prevent such >>>> censorship" again, the IETF is not the Internet police and does >>>> not "prevent" things like that. If you refer to the SPUD BoF, >>>> you should include references to the minutes etc. >>>> >>> deleted it. >>> >>>> 5.2.10: "Middleboxes are becoming a proxy for the debate on the >>>> extent to which commercial interests are a valid reason to >>>> undermine the end- to-end principle." That seems like an >>>> opinion, and one I'd be surprised had consensus. Do you need to >>>> say that? >>> deleted it. >>> >>>> 5.2.11: "Some people may say that DDoS attacks are the only >>>> mean to be heard, in the current Internet." Some people say >>>> that the moon landings were faked. Vague reportage like that is >>>> useless. I'd say this entire section needs to be redone with a >>>> strong statement that there is no valid use-case for DDos, and >>>> that DDoS is not a valid form of protest. I think such a >>>> statement is one that would have RG and indeed IETF consensus. >>>> I'm very sure that no concept of DDoS as a valid form of >>>> protest would garner consensus in either the RG or the IETF. >>> Done >>>> 5.2.11: "seem to suggest that the IETF should try to ensure >>>> that their protocols cannot be used for DDoS attacks" That's >>>> very understated and maybe even misleading. I would say that >>>> the IETF has long-standing consensus that DDoS is an attack >>>> that protocols should mitigate to the extent they can and that >>>> DDoS vectors in protocols are basically bugs. RFC3552 (section >>>> 4.6) from 2003 covers this and says that standards MUST >>>> describe DoS issues. >>>> >>> Text added: >>> >>> All of these issues seem to suggest that the IETF should try to >>> ensure that their protocols cannot be used for DDoS attacks, which in >>> consistent with the long-standing IETF consensus that DDoS is an attack >>> that protocols should mitigate them to the extent they can {{RFC3552}}. >>> >>>> 5.2.11: The linkage between private sector control of networks >>>> and DDoS is IMO entirely unconvincing. NRENs are generally >>>> private sector and have major issues with DDoS. (I'm sitting in >>>> a talk on that topic right now.) It is not at all clear that >>>> anyone who'd claim that they are using a DDoS attack to protest >>>> would actually be protesting about a network operator - it is >>>> much more likely they are protesting about some content owner, >>>> who may be public or private sector. >>>> >>> Removed >>> >>>> 5.2.11: I don't think we need or want the argument based on PM >>>> here at all. The argument about motivations for PM in RFC7258 >>>> depends on there being some justifiable reasons for monitoring. >>>> (Otherwise we would not need to even point out that motivations >>>> don't matter.) There are no such close-to-good arguments at all >>>> for DDoS, so drawing that analogy is misleading. >>>> >>> Removed >>> >>>> 5.2.11: If the RG feel there is a need to discuss a possibility >>>> for fully opted-in people to collectively protest, (I do not) >>>> then you should invent a new term for that and clearly say that >>>> even though such protest might appear to the network as beng >>>> the same as a DDoS (and hence be treated as an attack), that is >>>> not the same as a DDoS, where 100% of real cases involve >>>> compromised hosts or hosts being used as reflectors without >>>> permission. If the RG feel there is a need to discuss forms of >>>> protest on the Internet, then I think an entirely different >>>> section is needed, probably with a different structure. >>>> >>> Removed >>> >>>> 5.3.1: I'm not sure the "HR threats" model is the right thing >>>> here. The same was true of rfc6973 as well, as you say, but in >>>> this case, I'm not sure you really even need the concept. 