IETF Logo Mail Archive

Re: [hrpc] HRPC recharter

Eric Rescorla <ekr@rtfm.com> Wed, 04 January 2023 21:17 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00EB8C15153D for <hrpc@ietfa.amsl.com>; Wed, 4 Jan 2023 13:17:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfqkFXyZCK8w for <hrpc@ietfa.amsl.com>; Wed, 4 Jan 2023 13:17:49 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E15C151534 for <hrpc@irtf.org>; Wed, 4 Jan 2023 13:17:49 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id d3so37204771plr.10 for <hrpc@irtf.org>; Wed, 04 Jan 2023 13:17:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Agby8ppGu6q1r4ElTH9leT1nXrvRJYivlAqoGSmrBVI=; b=5cA8qHG4fAprmutKjRrgxybnNv+VUSipvBt6ZPbY9v7owVJGERw4tOqFzP+ejhwXFI /L2oCTT1R9taFyMfVQcTCHJGUVTV/D5/lOwpD4UFlHwoYPwZnzRblG0Rdeclriyu88+w +jMjamSVizRky366iA2sFpSX/8Gwx6rPtnMq8TQFhc6adyOfGmVJk2WCuRQTAjSe8Y3X lIrR5zoC+OcDKMAeK4+meBowrN0/XFpkqV0lyzLFN+VoTaQ0AFjxBeBGIgrtMFOX6vr8 7GVN/0CkCr86L+ow8ej2fWtBKsqOY5cZQJgaj/7wo0nrVbJt4p/rc4lUy8iqggWyLZXy UyGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Agby8ppGu6q1r4ElTH9leT1nXrvRJYivlAqoGSmrBVI=; b=MmHWUiS2D+Qcoz5q/0PbJ5gIfwhO65ytBPntdgRYmtFyT3VHRi02bV3wx7LeYK9ujT 6/g81+hzx3E/lt6lpDbKKdlgwJN8M7fHuWqhRBW4TU6yKe5ed3IojGiK2vrPwRRXjHam mQDHuD0oAU2aRutNQz1vxo/5VUWJQ+njRA8QIPxdA/oN0JgpI/qNKLcoRHKvgSU+Ny/r mxHHhV0YVJbhx3THjQM/Cyyhs6SgYQIqchmoAB2o048vyzXAxbmM132KUk7ZiU1faiyF jwA8EglfvNIrKRqmO+9uupRccWE3btiTMsdh2je0pV2sryExjr6tT8A/6IBcSZ8b4Yql LvKg==
X-Gm-Message-State: AFqh2kqYjMaky/LmC2X71DFnBEwysg4ouJiYZwK4pyp6Bo03uXIiNTZ0 qea0b6Hf3UoIs4OFsVYbyR5IKf8xaXLwcxlfyLVpPA==
X-Google-Smtp-Source: AMrXdXsqFjg9DSxzXE8pe4f2XnEJcmOFLqCvI+OMYdSlMsU+BBdP2c3Asd83ajYnrklGJD3NjaVdBcu+GpWRp7Kgk34=
X-Received: by 2002:a17:902:d4ca:b0:188:a51c:b570 with SMTP id o10-20020a170902d4ca00b00188a51cb570mr3008800plg.7.1672867068908; Wed, 04 Jan 2023 13:17:48 -0800 (PST)
MIME-Version: 1.0
References: <6ddd480d-76ed-a05e-066d-d740fee61441@cdt.org> <CABcZeBO-kN+KmNcGuiAxv5ZidvuZW5A5yjB2mP_ZJCiF1qNLyg@mail.gmail.com> <f727a6c8-7f1e-0db8-46d0-36248b921b79@cdt.org>
In-Reply-To: <f727a6c8-7f1e-0db8-46d0-36248b921b79@cdt.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 04 Jan 2023 13:17:12 -0800
Message-ID: <CABcZeBPuGUXcAo6z+uSCn=99ct7ALxOP8aQHYX+ncViLitMciw@mail.gmail.com>
To: Mallory Knodel <mknodel@cdt.org>
Cc: Hrpc <hrpc@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000066338705f176b7ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ymfJGyimcvR-LxnszTvN4x6nV0I>
Subject: Re: [hrpc] HRPC recharter
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 21:17:54 -0000

On Wed, Jan 4, 2023 at 12:07 PM Mallory Knodel <mknodel@cdt.org> wrote:

> Hi Eric,
> On 12/26/22 1:49 PM, Eric Rescorla wrote:
>
>
> As an outsider, when HRPC was first started, it seemed to have a real
> BCP-72ish vibe in which there would be:
>
> - Some common set of expectations for a what it would mean for a
>   document to be analyzed from a human rights perspective (presumably
>   documented in RFC 8280)
>
> - Some process for external review for those factors (presumably done
>   by HRPC)
>
> That is indeed what we are hoping to achieve with draft-guidelines. But to
> the latter, I think the "external" bit has been troubled completely and for
> good reason. There's agreement that this work should happen in the WG to
> the extent possible, and ideally even done by the group itself and not
> dispatched from HRPC.
>
OK, but then it's not clear to me what HRPC's role is in this.


> And of course there is the the "Considerations" name of the RG
> itself.
>
> Whatever the intentions at the time, I think it's pretty clear that
> this has not been the outcome: there haven't been that many of these
> reviews and I don't think there's really broad consensus on how to
> think about human rights in protocol design (see my separate review of
> the 8280 revision [0]). More generally, at least from my perspective,
> the work of HRPC has not had much impact on IETF operational practice
> in terms of protocol design (even less so than there is around Privacy
> Considerations).
>
> But perhaps more indicatively, do you think there have been missed
> opportunities since HRPC was chartered?
>
> I would charge that one reason there hasn't been a lot of visible impact
> is that there haven't been visible opportunity, reason, or occasion to
> intervene.
>
Well, given that 8280 is now over 5 years old, then this seems like an
argument that
this part of the project isn't really very plausible, no? It's certainly
not like there
haven't been plenty of specifications published in IETF and plenty of them
needed and got review for security, etc.

