Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis
Joseph Lorenzo Hall <joe@cdt.org> Wed, 09 January 2019 13:42 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: iasa20@ietfa.amsl.com
Delivered-To: iasa20@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEBB8124B0C for <iasa20@ietfa.amsl.com>; Wed, 9 Jan 2019 05:42:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyDKVEJrIppP for <iasa20@ietfa.amsl.com>; Wed, 9 Jan 2019 05:42:45 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 175C712426E for <iasa20@ietf.org>; Wed, 9 Jan 2019 05:42:45 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id k98so6703779otk.3 for <iasa20@ietf.org>; Wed, 09 Jan 2019 05:42:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aT8LON0CQt4tfVCfLSKqqtdlbXri6hD03yM1QYV9eok=; b=UX2YYuwsWsFDZ0sj/tZ+5zwDySQKfZJq4Ii1oFcI1zofXo3vAMQDJfsjgPLOAgIsDd En7LNHtD8G3fptFJc1AiLv4MGSQRnoQ7DVuViZt5TP+wJulrEO9hNDTL87hUZ36ZcH2l hn5GlT35Gs4SnciI5nc1gjCIyKml9ljXPxJ3c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aT8LON0CQt4tfVCfLSKqqtdlbXri6hD03yM1QYV9eok=; b=k8f79rFeuykfZfm183XH8evIa63LlN62cDtDOmWFaiTlam7qYqJf7s/2vlMAZ8Viow 0mjS8s6ynq5TPh70eOuEEktm++RXj/jhnY9lBBsPP0cmgtDB5p6jYgfDtm+M04oKEOqq en+I6V59yFcCQ+krRs2oo/teQOIs84Zw6tOHS4DlBfekLfIgUAWO1RMEeuzMM7P4X8wk SqJYLo0HSigGZxwLBepIQz7kqTLW+C4qapx0jtOmxXjrgBJusF55Aa7R6uaLv+E1BJ5t H1iDL+uj2Ziy3fKNorZlc6OpMpIysI3nvjNhOhAjBFmD4k5Ay+Lv6YyzBFLyjzbME1/J AF0w==
X-Gm-Message-State: AJcUukdRRxs3HyaCvR1r1zuBBah9BnwvqvMaPAS+9aXdZI4f0WcwwogG blOREZjb1dFBAChcE3TIVja0+WtU27ox9VxWpR25VsqGYs0=
X-Google-Smtp-Source: ALg8bN5Qp7KzxQFOTQ9MXdIkyetrw4pafZLgqRXkwRKR/p1AnpbO8+V9YBSxdY/UxhrvtQ31QF/jJn1lN9Q2rZVDIbs=
X-Received: by 2002:a05:6830:1198:: with SMTP id u24mr3791257otq.97.1547041363659; Wed, 09 Jan 2019 05:42:43 -0800 (PST)
MIME-Version: 1.0
References: <E394AA72-4B4F-4C69-9506-C3242B216E62@ischool.berkeley.edu>
In-Reply-To: <E394AA72-4B4F-4C69-9506-C3242B216E62@ischool.berkeley.edu>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Wed, 09 Jan 2019 08:42:32 -0500
Message-ID: <CABtrr-V+NWbRo8vot3MACpUm_pOBtb-UPHc+BtdaKGA_7P=cRg@mail.gmail.com>
To: Nick Doty <npdoty@ischool.berkeley.edu>
Cc: IASA 2 WG <iasa20@ietf.org>, Brad Biddle <brad@biddle.law>
Content-Type: multipart/alternative; boundary="000000000000ef2aa0057f06a2b8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iasa20/n2_jQJqbDQVVS2pQoiX6PszasKg>
Subject: Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis
X-BeenThere: iasa20@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions relating to reorganising the IETF administrative structures in the so called IASA 2.0 project. <iasa20.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iasa20>, <mailto:iasa20-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iasa20/>
List-Post: <mailto:iasa20@ietf.org>
List-Help: <mailto:iasa20-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iasa20>, <mailto:iasa20-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2019 13:42:48 -0000
Thank you, Nick. Responses inline: On Mon, Jan 7, 2019 at 5:37 PM Nick Doty <npdoty@ischool.berkeley.edu> wrote: > Please forgive my > non-intimately-involved-with-IETF-administrative-activities eyes if my > questions are naive, but perhaps that kind of review will be useful for the > WG. > > Very useful, thank you. > --- > > There's a lot of passive voice in these descriptions, which makes it > unclear who is making these decisions or executing these actions. For > example, from the Introduction: > > > Under this structure, the Internet Administrative Oversight Committee > (IAOC) is eliminated > > Who decided to eliminate the IAOC? When? Is that decision documented? Or: > > > Under IASA 2.0, most of the responsibilities that [RFC4071] assigned to > the IETF Administrative Director (IAD) and the Internet Society (ISOC) were > transferred to the IETF LLC and IETF Administration LLC Executive Director > (IETF Executive Director). > > Who transferred those responsibilities? Did the IAD and ISOC choose to > transfer them, or did they agree with someone else's choice to move them? > > I see there are also previous comments on-list regarding the tense of > these documents: present, future, past, etc. I agree that consistency there > would be helpful in explaining what has happened or will happen. For > example, I am genuinely not clear on whether IETF LLC is currently managing > IETF's administrative activities or if that's a proposed change for the > future. The two examples of passive voice I noted above use different > tenses and I'm not sure if that implies something. > > (Yes, the IETF Administration LLC is managing IETF's administrative activities under an interim board structure awaiting nomcom to fill seats on the first full board.) > RFC4071 describes an effective date as tied to when the document is > approved as a BCP, but there is no description of effective date in this > document. > > (RFC4071 did not have to deal with the external dependencies that we had to here that I describe below. I suppose the effective date was August 27, 2018 when the ISOC-IETF agreement was executed, but I'm not sure this is that important?) > > This document outlines how the chosen option is structured > > Who chose this option over the other documented options? Was that decision > by consensus of IETF or IAOC or some other body? > > Section 3.8 "Community Consensus and Grant of Authority" may perhaps be > the answer to these questions; if so, that could be clarified. Is the > "broad-based community consensus" documented somewhere? Was there an > IETF-wide Last Call? Was the broad consensus for the general shift to a > disregarded entity, or to all of the details of this IASA 2.0 structure? Is > the review of this document intended to be the process of gathering > consensus for the IASA 2.0 structure or is that consensus already > established and reviews of this document are just reviews of the > description of the previous consensus decisions? > > I