5.3.2 >>>> just says stuff like "did you think about <foo>" so I don't see >>>> a need to say that "<foo> is a threat." I don't think you lose >>>> anything by losing that concept entirely. There is also a >>>> danger in including that risk analysis model here in that doing >>>> so might cause later disussion to be somewhat blinkered. >>> Not sure if I share your view. There are concrete threats, that we can >>> people to be cognizant of by thinking and documenting issues that could >>> arise, through the use of the questionnaire. I don't see how the use of >>> 'threat' here is problematic. >>>> 5.3.1: "This is by no means an attempt to cherry picks rights, >>>> if other rights seem relevant, please contact the authors >>>> and/or the hrpc mailinglist." I'd delete that, it's not that >>>> appropriate for an RFC (it was for an I-D). But if you do want >>>> to say something about a contact point, the RG list would be >>>> better. (The phrasing "cherry pick" is also a bit odd.) >>> Rewrote: This is by no means an attempt to exclude specific rights or >>> proritize some rights over others, if other rights seem relevant, please >>> contact the research group mailinglist. >>> >>>> 5.3.2: The title here is a bit inaccurate and misleading. >>>> You're presenting guidelines for protocol designers, and not >>>> for "HR considerations." >>>> >>> Seems in line with the dictionary definition here: >>> >>> Simple Definition of consideration >>> : careful thought : the act of thinking carefully about something you >>> will make a decision about >>> : a desire to avoid doing something that will make another person sad, >>> upset, angry, etc. >>> : something that you think about when you make a choice or decision >>> >>> from: http://www.merriam-webster.com/dictionary/consideration >>> >>>> 5.3.2: I don't think that many IETFers follow or read RFC4101. >>>> (RFC4101 is a useful, good thing, but one that's not much used >>>> iiuc.) >>>> >>>> >>> It seem quite useful though, I do not necessarily see a reason to remove >>> it. >>> >>>> 5.3.2.1.2: We're updating RFC3552 now, and the update will >>>> include some guidance on privacy considerations. I'm not sure >>>> if it'd be better to reference that draft now or not though, as >>>> it's early days. Probably best to refer to BCP72 though, as >>>> that'll remain the right reference when the 3552bis work is >>>> done. >>> Replaced everymention of RFC3552 with BCP72 >>> >>>> 5.3.2.1.2: "Could your protocol counter traffic analysis, or >>>> data minimization?" oops - I don't think you want to counter >>>> data minimisation. Better to split that into two questions >>>> probably. >>> Done. >>>> 5.3.2.1.3: This set of questions need work. All protocols "look >>>> at the packet content" or else do nothing at all. I think you >>>> want to ask people to think about which fields in the packet >>>> they need to access and to try to minimize those, and if >>>> possible, discourage others from looking at the rest (e.g. by >>>> enabling encryption of those). I also have no clue what " Is >>>> the protocol transparent about its decisions?" means. And the >>>> last question is also pretty meaningless when looked at in >>>> isolation. (I think I already commented on the agnosticism >>>> phrase as used here before. The same issues apply to the >>>> explanatory text here.) >>> I've rewrote the section: >>> >>> If your protocol impacts packet handling, does it look at the packet >>> payload? Does it look at Is it making decisions based on the payload of >>> the packet? Does your protocol prioritize certain content or services >>> over others in the routing process ? Is the protocol transparent about >>> the priotization that is made (if any)? >>> >>> >>>> 5.3.2.1.5: "readable by humans" is not the right criterion >>>> here. What you need to say is that "have to be understood by >>>> humans." For example, DNS names are mostly readable but IDNs >>>> are not, depending on which form one uses. >>> Accepted. >>> >>>> For some protocols >>>> it is entirely fine still to use ascii for human-readable >>>> labels, if those are only seen by developers or more capable >>>> admins. >>> I would push back on this in relation to the presentation of and points >>> made by Ramsey Nasser that I already referenced above. >>> >>>> 5.3.2.1.6: Re-using existing identifiers (e.g. MAC addresses) >>>> is the more common way that (re-)identification is enabled in >>>> protocols. You should point that out. I think the "make ... >>>> transparent" point is worth splitting from the identifier issue >>>> too - identifiers are very common, but making filtering >>>> apparent is much less so, and will be missed if you bundle >>>> these two things together. The last two questions aren't really >>>> useful though