IETF Logo Mail Archive

[hrpc] new draft text for the ID

Niels ten Oever <niels@article19.org> Tue, 03 March 2015 13:23 UTC

Received: from mx1.lan ([10.10.12.44] helo=mx1.greenhost.nl) by mailman.lan with esmtp (Exim 4.72) (envelope-from <niels@article19.org>) id 1YSmnT-0002vU-Kq for hrpc@article19.io; Tue, 03 Mar 2015 14:23:39 +0100
Received: from vps784.greenhost.nl ([213.108.108.114] helo=mail.article19.io) by mx1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <niels@article19.org>) id 1YSmnS-0005nK-GN for hrpc@article19.io; Tue, 03 Mar 2015 14:23:39 +0100
Received: from localhost (localhost [127.0.0.1]) by mail.article19.io (Postfix) with ESMTP id B2B0018002F for <hrpc@article19.io>; Tue, 3 Mar 2015 13:25:34 +0000 (UTC)
X-Spam-Flag: NO
X-Spam-Score: -2.9
X-Spam-Level:
X-Spam-Status: No, score=-2.9 tagged_above=-10 required=6.6 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.article19.io ([127.0.0.1]) by localhost (mail.article19.io [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id bQlQcCMEPqZ7 for <hrpc@article19.io>; Tue, 3 Mar 2015 13:25:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.article19.io (Postfix) with ESMTP id 7780D180024 for <hrpc@article19.io>; Tue, 3 Mar 2015 13:25:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.article19.io
Received: from mail.article19.io ([127.0.0.1]) by localhost (mail.article19.io [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rQSHjZLxEg-O for <hrpc@article19.io>; Tue, 3 Mar 2015 13:25:33 +0000 (UTC)
Received: from [10.115.120.73] (5.40.111.164.static.user.ono.com [5.40.111.164]) by mail.article19.io (Postfix) with ESMTPSA id 182A018002F for <hrpc@article19.io>; Tue, 3 Mar 2015 13:25:33 +0000 (UTC)
Message-ID: <54F5B5D6.4080404@article19.org>
Date: Tue, 03 Mar 2015 14:23:34 +0100
From: Niels ten Oever <niels@article19.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.4.0
MIME-Version: 1.0
To: "hrpc@article19.io" <hrpc@article19.io>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Level: +
X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50, SPF_NEUTRAL autolearn=disabled version=3.3.2
X-Spam-Score: 1.6
X-Virus-Scanned: by Greenhost Virus Scanner
X-Scan-Signature: 503f1a2b1db20d3cc8283cfb339c155f
Subject: [hrpc] new draft text for the ID
X-BeenThere: hrpc@article19.io
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Human Rights Protocol Consideration Discussion list <hrpc.article19.io>
List-Unsubscribe: <https://lists.ghserv.net/mailman/options/hrpc>, <mailto:hrpc-request@article19.io?subject=unsubscribe>
List-Archive: <http://lists.ghserv.net/pipermail/hrpc>
List-Post: <mailto:hrpc@article19.io>
List-Help: <mailto:hrpc-request@article19.io?subject=help>
List-Subscribe: <https://lists.ghserv.net/mailman/listinfo/hrpc>, <mailto:hrpc-request@article19.io?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 13:23:40 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,

Based on the traffic on this list, some interviews and discussions I
drafted new text for the ID. The additions are to 2. research topic
and 3. Proposal. I pasted the proposed text underneath, happy to discuss.

The deadline for sending in the ID is the 9th, and since we will also
need to consolidate the comments and put the ID in XML it would be
greatly appreciated if you could comment in the coming days (before
the 7th) so we can still integrate your comments in the ID, but of
course also happy to discuss afterwards and in Dallas.

Looking forward to your comments, questions and suggestions.

Best,

Niels

PS The original ID can be found here:
https://tools.ietf.org/html/draft-doria-hrpc-proposal-00

2.  Research topic
In a manner similar to the work done for RFC 6973 [RFC6973] on Privacy
Consideration Guidelines, the premise of this research is that some
standards and protocols can solidify, enable or threaten human rights,
such as freedom of expression and the right to association and
assembly online.

RFC 6973 however asserts privacy as a subset of security, and security
aims to solely serve growth of the network and communication:

Development of security mechanisms is seen as a key factor in the
future growth of the Internet as a motor for international commerce
and communication.[RFC1984]  and according to the Danvers Doctrine,
there  is an overwhelming  consensus in the IETF that the best
security  should be used and  standardized.[RFC3365]. At the same time:

The  Internet Architecture Board (IAB) and the Internet Engineering
Steering  Group (IESG), the bodies which oversee architecture and
standards for  the Internet, are concerned by the need for increased
protection of  international commercial transactions on the Internet,
and by the need  to offer all Internet users an adequate degree of
privacy. [RFC1984]

This  shows that security and privacy are very high on the agenda of
the  IETF, but a reason for this, outside of underpinning growth and
trust of  the network, is not given. In this research it is argued
that security and privacy are (contributing to) essential human
rights; such as freedom of expression, the right to information, the
right to  privacy, and the right to security.

The Internet aims to be a global network of network that provides
connectivity to all its users, just like the Universal Declaration of
Human Rights provides rights to all citizens. This makes a clear case
that the Internet is not only an enabler of human rights, but that
human rights, lie at the basis of, and is ingrained in, the network.
Furthermore  interview will be done with  the chair of the Internet
Architecture  Board (IAB), members of the  Internet Engineering
Steering Group (IESG)  and chairs of selected  working groups and RFC
authors.

