Re: [hrpc] [irsg] Review of draft-irtf-hrpc-guidelines-13

[Mallory Knodel <mknodel@cdt.org>]

Thanks to Brian and Jane for these reviews!

Gurshabad and Niels have taken those suggestions as per the thread and
issued a new version.

Brian and Jane, please can you give us an indication you are satisfied or
further advice on how to better resolve your issues?

Latest version: https://datatracker.ietf.org/doc/draft-irtf-hrpc-guidelines/

Thanks everyone,
-Mallory

On Thursday, November 10, 2022, Gurshabad Grover <gurshabad@cis-india.org>
wrote:

> Thank you for this detailed review! The new versions (-15 and -16) of the
> drafts address your feedback. Comments in-line.
>
> On 9/8/2022 4:00 PM, Brian Trammell (IETF) wrote:
>
>> The abstract and introduction state that the document has been "reviewed,
>> tried, and tested" by the RG. "Reviewed" I accept at face value, though it
>> is unclear how the document was "tried and tested". Have each of the review
>> categories in section 3 been run at least once by the RG/review team?
>> Should the document link to some instance of each of these kinds of reviews
>> (whether within the RG, or without)?
>>
>>
> The document has been used for several reviews, yes. Added a line in the
> introduction to link to a repository of such reviews.
>
> Section 3 seems to be missing a recommendation about who reviewers should
>> be. Is this the shepherd, someone appointed by the WG chair, a cross-IETF
>> group of interested people, people with more or less familiarity with the
>> specifics of the context the protocol is developed in, all or none of the
>> above?
>>
>>
> Section 3 now clarifies this.
>
> - Sections 4.1 and 4.2 are points on a continuum, basically stating that
>> "if your protocol doesn't work in all contexts in which the Internet might
>> be deployed, then you're disadvantaging people"... which is true, and
>> stronger IMO if stated more directly. Section 4.1 is entitled
>> "connectivity" but mixes the end-to-end principle with reliability under
>> bandwidth and latency challenges (though Reliability is the title of
>> section 4.2).
>>
>>
> I think we're reading this a bit differently. Connectivity is currently
> addressing two (distinct, I agree) topics:
>
> (1) end-to-end design
> (2) connectivity in low bandwidth and high latency situations
>
> Reliability is addressing a separate topic: fault tolerance and graceful
> failure.
>
> - Sections 4.4 and 4.5 seem like they were originally a single section
>> named Internationalization and Localization, and then were split. I'd merge
>> them again, because many of the points made in one apply to the other and
>> vice versa. Accessibility (section 4.18) also seems like it's following the
>> same general principle -- internationalization and localization deal with
>> application/presentation barriers tied to language, while accessibility in
>> a protocol context deals with application/presentation barriers tied to
>> mostly-nonlinguistic aspects of user experience, though in an Internet
>> context accessibility generally applies to application layer protocols
>> payload presentation (and the applications above them). Please consider
>> treating them together.
>>
>>
> Have arranged the sections so that Internationalization appears before
> Localization. Have also added a sentence that clarifies the distinction:
> "Internationalization is related to localization, but they are not the
> same. Internationalization is a necessary precondition for localization."
>
> - Sections 4.6, 4.7, and 4.17 overlap quite a bit -- adaptability goes
>> hand in hand with openness of standard and implementation, and adaptability
>> and support for heterogeneity are also intrinsically linked. Perhaps these
>> are third-level subsections of an overarching second-level subsection?
>>
>>
> Have moved Adaptability to be up with Openness and Heterogeneity Support
> now. Answer to the broader question about subsections below.
>
> - Similarly, sections 4.8-4.10 cover properties of communications security
>> protocols, and then we come to section 4.11, entitled Security, and section
>> 4.12 on privacy (which overlaps with Confidentiality as a property),
>> followed by sections 4.13 and 4.14 on Pseudonymity and Anonymity
>> (themselves privacy preserving techniques). These sections also cover
>> ground covered by existing formal and informal practices in the IETF, on
>> security and privacy considerations within documents. As a user of this
>> document, I'd prefer this entire set of considerations to be split out into
>> their own section, since unlike the other sections they do cover properties
>> of the protocol and its description already covered by existing practice
>> and process. What I'd like to know as an HRPC reviewer is what I need to
>> look for in existing security and privacy considerations sections to find