and are more explanatory text then real new >>>> questions. >>>> >>> Changed text, but I think last two questions are still useful for context. >>> >>> >>>> 5.3.2.1.7: These are not useful, as phrased for IETFers. The >>>> only useful part here is the 2nd last question (use other >>>> things that are proprietary), the rest are not as they are >>>> already handled in IETF processes, and we do not want yet more >>>> bureaucracy. The explanatory material is way too long and also >>>> not useful for the IETF audience. The example given is an >>>> interesting thing, but far from a typical protocol, so >>>> therefore is not a good example. >>> Not sure about this. That this is picked up in other IETF processes >>> doesn't mean it shouldn't be discussed here from the human rights angle. >>> Else also wouldn't need to discuss security, etc. Plus I think there is >>> ample reference to the existing IETF procedures hear to ensure that >>> there is no duplication of efforts. >>>> 5.3.2.1.8: This entire section is useless for IETFers, except >>>> the last question about extensibility. The explanatory text and >>>> example however don't address that and are also not useful. >>>> >>> Pretty strong statement with not too much argumentation, could you >>> elaborate pls? >>> >>> >>>> 5.3.2.1.9: The question was asked already. Anonymity is not a >>>> useful goal in almost all IETF protocols, and if it were, it'd >>>> be a first order requirement (e.g. if we wrote an RFC for Tor) >>>> and would not be missed. Delete this section entirely. >>>> >>> I don't agree, especially since anonymity is such a concept that is both >>> legally and technically understood, but hard to achieve. And as you said >>> previously, the combination of protocols make anonymity harder, which is >>> actually a case to raise awareness about anonymity in all protocols. >>> >>>> 5.3.2.1.10: The emphasis here is wrong. You should be asking >>>> about whether the protocol generates or processes anything that >>>> can be, or be tightly correlated with, PII. Many protocols have >>>> identifiers that are perfectly safe, until the host running the >>>> protocol is something that a person carries with them. The >>>> section needs a rewrite to take that approach. >>> Suggested text added. >>> >>>> 5.3.2.1.11: Mixing accessibility and statefulness is wrong. >>>> Both are fine questions, but should not be bundled. >>> I think it helps if you look in the glossary for the different >>> definitions of accessibility, that might clarify things, or in the >>> explanation. >>> >>>> The >>>> example is bad - HTML5 is the current spec and is not that RFC. >>> Reference changed. >>> >>>> 5.3.2.1.12: I think this is arguably duplicative and the issue >>>> will (or should) be caught via other IETF processes apart from >>>> HR considerations. I'd delete this, though it's mostly harmless >>>> here. >>>> >>> I'm hesitant here (again) to remove this because this gets a different >>> meaning from the human rights perspective imho. >>> >>>> 5.3.2.1.13: Again, this bundles things in a counterproductive >>>> manner. Split the topology/architecture points from the >>>> discriminaton/implication ones. (Even if you think those relate >>>> in terms of HR, that does not mean that they ought be bundled >>>> together in a questionnaire.) >>>> >>> Why not? I think the explanation and example tie it together nicely. >>> >>>> 5.3.2.1.14: I don't think this belongs in the questionnaire >>>> either. It's covered alredy in other IETF processes, when most >>>> relevant, so is not useful to ask about here. >>>> >>> I'm hesitant here (again) to remove this because this gets a different >>> meaning from the human rights perspective imho. >>> >>>> 5.3.2.1.15: This needs to be rewritten, there are 13 questions >>>> in the text which is entirely pointless. I would not bother to >>>> try answer those. >>> Hmmmmm. This is not a MUST, but it helps people structure their >>> thinking. Granularity can help with that, especially in an issue such >>> problematic and little understood such as Informed Consent, etc. >>> >>>> You should just ask how confidentiality is >>>> supported and between what endpoints and how keying is done. >>>> (Or something like that, I didn't try the full re-write