To start addressing the issue, a mapping exercise analyzing Internet
architecture and protocols features, vis-a-vis possible impact on
human rights needs to be
undertaken.

[snip, leaving the examples in place]

3.  Proposal
Mapping the relation between human rights and protocols and
architectures is a new research challenge, which will require a good
amount of cross organizational cooperation to develop a consistent
methodology.  While the authors of this first draft are involved in
both human rights advocacy and research on Internet technologies - we
believe that bringing this work into the IRTF would facilitate and
improve this work by bringing human rights experts together with the
community of researchers and developers of Internet standards and
technologies.

At this point we have created a mailing list where we would like to
encourage discussion of the issue and capture interest of the IRTF
community.  A second step would be to create a charter and ask the
IRTF for a Research group to further develop methodology and
investigate Human rights Protocol considerations.

Assuming that the research produces useful results, the objective
would evolve into the creation of a set of recommended considerations
for the protection of applicable human rights.

In the  analysis of existing RFCs central design and technical
concepts have been found which impact human rights. These concepts
will form the lens for the analysis of RFCs and will be further
described vis a vis their impact on human rights.

The current working assumption is the following:

The  combination of content agnosticism, connectivity, security (as
defined in RFC 3365) [RFC3365] and privacy (as defined in RFC 6973)
[RFC6973] are the technical principles that underly freedom of
expression on the Internet.

Privacy and security are defined, so here we focus on concepts that
have not been defined as considerations that are relevant for freedom
of expression.

This is a non-exhaustive first list of concepts, which definitions
should be improved and further aligned with existing RFCs.

Connectivity
The Internet is the tool for providing global connectivity conform
RFC1958. Therefore all protocols and standards should aim to improve
connectivity, and not to limit it.

Distributed
To  enable and strengthen connectivity, stability, and sustainability
of  the network, protocols and standards should be developed in a way
that  they can be implemented in a distributed way, if not, strong
accountability mechanism should be in place.

Inter-operable
Standards exist to design systems that allow for other systems to
interact freely and openly.

Reliable
Reliability ensures that a protocol will execute its function
consistently and  error resistant as described and function without
unexpected result, also when there is an increase or decrease of
throughput. A system that is reliable will have a documented way to
recover from failure.

Scalable
Any  solution should support growth of the network with more hosts,
users and traffic. And have clear understanding of it's scope and
ideally a proposition how it can be expanded in order to support
greater capacity.

Stateless / state-full
If  possible protocols should be implemented stateless for reliability
and privacy considerations. If not, they should keep as little state
as possible.

Content agnostic
Protocols should not treat packets/datagrams differently based on
their content.

Transparent
Protocols should be transparent in what they can do and can not do and
how it is  done. Implementation of protocols should advertise it's
policies on data retention for the service and which jurisdiction it
falls under.

Debugging
A protocol should allow a user to troubleshoot and debug possible
causes of malfunction and loss of reliability.

Robust, robustness
Protocols should be resistant to errors, involuntary legal or
malicious attempts  to disrupt its mode of operations. Protocols
should be developed in a  way that there is no (intransparent) kill
switch. There should also be a clear description on how a protocol
recovers from potential failures.

End user-centric / representing  stakeholder rights
As proposed in draft-nottingham-stakeholder-rights-00:

[QUOTE]
Protocols MUST document relevant primary stakeholders and their
interrelationships.

[..]

 End-user-facing application protocols MUST prioritise their users
higher than any other stakeholders.
Extensions to existing protocols MUST document how they interact with
the extended protocol's stakeholders.  If the extended protocol's
stakeholders are not yet documented, the extension MAY estimate its
impact, in coordination with that protocol's community and the IESG.
The burden of this documentation need not be high; if HTML can do it
in a paragraph, so can most protocols.  While it might be appropriate
in a separate document (e.g., a requirements or use cases draft) or
the protocol specification itself, documenting stakeholders in the WG
charter has considerable benefits, since it clarifies their
relationships up-front.

[/QUOTE]


- -- 
Niels ten Oever
Head of Digital

Article 19
www.article19.org

PGP fingerprint    8D9F C567 BEE4 A431 56C4
                   678B 08B5 A0F2 636D 68E9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJU9bXVAAoJEAi1oPJjbWjpeKEH/3MhfM1yFG2aJf4/8ZBWwQtA
rlb0iVw2mCeA9RsulzgkU7cZC3dh+24PIVsX0DmiaCJtk7YJbCzI8wQtvm8b2aD0
PnQzRbkCGHxpPKLP+GkuNr2iQCdWQ6YoY68g8up26jHco9DUaTIOw9zGFV4lApu3
d2/9DvyrF/d2lgO17c9vFVmAoE+wWdlE1CMRV2SDGcbz9Fb9xSntnJ5/+SXkNpQ+
24BaCk73xK88mRqvk/HLUO3GCoDd3ytM5KuU0X4hQOoLVWOpyQaVOadtLQbLkNNX
GB1NIalgs8ivK+8PXn4fsbKMCYLR3HcSDIzC/uiICRciznu0G82v49pZYYAVt+Y=
=DKrF
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email