IETF Logo Mail Archive

Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Mark Nottingham <mnot@mnot.net> Fri, 06 January 2023 01:19 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B67C1522C1; Thu, 5 Jan 2023 17:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=r1EivPiL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=c/CDJzaA
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Paf_8xSWHrrl; Thu, 5 Jan 2023 17:19:32 -0800 (PST)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB60EC1522AA; Thu, 5 Jan 2023 17:19:32 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 65A033200981; Thu, 5 Jan 2023 20:19:31 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Thu, 05 Jan 2023 20:19:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1672967971; x= 1673054371; bh=vCRlPl28MClIiZpx3x3EOlZ7ghikRpuqLIpjZwdg9k0=; b=r 1EivPiLG2q/fecRap68IigI7sIeSsfqfFCBKuq9QXTsgLdW++A6ElOJSQZUQF4Ub KzSNaNgYgGJB8UOn8dklCLAwqWBbdWIETGCCHv5VEkZoy7uiHOxSO06qpGNc1pu9 PZXFAxEgFDLnuJLHQs26o6zcKp+9oSmvmPGRLNLlMWnODF7CPGtXCWu3hqUIF6dv SWD8FodJAQ3SHNYroRjF7t9EafDR8SrMicHRsu0FdYE5tQiEX0GiKeCangJ+cD4j XQznALZ+RnJEQrpD9Q/QCki981AwxfmUZaGxO5e98pXHJQ8R05GGn76Yy8c7sxb7 CbpKPPREk+2iYSEszfIBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1672967971; x= 1673054371; bh=vCRlPl28MClIiZpx3x3EOlZ7ghikRpuqLIpjZwdg9k0=; b=c /CDJzaAPWzg4I688FNXjCM+K2j91PLskY5+LTmLfn1JIoEAZsJynJN++Gnl6uoKP /urSgOsKtMbhXV3b9icImwRGLPUk96dVkb/Go1g8u/fmwiDqYts1Qe8X+/jChlS4 +BXJ+UrdPPjMiGrtOiGOVWTPSJqAnyWoCHmIQ9DOPbFuc53i5fLbzfB4MTlnCEpM UtVAmzQVcydiApQ2N2nwjpKtDayduOOschdeS2lGvo4InRAIGiZVAm1/e9UNh67h 9ELEigQC9bumeNL284yjsGl+zEyBJ/+E2zFBxVHbyDlN1iPt5gSMrUEDs2N6E/36 Y9W4pFjReXpcrRe3nr5xA==
X-ME-Sender: <xms:Ine3Y3wOr2yqZanorz5Qp0A2qITdjXAuQW7dQHx0wzsIA9SfeGHq2Q> <xme:Ine3Y_Su0rcZMjGtaDO26Pnk7sgKQ8fwIb8jlG6zjtmBncjdrQZGksSDHRbSEn547 RnuLGV4ZvRgB_tjJg>
X-ME-Received: <xmr:Ine3YxUONGZmXxt2YxqaEgnMmPJ6REH-NAV1HaGehBwZNuwbMxRcwIbN4nWhvS-94QcxmFfdCcVQskKV-SPrnS9mST3UXjUfgG_H5oQH-6rP-H0ZiC8zwfTo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrjeelgdefgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffvefgkfhfvffosehtqh hmtdhhtddvnecuhfhrohhmpeforghrkhcupfhothhtihhnghhhrghmuceomhhnohhtsehm nhhothdrnhgvtheqnecuggftrfgrthhtvghrnheptddtgefgueevtddugfdtkeffudegve etffegjeelhfdvtedvueejteegueegteetnecuffhomhgrihhnpehmnhhothdrnhgvthen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmnhhoth esmhhnohhtrdhnvght
X-ME-Proxy: <xmx:Ine3YxhJEL8V5Jt95C09yWiydPGacvkQt_7X55Uv6qdOLPAQ8w6Frw> <xmx:Ine3Y5Bz_mn_mGH4gfAJFoJygBaFWWMF4DF4A0WQvegXBDr5kDVYsw> <xmx:Ine3Y6Iw0aa6zIm-EM9abum3smljyorgl_HyiUDNOvD9XhpZa7Xl2A> <xmx:I3e3Y08xAmC13Fs6CyGPpduKUrEqtw0HvluD6mSNBqRjxYMfahmTQg>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 5 Jan 2023 20:19:28 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAFzihuVwNEhW0trz6UP-KC6YNOFp+puvUcDkroVJkPXjSe8drQ@mail.gmail.com>
Date: Fri, 06 Jan 2023 12:19:06 +1100
Cc: "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F859ABE-6AB0-4376-9395-ACA9431AE073@mnot.net>
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com> <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com> <9658281.42904.1672912808774@appsuite-gw2.open-xchange.com> <CA+9kkMBLiijcAyLYn_6h8z3N00EDaxdP=f7P2-qUt4Bn1iSWEg@mail.gmail.com> <HE1PR0701MB30505DC24A725E014D60FE0189FA9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <560fae4b-8624-f4ff-63a9-78e4362a5939@netmagic.com> <CAFzihuVwNEhW0trz6UP-KC6YNOFp+puvUcDkroVJkPXjSe8drQ@mail.gmail.com>
To: bradchen=40google.com@dmarc.ietf.org, vittorio.bertola=40open-xchange.com@dmarc.ietf.org
X-Mailer: Apple Mail (2.3731.300.101.1.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/0tB7Jf1lYhzhcwLGw_QNu2uPEt0>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2023 01:19:37 -0000