that is >>>> needed.) The re-write should also bundle this with most of the >>>> next two sections. (See below.) >>>> >>>> 5.3.2.1.15: The cryptographic parts of this should be merged >>>> into a rewritten 5.3.2.1.14. If there are non-crypto bits of >>>> this then those need better explanatory text as it'd not be >>>> relevant for most protocols. (I mean things like database >>>> consistency.) I'm not sure if anything would remain when this >>>> and the previous section were re-written.) >>> Having a hard time understanding this, because it are inherently >>> different issue from a rights perspective. Merging them would not be >>> helpful imho, but am happy to be convinced. >>> >>>> 5.3.2.1.17: As per 5.3.2.1.16. >>> I assume you think these two should be merged? I could be convinced of >>> that, but would that make it easier to understand? Or just for the sake >>> of making it shorter? I do not think this Research Draft necessarily >>> needs to be short because it outlines the full research. If we take this >>> work further we can have a closer look at usability and streamlining it >>> with other relevant reviews that are ongoing in the IETF, IESG, etc. >>> >>>> 5.3.2.1.18: This is entirely duplicative and should be deleted. >>> Agreed, removed. >>>> 5.3.2.1.19: I've no clue if this'd be useful to ask. Only >>>> testing would tell. (It might be, but I'm really not sure.) >>>> >>>> Nits/editorial... >>>> >>>> lots of places: there are too many over-long sentences that >>>> make this hard to read and less clear. I'd really recommend >>>> getting rid of as many of those as you can. The first non-quote >>>> paragraph of the intro is a good example. >>> During RG last call we'll do a full editorial review. >>>> intro, "the core of the Internet, its architectural design >>>> is..." Using "core" is a bad term there, mostly we mean >>>> something quite different when we talk about the Internet's >>>> core or similar. (And that's another assumption that there's >>>> one true architecture.) >>>> >>> Hmmm, not sure. Compare: >>> http://www.wrr.nl/fileadmin/en/publicaties/PDF-Rapporten/The_public_core_of_the_internet_Web.pdf >>> >>>> intro, "properly defined, described and protected as such" - I >>>> don't think "defined" is needed there, and it might not be >>>> correct either. >>>> >>> Why not? I think defining is always the first step to make something >>> tangible. Also inline with >>> https://business-humanrights.org/sites/default/files/media/documents/ruggie/ruggie-guiding-principles-21-mar-2011.pdf >>> >>>> intro, "New protocols, particularly those that upgrade the core >>>> infrastructure of the Net, should be designed to continue to >>>> enable fundamental human rights." I'd drop the "core >>>> infrastructure" bit there, it's a distraction and liable to >>>> generate argument about what is or is not core, e.g. BGP is >>>> clearly core but is not otherwise mentioned in this document, >>>> and maybe correctly. >>>> >>> We have thought of BGP as one of the cases actually, and it is one that >>> I would love to to. >>> >>> I do think it makes sense to put in some prioritization of human rights >>> impacts assessments in here though. I don't think core or non-core needs >>> to be binary as well. Some things are simply bound to be used more and >>> thus can have a bigger potential impact. >>> >>>> intro, "The authors believe that the issues that have been >>>> raised by the reviewers have been addressed." Sorry to be >>>> raising more:-) >>> That should have been taken care of now ;) >>> >>>> section 2: I think some better formatting is needed here to >>>> distinguish the terms defined from the text, which in some >>>> cases is fairly long. Just add bullets or quoting or something. >>> But this is the standard glossary approach, right? Will take this up (in >>> due time) with the RFC editor who probably has some good ideas about this. >>> >>>> 2: "In the discussion of human rights and Internet architecture >>>> concepts developed in computer science, networking, law, >>>> policy-making and advocacy are coming together" Sorry, what is >>>> coming together in what discussion(s)? Too many commas there to >>>> be sure I think. (BTW, "architecture concepts" may well be an >>>> ok use of that word:-) >>>> >>> Concepts