I see that the proposed charter revises this bullet somewhat to remove
> the comparison to 6973, but I think it would be good to be clearer in
> the charter that the intent for the HRPC is not to be some
> human-rights flavored version of secdir or opsdir. In particular, if
> guidelines for how to design protocols so that they protect human
> rights are to have any normative force, they need to come out of the
> IETF, not the IRTF. And if the intent is to provide something
> informative, then I think what's needed is something much more like an
> analysis of problems and a catalog of techniques than guidelines. This
> is, for instance, what PEARG does.
>
> That's why we removed the reference so if there's more we could do to make
> clear this intention, I'd be happy to re-work other parts of the text as
> well. (I like to delete things, rather than add them, where possible.)
>
> Could you give an example of where PEARG has published a doc that does
> this well.
>
So, for instance,
https://www.ietf.org/archive/id/draft-irtf-pearg-website-fingerprinting-01.html
does a good job
of capturing the technical state of play.

And
https://www.ietf.org/archive/id/draft-irtf-pearg-ip-address-privacy-considerations-01.html
talks about the problem of IP tracking.

What I think differentiates these documents from (say) 8280 or 8280-bis is
that they actually are of assistance to someone trying to build a system
that addresses these problems. By contrast, 8280 just kind of lays out the
various concerns, but doesn't actually help you resolve them (see my quite
extensive review for more).

And alternatively if you can point to a place in the charter where this
> sort of thing appears and is described better than what we have?
>
I'm sorry,  I don't think I understand that question.

-Ekr


>
>
> The two other objectives have a more public awareness type flavor:
>
>  * To expose the relations between protocols and values, with a focus
>    on the human rights framework.
>  * To increase the awareness in both the policy community and the
>    technical community on the importance of the technical workings of
>    the Internet and its impact on human rights and the public
>    interest.
>
> I don't track the work in these areas as closely, so I'm less able
> to say whether that work is going well or not. For what it's worth,
> I don't typically refer to the artifacts of this group as the main
> sources for the human rights impacts of protocols, but perhaps
> others have a different experience.
>
> I do think I have a better sense of these things, but irrespective of
> that, I think re-writing the charter on these two points is unlikely to
> have an effect. We're expressing the objectives in the best way, I believe,
> already, but open to suggested changes.
>
>
> In any case, I think rather than just spinning a new charter, it
> would be helpful to take a bigger picture look at what this RG
> should be trying to accomplish.
>
> I'd like to say this is a great time to be doing both. Thanks for engaging
> and happy to take both conversations forward in the ways you've outlined
> above,
>
> -Mallory
>
> -Ekr
>
>
> [0]
> https://mailarchive.ietf.org/arch/msg/hrpc/I2mP4Wehcj3UTSGqh4uwH6QoA4Y/
>
> On Thu, Dec 22, 2022 at 9:30 AM Mallory Knodel <mknodel@cdt.org> wrote:
>
>> Dear RG,
>>
>> Hope everyone is well.
>>
>> At the 115 meeting HRPC was reviewed by the IAB [0], notes of which are
>> forthcoming from the IAB.
>>
>> Partially as a result, though this activity predates the review itself,
>> Sofia and I have been reviewing the HRPC charter. In particular we are
>> keen to expand HRPC slightly, though arguably our area of work will
>> remain the same (more on that later), to explicitly welcome policy
>> discussions.
>>
>> The recharter text is available in GitHub [1] where you can view a diff
>> [2]. It is also in a plaintext format with more visual indications of
>> where the changes have been made [3].
>>
>> My view on the proposed change to include "policy" as a replacement for
>> "protocol" in the name and charter text have been shaped by both of the
>> past chairs of HRPC and Colin's feedback, which is that the human rights
>> framework can apply to virtually any policy discussion and therefore
>> HRPC has all along according to its charter had a mandate to talk about
>> these issues. However I do think that the slight rephrasing in places
>> gives us necessary updates that reflect the current political moment as
>> well as learning from past lessons since the group was chartered the
>> first time. Additionally I think there is value in the group name and
>> its charter text being written so as to explicitly attract researchers
>> and research that discuss policy, as a "place to land" in the IETF/IRTF.
>>
>> We welcome any comments on the proposed changes.
>>
>> Happy new year and best wishes to everyone,
>>
>> -Chairs, Mallory & Sofia
>>
>> [0] https://www.iab.org/wiki/index.php/RG_Reviews
>>
>> [1] https://github.com/IRTF-HRPC/IRTF-HRPC/blob/main/hrpccharter.md
>>
>> [2]
>>
>> https://github.com/IRTF-HRPC/IRTF-HRPC/commit/1a029b31ab3521e8da1490924c94397a99497d19
>>
>> [3] https://pad.riseup.net/p/Qgq2TJuWLbFSY1Jrcxgm
>>
>>
>> --
>> Mallory Knodel
>> CTO, Center for Democracy and Technology
>> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
>>
>> _______________________________________________
>> hrpc mailing list
>> hrpc@irtf.org
>> https://www.irtf.org/mailman/listinfo/hrpc
>>
> --
> Mallory Knodel
> CTO, Center for Democracy and Technology
> gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
>
>

v2.23.0 | Report a Bug | By Email