IETF Logo Mail Archive

Re: [hrpc] HRPC recharter

Mallory Knodel <mknodel@cdt.org> Thu, 05 January 2023 16:02 UTC

Return-Path: <mknodel@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEBADC0D7C33 for <hrpc@ietfa.amsl.com>; Thu, 5 Jan 2023 08:02:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VtV2cr0UQazd for <hrpc@ietfa.amsl.com>; Thu, 5 Jan 2023 08:02:42 -0800 (PST)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95A36C151710 for <hrpc@irtf.org>; Thu, 5 Jan 2023 08:01:11 -0800 (PST)
Received: by mail-qt1-x82b.google.com with SMTP id c7so30239001qtw.8 for <hrpc@irtf.org>; Thu, 05 Jan 2023 08:01:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=eaNHyx/TZ7DWjHkQyhQw9+YM03c+dcXGM6IrD1bJM5Y=; b=Ru0veG0otjsqPOpagRdNYj2kFy5vPWYVeYtnX/y+ngI+n0Vy4Uy17dUMM3oOD5n2pY rLvf3R1NIy9f5Xg3zek+jnQ9vvg6tIisMACAU+yCUQXQ208Hoj0THSjpsGsXeAcen2IS Kj3FWBd8mtH0RHN9GeWIFkcsdUtrWNCJgLvV8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eaNHyx/TZ7DWjHkQyhQw9+YM03c+dcXGM6IrD1bJM5Y=; b=aJDEOyF222KWZFtUE/cCi3ZqedmnyHasTt5kXdn7JYnHw/8LffMkC3Cv0au0tWT1SD QnFzzp2zarw3uF0THQodH7KbNqClbckzxe4vDuQKSQ+74GVCzH5XGW+O+d0QBtGj4UO5 OYbCVYYMk51hMF4EoGusQOISUSV9sAXDq0uG83LSTxGLkm03+zH8aPuCQT4WkYSamG93 NqexiL3V1yUh1EZUPXwPfehz76jmJQqQ2j8O4RZnpUV+GkhC+jNcgKkCLiR7NfZGfnSZ gU3TdECgPxtBGVV1WPAhMbRJGKRvhAJ27PjpcGDTSC4t1MxTjth4LOZw2Tfu3edvBfFQ lR5w==
X-Gm-Message-State: AFqh2kp4ALZ9SEZRKUkKNzDJ9V83WSCW7TBFvCCn4J+13pqXPA1cly78 4/X3T8P3iyD9tIzqxvu7NcM5Oksz+ND8/s/1
X-Google-Smtp-Source: AMrXdXvC25Y6ASZh9eOjcn4G4hyed3kKJVkh6pNJO2KkExn4c+yCZzjErhe4UsmM27DtxlsiX03rTg==
X-Received: by 2002:ac8:48cb:0:b0:3a8:991:bf94 with SMTP id l11-20020ac848cb000000b003a80991bf94mr67252055qtr.51.1672934470077; Thu, 05 Jan 2023 08:01:10 -0800 (PST)
Received: from ?IPV6:2603:3003:360f:f700:8881:64c2:d858:9e61? ([2603:3003:360f:f700:8881:64c2:d858:9e61]) by smtp.gmail.com with ESMTPSA id m18-20020ac86892000000b003a5c6ad428asm21766194qtq.92.2023.01.05.08.01.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 05 Jan 2023 08:01:09 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------y2gKfuzuK0uR3GdsUp0gDwPS"
Message-ID: <68dab8e6-b17c-4ceb-5267-d4edb62f3eea@cdt.org>
Date: Thu, 05 Jan 2023 11:01:07 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Thunderbird/106.0
Content-Language: en-US
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hrpc <hrpc@irtf.org>
References: <6ddd480d-76ed-a05e-066d-d740fee61441@cdt.org> <CABcZeBO-kN+KmNcGuiAxv5ZidvuZW5A5yjB2mP_ZJCiF1qNLyg@mail.gmail.com> <f727a6c8-7f1e-0db8-46d0-36248b921b79@cdt.org> <CABcZeBPuGUXcAo6z+uSCn=99ct7ALxOP8aQHYX+ncViLitMciw@mail.gmail.com> <ff338456-b2b5-0eec-f18f-be81ef1afe99@cdt.org> <CABcZeBO_9tjxDTurFr-uaN6OAPR1=Qo7aJNNHMprLPBUyrsAEg@mail.gmail.com>
From: Mallory Knodel <mknodel@cdt.org>
In-Reply-To: <CABcZeBO_9tjxDTurFr-uaN6OAPR1=Qo7aJNNHMprLPBUyrsAEg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/WL4MOO3XTiKUxxNCLfQyU_O87Mc>
Subject: Re: [hrpc] HRPC recharter
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 16:02:47 -0000