A few thoughts on parts of this thread --

> On 6 Jan 2023, at 12:19 am, Brad Chen <bradchen=40google.com@dmarc.ietf.org> wrote:
> 
> I question whether the IETF has the competence to unilaterally determine policy in this space. Recent comments on this thread reassure me that some of us are at least equipped to recognize the limits of our competence and to recognize the discretion that the IETF needs to exercise in how we impact policy.

and:

> On 6 Jan 2023, at 3:20 am, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:
>  
> Yes, I totally agree. Ten years ago, the IETF sincerely (with the best of intentions) and naively thought to be in charge of setting this tradeoff in Internet communications.


I'm going to pick on the language used here, because the framing of the IETF as "unilaterally determining policy" or "being in charge" leads the reader to assume that we should defer to other, seemingly more authoritative institutions.

In fact, policy for the Internet isn't set by any one entity -- it's polycentric / decentred governance, a trend in regulation that's been widely recognised now for a couple of decades. Even inside a single country, policy matters are often arrived at through collaboration between many stakeholders and often are effectively controlled by non-state actors. When global, this is transnational private regulation and there are many examples of it beyond the Internet. It means that we need to become comfortable in our role co-regulating the Internet, not try to claim control or cede it to others.

The IETF has considerable legitimacy as not only an institution that can create useful technical documents, but also as a steward of the Internet architecture as a means to realise and maintain a global public good, even as we ourselves are an essentially private institution. In contrast, state actors are still relatively unproven in their roles as Internet regulators.

Of course we should understand what other regulators of the Internet are doing and what their attitudes are, along with those of other stakeholders -- for our protocols to be successful, doing so is essential. That doesn't mean, however, that we should tie our hands or ask permission before developing protocols. Nor does it mean we should just give up and hand over change control to others, or jump to accommodate their actions when we identify serious concerns around security, privacy, ossification, or other areas where we have expertise.

> The direction explored on this thread represents a tremendous and important task. I'm pretty sure the way to fail is for engineers to go it alone. To be competent, we need to figure out how to recognize the relevance of disciplines like law and philosophy and history, and how to benefit from their perspective on these issues.

Very much agreed here, but recognise that the IETF isn't 'just engineers' -- we are an open organisation representing diverse viewpoints and experiences. Is it diverse enough? Of course not, but we can take steps to improve this and other factors that will shore up our legitimacy for the task at hand. I'd much rather do that than bury our heads in the sand -- which is the outcome whether we defer to external parties *or* we ignore them.

Cheers,


--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email