developed in different fields come together. >>> >>>> 2, "censorship resistance" does not "prevent" censorship, I'd >>>> say mitigate is better than prevent. >>> Accepted >>> >>>> 2, "confidentiality" - why not refer to 4949 there? >>>> >>> Done >>> >>>> 2, "debugging" - the term debug is not used in the draft, why >>>> do you need the definition? >>> Tossed. >>> >>>> 2, "decentralized" - why is "opportunity for" needed in this >>>> definition? I don't get that. >>> Tossed. >>>> 2, "technical this means..." needs fixing. >>>> >>> Fixed. >>> >>>> 2, "Heterogenity" typo >>> Fixed >>> >>>> 2, "autonomous organizations" do you mean ASes? If so, say so. >>>> If not, better to avoid the word autonomous here. >>>> >>> Changed autonomous with independent. >>> >>>> 2, "integrity" - why not refer to 4949? >>> Added. >>> >>>> 2, "Inter-operable" is normally not hyphenated in the IETF >>>> >>> Fixed >>> >>>> 2, i18n - funny line breaks there make that hard to read >>> Fixed >>> >>>> 2, l10n - you don't actually use that abbreviation so why >>>> define it? >>>> >>> Because many people use it, so it might provide some clarity. Don't >>> think it hurts. >>> >>>> 2, "The combination of the end-to-end principle, >>>> interoperability, resilience, reliability and robustness are >>>> the enableing factors that result in on the Internet. " That >>>> (non-)sentence needs fixing. I don't even know what you want to >>>> say tbh. >>>> >>> Fixed: The combination of the end-to-end principle, interoperability, >>> resilience, reliability and robustness are the enableing factors that >>> result in connectivity to and on the Internet. >>> >>>> section 3: I think this short section is missing text to the >>>> effect that you think the answer to question 2 is yes. >>> But it would be weird to answer that question here, right? That is what >>> we're doing in the rest of the document. >>> >>>> section 4: you say "five clear positions" but they are not >>>> clearly delineated in the document. I'd suggest using some >>>> headings or some other way to make these more distinct in the >>>> document. >>> Hmm, it's one position per para, and in it even mentioned which number >>> they are. >>> >>>> 4: "embedded into the Internet's architecture" (top of p13) has >>>> another claim that there's one true Internet architecture. You >>>> could change this one to be the set of protocols defined by the >>>> IETF or something similar. >>> The conception of Internet architecture of the authors is broader than that. >>> >>>> 4: " As it stems from the issues as they arise in the field of >>>> technical engineering." That's not a sentence. >>> I also don't think it adds much, so it's removed. >>> >>>> 5: "step taken by the research group" that's ambiguous - I >>>> think you mean the set of authors and their research groups at >>>> home and not the HRPC, which I don't think collectively read >>>> all the RFCs you mean. (I think it's fine to say that the >>>> authors were the one who did the work, if that's what you >>>> mean.) >>> I made it: authors and contributors >>> >>>> 5.1: This section duplicates the intro to section 5. Is there a >>>> new point being made? >>> Yeah - methodology and datasources are inherently different parts that >>> both need to be justified afaik. Mixing them up would just be messy. >>> >>>> 5.2: "(detailed under "2.vocabulary used")" do you mean section >>>> 2 there? Saying "Section 2" with the right xml2rfc incantation >>>> will cause the tools rendering to make that a link, which'd be >>>> nice. >>> I think that should also be working now. >>> >>>> 5.2.1.1: "was assembly" typo. >>> Fixed. >>> >>>> 5.2.1.5: figures are better numbered and with captions. >>> Done >>> >>>> 5.2.2.1: I guess there's a heading level bug here in the >>>> document sounce? >>> Fixed. >>> >>>> 5.2.3.1: "ability for those hosts to assemble or to >>>> consensually express themselves" huh? When/how do hosts >>>> assemble or do things consensually? Confusing people and hosts >>>> like that is odd. >>> Fixed. >>> >>>> 5.2.3.2: Why refer to spdy and not h2? And is that even a good >>>> reference? The 4906 reference also puzzled me. (Even more:-) >>> That was removed, but we might introduce it in another for again later on. >>> >>>> 5.2.5: Why "because of it's simple design"? I'd have thought it >>>> was more complicated than that and that a combination of HTTP, >>>> HTML, open-source browsers and web servers and cool content was >>>> involved. >>> Rewrote into: Its simple design strongly contributed to the fact that >>> HTTP...... >>> >>>> 5.2.5: TLS and SSL could do with references. >>> Added >>> >>>> 5.2.5: Gen-ART? Huh? That's wrong. Gen-ART are fine people but >>>> they don't do what you say they do any more than any other set >>>> of IETFers. Are you confusing them with the IAB statement on >>>> encryption perhaps? Otherwise that is quite the puzzle for >>>> me:-) >>> Removed >>>> 5.2.5.1: What does "of the first" mean? "From the start"? >>>> >>> Dutchism - Fixed by changeing it into: >>> >>> E-mail providers such as riseup.net were the first ones to enable SSL by >>> default. >>> >>>> 5.2.5.1: "have been corrected in TLS1.3" is in the wrong tense >>>> - "are being corrected" is correct. >>> Fixed >>> >>>> 5.2.5.1: TEMPORA, XKEYSCORE etc need references. Those can get >>>> hard to find later, at least good references can be hard to >>>> find. >>> Added. >>> >>>> 5.2.6.1: I assume the URLs [1] and [2] don't need to be there >>>> and are xml2rfc artefacts to be fixed. Also, you should use >>>> example.com and example.net as per the usual way of handling >>>> examples in RFCs. >>> Will take this up with the RFC editor in due time. >>> >>>> 5.2.7: "often seen" - by whom? I'm not sure that IETFers would >>>> share that opinion, so better to say who you do mean. "remains >>>> critical" is also overstated. >>> "regularly described" and "remains imporant" >>>> 5.2.7.1: "directed directly" typo >>> changed into: aimed directly >>> >>>> 5.2.7.2: "throtteling" typo >>> Fixed >>> >>>> 5.2.7.5: Why does only this section have a conclusions >>>> subsction? I'd say be consistent. >>> Heading tossed. >>> >>>> 5.2.8.1: you could lose the heading here (consistency again:-) >>>> >>> Heading tossed. >>> >>>> 5.2.8.1: some VPNs (but not the ones you care about) are not >>>> point-to-point. >>> Fixed with: >>> The Virtual Private Networks (VPN) that are being discussed here are >>> point-to-point connections that enables two computers to communicate >>> over an encrypted tunnel. >>> >>>> 5.2.8.1: "There are multiple implementations and protocols used >>>> in provisioning a VPN" do you really mean provisioning a VPN >>>> there? That'd mean something else for some IETFers. I think you >>>> mean setting up a personal VPN for a single user but not quite >>>> sure. >>> Fixed with: "There are multiple implementations and protocols used in >>> the deployment of VPNs," >>> >>>> 5.2.8.5: The URL for [PET2015VPN] didn't work for me. I found >>>> the paper elsewhere though. >>>> >>> Works fine for me. >>> >>>> 5.2.8.7: This bit seems fairly repetitive, other than the >>>> timing/correlation issues. You could maybe say that more >>>> briefly. >>> Tossed the first two sentences. >>>> 5.2.10: The URL for [Walfish] doesn't point at the named paper >>>> - what's up there? >>> Fixed - but then we removed the whole section :) >>> >>>> 5.2.11 (and elsewhere): "Many individuals, not excluding IETF >>>> engineers, have argued..." I hate constructs like that that >>>> assert that somebody somewhere (unnamed) thinks/says something. >>>> I don't see why any such assertions (of rumour basically) ought >>>> be in the RFC series. There are other examples of this >>>> construct in the draft. >>>> >>> It has been argued on the list. Would you prefer a link to the list >>> email? I think this a quite broadly shared opinion, so I don't really >>> think it's problematic. >>> >>>> 5.2.11: Not all DoS attacks flood with traffic. Some might >>>> consume CPU cycles, in future some will consume limited power, >>>> and could be used in a DDoS. I don't think it's useful here >>>> (for the IETF audience) to define 3 types of DDoS attack. >>>> >>> Fixed: >>> >>> Technically DDoS attacks are when one or multiple host overload the >>> bandwidth or resources of another host by flooding it with traffic or >>> making resource intensive requests, >>> >>> Re: Definition: why not? >>> >>>> 5.3: "Having established how..." I don't think you established >>>> the "how." It'd be fair to do