Hi,

On 1/5/23 10:09 AM, Eric Rescorla wrote:
>
> On Thu, Jan 5, 2023 at 6:59 AM Mallory Knodel <mknodel@cdt.org> wrote:
>
>     Hi,
>
>     On 1/4/23 4:17 PM, Eric Rescorla wrote:
>>
>>         I see that the proposed charter revises this bullet somewhat
>>         to remove
>>         the comparison to 6973, but I think it would be good to be
>>         clearer in
>>         the charter that the intent for the HRPC is not to be some
>>         human-rights flavored version of secdir or opsdir. In
>>         particular, if
>>         guidelines for how to design protocols so that they protect human
>>         rights are to have any normative force, they need to come out
>>         of the
>>         IETF, not the IRTF. And if the intent is to provide something
>>         informative, then I think what's needed is something much
>>         more like an
>>         analysis of problems and a catalog of techniques than
>>         guidelines. This
>>         is, for instance, what PEARG does.
>>
>     ...
>>
>>         And alternatively if you can point to a place in the charter
>>         where this sort of thing appears and is described better than
>>         what we have?
>>
>>     I'm sorry,  I don't think I understand that question.
>
>     In an effort to keep this conversation specific to the charter
>     text, I am wondering if you feel that PEARG's success in analysis
>     of problems and a catalog of techniques lies in the way it's
>     charter is written on these points? Because this is what I'm
>     seeing in their charter:
>
>>     Provide a forum for discussion and analysis of the cryptographic
>>     and practical aspects of privacy protocols e.g.
>>     Analyse dependencies between protocols in the larger Internet
>>     ecosystem and understand the privacy implications in a wider context
>>     Understand why some protocol design efforts have succeeded and
>>     other have not
>>     Formulate better models for analyzing and quantifying privacy risks
>>     Offer guidance on the use of emerging techniques and new uses of
>>     existing ones. 
>     It does not in fact look that different than ours. I think that
>     execution and interest in bringing research to HRPC is what we
>     need to focus on to fix much of what is being raised in the
>     conversation, not necessarily charter text.
>
>
> I agree that charter text is not the problem, and I don't think my 
> initial comments
> implied otherwise. Rather, my position is that the charter text 
> *reflects* a misguided
> view of what this group is for and can accomplish and that we should 
> converge
> on a better view and write a charter that memorialized that view.
>
Understood that this is your view. On the other hand, the feedback we 
are consistently getting in our actual meetings and through our most 
recent IAB review is that in fact HRPC is contributing and doing well 
and we don't need to be overwrought in our attempts to do more work.

This is why I want to make very incisive changes to the charter that 
very slightly expand the work into policy, though as I stated there are 
those that disagree that we even need to specify this change given that 
policy already is under the purview of talking about human rights.

In other words: I don't believe it is widely accepted that HRPC has a 
misguided view of its own purpose. Others may, but that has 
unequivocally improved since it was first chartered.

> With that said, however, I think that the charter text is different in 
> two very material ways:
>
> 1. It actually does specifically say to provide the kind of guidance 
> I'm talking about
> (see the last bullet).

Just to compare, this is ours:

> # To propose guidelines to protect the Internet as a 
> human-rights-enabling environment and a global public good in future 
> protocol development.
This is PEARG's:

> Offer guidance on the use of emerging techniques and new uses of 
> existing ones. 
We were talking about how PEARG does "analysis of problems and a catalog 
of techniques" but that doesn't appear in their charter. And while there 
might be anti-/privacy techniques, there aren't human rights equivalents 
here. So we are left with analysis of problems. I think that "protect" 
in our bullet point in fact implies that we analyse problems, see 
draft-association.

Issues and PRs always welcome: 
https://github.com/IRTF-HRPC/IRTF-HRPC/blob/main/hrpccharter.md

-Mallory

-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780

v2.23.0 | Report a Bug | By Email