recognize that RFC4071 was equally vague regarding documentation of > consensus, but I don’t think that needs to be repeated. > > The IASA 2.0 process started in November 2016 with then-IETF Chair Jari Arkko outlining the need and a potential structure for the IASA 2.0 effort: https://www.ietf.org/blog/proposed-project-ietf-administrative-support-20/ Subsequently, this involved a number of virtual workshops, establishing this WG, working with an IASA2 design team to bring potential options to the WG, and then in 2018 working to put the new structure in place before ISOC's president left office. This is all to say that this has been long and complicated, but one of the kinks in the process has been that we had to tell lawyers what to do before it was even close to reasonable to get IETF-wide consensus as that takes a very long time. So, the agreement between ISOC and IETF Administration LLC that establishes the disregarded entity embeds pieces of this document within it. This document was previously meant to document the work and decisions made by the IASA2 WG in arriving at the settled-upon model and ideally would have gone out to IETF-wide Last Call, etc. closer to the time that the legal agreement was executed. However, in our collective wisdom, we realized that -struct was basically a bis of RFC4071 and that we'd need to adapt it to be more of an rfc4071bis document, which delayed the document until now as those were not easy edits. So, we are in essence ratifying the choices made by the IASA2 WG with this document, but events external to the IETF process had to happen before the IETF process could complete work on this document. Certainly, getting rfc4071bis through the IETF process may require changes to the material that was embedded into the ISOC-IETF legal agreement, and we will have to go back to the ISOC BoT and get those changes approved to reflect the final form of this document. I'm not sure any of this should be inserted directly into the document and if readers follow the citations to the haberman ID and the IASA workshop reports, etc. it's certainly possible to construct this from the materials we cite to. Nick, I suspect you'll have additional questions and I'd like to hear if there are ways we can change the document to make sense for people that have not been as involved in the WG work. I can imagine an "RFC Editor please remove this before publishing..." section that describes this but then would let the document stand on its own once published? > --- > > > o Compliance. The IETF LLC is responsible for establishing and > > enforcing policies to ensure compliance with applicable laws, > > regulations, and rules. > > This bullet point could be interpreted extremely expansively, in ways that > may not be desirable. Which jurisdiction's laws will apply to the IETF LLC? > If IETF LLC manages the operations of the IETF and a law passes > requirements on design of technical systems to enable compliance with court > orders providing access to message content, will the LLC be required to > establish and enforce policies to ensure compliance with those laws? Ensure > compliance by whom? > > I think the intent is for the IETF LLC and its staff to follow applicable > laws for its own internal operations, rather than the operations or > decisions of the IETF, but if so, I think that distinction could be > explicitly called out. We should be mindful that the simplicity of having a > single independent organization representing the IETF and acting as its > fiscal sponsor could also provide simplicity for a government regarding > whom to pressure. Naming the administrative entity almost identically to > the standard-setting activity could generate real confusion on the > separation between the two and the control one exerts over the other. > > Later on, the legal compliance areas are described with examples: > > anti-terrorism sanctions, export controls, data protection/privacy > > Those seem like areas that might apply to IETF activity as much as or more > so than to IETF LLC activity. Would export controls on encryption > technology apply to publications of the RFC Editor? > Yes, we are clear in the document that the IETF Administration LLC exits only to facilitate the IETF standards process and that nothing in scope of the IASA2 effort should affect the standards process or the substance of standards themselves. Practically – and Brad Biddle can weigh in if we need a more formal answer – the IETF Administration LLC will have to follow US and Delaware State law. If either of those legal regimes pass laws that would affect IETF work, the legal agreement has a mechanism for separation and was designed to be flexible. I know those of us involved with the legal committee here have spent some time thinking about things that do touch the IETF standards process, for example US cryptographic export control laws that require publishers of encryption source code to report instances of code that performs encryption to the Department of Commerce (and NSA). best, Joe -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
- [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Livingood, Jason
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Brian E Carpenter
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Eliot Lear (elear)
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Livingood, Jason
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Joseph Lorenzo Hall
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Nick Doty
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Joseph Lorenzo Hall
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Brian E Carpenter
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Joseph Lorenzo Hall
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Brian E Carpenter
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Livingood, Jason
- Re: [Iasa20] WGLC: draft-ietf-iasa2-rfc4071bis Bob Hinden