>> gaps in human rights considerations that might need to be addressed. What's
>> the delta between existing S&P guidelines and th
>>
> ose in this document?
>
>>
>>
> The RFCs on security considerations and privacy considerations are much
> more comprehensive than the exercise here, and we're primarily pointing to
> readers to those. We've just summarised some important questions in this
> draft.
>
> To be clear, I'm not suggesting that the authors and the RG restructure
>> the document from a document usability standpoint; rather, I'm pointing out
>> what appear to be structural issues in the document in case these are an
>> indication that the RG's thinking on these points might be incomplete. Or,
>> in other words, the RG did not set out to build a taxonomy, but having
>> almost done so, is it worth finishing the job?
>>
>>
> I think we're open in acknowledging that this research is not done and
> dusted. Doing human rights reviews in standard-setting environments is
> still an evolving practice, therefore we cannot claim we have a full
> taxonomy. In previous iterations, we've restructured the draft so that
> similar concepts appear together (as far as possible). We chose to
> dis-aggregate topics as much as possible to stay as close to
> implementations and stay away from abstractions, especially because this
> document aims to provide practical guidance. It's also usually suggested in
> evaluations to stick to concrete questions, and avoid high-level
> concepts/groupings.[0]
>
> Since reviewers may only look at certain sections, the modularity makes
> them self-contained pieces of advice on different topics. Overall, at this
> point, we're hesitant to combine sections or create subheadings, because we
> see benefit in keeping even related sections separate.
>
> - Section 4.16 Outcome Transparency asks what appears to me to be an
>> impossible question. I'm of course aware of the harms of unintended
>> consequences, but I'm not sure how I, as a protocol designer, could
>> usefully apply this question to my work. The only wise answer to "are the
>> effects of your protocol fully and easily comprehensible...?" is "no", and
>> no action I can take not involving a time machine will flip it to "yes". So
>> this observation probably belongs in the frontmatter of section 4, as
>> opposed to being a guideline itself. Section 4.21 is similarly difficult to
>> actually apply: it seems to reduce to "have you thought of anything you
>> haven't thought of yet?", which is tautologcially "no".
>>
>>
> Thank you. You're right, we've fixed the phrasing as now encouraging folks
> to document expected outcomes instead.
>
> - Section 4.20 points to an unsolved (and at first glance very difficult
>> to solve) problem in providing recourse to remedy, which is an interesting
>> point, but maybe not a guideline per se.
>>
>>
> Yes, this was a contentious one in the group. We have no concrete
> guideline, but believe that the current text represents the rg consensus.
>
> Throughout section 4, I found the choice of which rights were impacted by
>> which consideration to be mostly arbitrary, in that in most cases I
>> couldn't come up with a convincing argument for why the impacts listed were
>> tied to the guideline at hand, or a good reason why a missing impacted
>> right was missing. The most glaring of these: section 4.12 "Privacy" does
>> not list the "Right to Privacy" as impacted, which seems... incorrect. It's
>> not clear to me that the Impacts sections are all that useful, though,
>> unless someone is trying to pick and choose which human rights not to care
>> about (not a use case we should optimize for, IMO), so might be painlessly
>> omitted.
>>
>>
> The objective of this exercise was to also clearly establish that these
> properties are linked to specific human rights. Given that human rights are
> not atomic, but individisble and interrelated, we admit that it is
> difficult to be comprehensive in those sections though. Happy to correct
> obvious mistakes, like the one you pointed to.
>
> and as promised, one editorial nit: section 3.1 appears to incorrectly
>> cite section 3.3 as the source of guidelines; this should point to section
>> 4.
>>
>>
> Thanks for catching that, fixed!
>
> Again, many thanks for an informative, well-written, and useful document,
>> and I hope these comments are similarly useful to you.
>>
>>
> We found this review quite useful. Thanks again, and please let us know if
> the changes are to your satisfaction.
>
> -Gurshabad and Niels
>
> [0] https://www.sciencedirect.com/science/article/pii/S107158191
> 0000972?casa_token=TjtLihpb6iMAAAAA:_I6AtjHcLtQch3-
> tyB0tzJTgT_3iV_zqaJ8_Tec2wFh5lz86gWklnoBeAbXDqx8V9pZwKhoczw
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc
>


-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780