s/how/that/ though. (Twice.) That >>>> sentence is also overlong. Also "... by detailing how..." is >>>> similarly not correct. >>>> >>> In the previous steps we have established that human rights relate to >>> standards and protocols and offered a common vocabulary of technical >>> concepts that impact human rights and how these technical concept can be >>> combined to ensure that the Internet remains an enabling environment for >>> human rights. With this the contours of a model for developing human >>> rights protocol considerations has taken shape. This subsection provides >>> the last step by detailing how specific technical concepts identified >>> above relate to human rights, and what questions engineers should ask >>> themselves when developing or improving protocols. In short, it presents >>> a set of human rights protocol considerations. >>> >>>> 5.3.1: 1st para is repetitive. Delete it. >>>> >>> I feel like some concrete cases here bring the focus back to the >>> questionnaire. >>> >>>> 5.3.1: The term "ICTs" isn't common in the IETF community. I'd >>>> say rephrase stuff to not use that. >>> But it is used in the slides of Bless and Orwat, that's why it's there. >>> >>>> 5.3.2.x.y: Having such deep levels of TOC makes life harder for >>>> readers and those commenting and later using this. Flatten it >>>> tall out. Or, do you even need the 5.3.2.x.y headings at all? >>>> (Some of the section titles don't map that well to the >>>> content.) >>> What doesn't map out? I think the numbers have been extremely handy in >>> reviewing. If people share this opinion I can remove them at the end of >>> Research Group Last Call >>>> 5.3.2.1.1: s/e2e principle/e2e argument/ again:-) >>>> >>> We cut the discussion up in the doc, but here it makes sense I'd say, >>> because it can concretely impact human rights. >>> >>> >>>> 5.3.2.1.1: the communication content would be concealed, not >>>> the act of communication >>> Fixed. >>> >>>> 5.3.2.x.y: It'd be a very good idea to add an appendix that >>>> lists the questionnaire questions only (with those being >>>> numbered). That way, people who want to do this analysis can >>>> just use that part (at least the 2nd time). If doing that, >>>> please ensure each question also has an unique number/label in >>>> the body of the document too, so that folks can find/correlate >>>> things. >>> I would prefer doing this in another document once this one is done. >>> >>>> 5.3.2.1.4: The last para of explanatory material should not >>>> re-define COMSEC etc. Just point people at RFC3552/BCP72. (But >>>> as BCP72.) The global adversary is also not purely passive, I'd >>>> lose that phrase. >>> Done. >>> >>>> 5.3.2.1.5: "many protocols" is not usefully true I think. >>> Maybe you should take up that problem with >>> https://tools.ietf.org/html/rfc2277#section-2 ;) >>>> 10.2: delete this. >>>> >>> Done! >>> >>> Thanks again! >>> >>> Corinne & Niels >>> >>> >>> >>> _______________________________________________ >>> hrpc mailing list >>> hrpc@irtf.org >>> https://www.irtf.org/mailman/listinfo/hrpc >> -- >> Mallory Knodel >> Association for Progressive Communications :: apc.org <https://apc.org> >> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780 >> >> >> _______________________________________________ >> hrpc mailing list >> hrpc@irtf.org >> https://www.irtf.org/mailman/listinfo/hrpc >> > > > _______________________________________________ > hrpc mailing list > hrpc@irtf.org > https://www.irtf.org/mailman/listinfo/hrpc -- Mallory Knodel Association for Progressive Communications :: apc.org <https://apc.org> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
- [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 avri doria
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Mallory Knodel
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 avri doria
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Joseph Lorenzo Hall
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Corinne Cath
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Joseph Lorenzo Hall
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Stephen Farrell
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Harry Halpin
- Re: [hrpc] review of draft-irtf-hrpc-research-00 Niels ten Oever