IETF Logo Mail Archive

Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Brad Chen <bradchen@google.com> Thu, 05 January 2023 13:19 UTC

Return-Path: <bradchen@google.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E777C152712 for <pearg@ietfa.amsl.com>; Thu, 5 Jan 2023 05:19:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.597
X-Spam-Level:
X-Spam-Status: No, score=-17.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-91y4CQ5DYY for <pearg@ietfa.amsl.com>; Thu, 5 Jan 2023 05:19:44 -0800 (PST)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2046C1526F6 for <pearg@irtf.org>; Thu, 5 Jan 2023 05:19:44 -0800 (PST)
Received: by mail-lj1-x22f.google.com with SMTP id s22so38652673ljp.5 for <pearg@irtf.org>; Thu, 05 Jan 2023 05:19:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xiqqTjmS6Rc25tuSVA5lkt95fG3UeDRKls2mM8F9ZiQ=; b=gNatfw1GKv2IiiSaxxGe2r8ESqG903VuV7R8hGaREYqrO7RCn/3Qn9i+7RKhUzrmgD jlIzWpPnC0lzsnitvF0+46HRcCv1Q123rEqKqa/3vGupJ1396M7rIilUYPoRqpcCL0Bt wO+b8jBmGncYljjHHcZtdP89pCGEtsayfFOXpMf4xVQlz8yCTCwNcpOKMBHMvrgKmY0A AbYpKhPp1uQAx4SwJ3uzoHkBwXR+xikPctHB9YUhfjfID6rXPfn79omiUEPDfoaThFhi 0cDsRhyRstzIezw2iSj4Xa7mLvDyW1LcLFUg8TZUP+fgzPVb8+Yyh8QldxSZxdkIT+cb YGFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xiqqTjmS6Rc25tuSVA5lkt95fG3UeDRKls2mM8F9ZiQ=; b=h1X4XOjDw+i1DrC9hb5d8exZZJuXzz7fIN/T2bCWGkSknboSuIx3Pl5cFr995rUKWQ IPapiT24KjYUKsiZ1S1ZSQnGaYRTh4nz3m6nd6M0GS9tM3xbmC/zHLRzSPxczQhajyDg 6OZirxJ7BITwXjVnE4oCL11CAo0XfhLOHlMdX7OSkX1yV/kP1T5hHUDlMap/OUiYhFbb vF/6Bk1s7LlC8ieNACdUYbxbE3XbzglJOVHucKmSSRwGgEodpjMHbuxv1E+jXddowK33 htrIPVLYLiyb0uH1rlL3+9jYZ43XrW/vaTYPKqsUAMA9FEfNERz+8Is3JMUiy01MdkCk wpvA==
X-Gm-Message-State: AFqh2kpPSUkIDrbQAa03sY70gsXBuEhqntme7PSg4kMQd9QLpFB1z0St 7Uml4W5zz/20BsHntZxpV+OBXoknA1EXrAjLtwb+Ow==
X-Google-Smtp-Source: AMrXdXsA4UQrhNf61T0hmz0pJ79+C6qxZ1AQF8bhrmX4C+AMHtr4KykA9yYxmrUxW67Kd4cAdFCNcd2D3ZP4zoz6PCg=
X-Received: by 2002:a2e:be2b:0:b0:27f:bb8b:7520 with SMTP id z43-20020a2ebe2b000000b0027fbb8b7520mr3150081ljq.371.1672924782557; Thu, 05 Jan 2023 05:19:42 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com> <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com> <9658281.42904.1672912808774@appsuite-gw2.open-xchange.com> <CA+9kkMBLiijcAyLYn_6h8z3N00EDaxdP=f7P2-qUt4Bn1iSWEg@mail.gmail.com> <HE1PR0701MB30505DC24A725E014D60FE0189FA9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <560fae4b-8624-f4ff-63a9-78e4362a5939@netmagic.com>
In-Reply-To: <560fae4b-8624-f4ff-63a9-78e4362a5939@netmagic.com>
Reply-To: bradchen@google.com
From: Brad Chen <bradchen@google.com>
Date: Thu, 05 Jan 2023 05:19:25 -0800
Message-ID: <CAFzihuVwNEhW0trz6UP-KC6YNOFp+puvUcDkroVJkPXjSe8drQ@mail.gmail.com>
To: trutkowski@netmagic.com
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Ted Hardie <ted.ietf@gmail.com>, Vittorio Bertola <vittorio.bertola@open-xchange.com>, saag <saag@ietf.org>, "pearg@irtf.org" <pearg@irtf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000007076d905f1842736"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/sOlJXSwwfxFrOsbJZ7KSdT1h6a8>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 13:19:49 -0000

I question whether the IETF has the competence to unilaterally determine
policy in this space. Recent comments on this thread reassure me that some
of us are at least equipped to recognize the limits of our competence and
to recognize the discretion that the IETF needs to exercise in how we
impact policy.

The right to privacy has never been absolute. The tension between privacy,
free expression and the public right to know represents some of the most
challenging questions in moral philosophy and law. When we pretend we can
unilaterally establish policy through technology, we demonstrate our
incompetence with regards to disciplines like law and moral philosophy.

For people interested in the legal and historical background on the right
to privacy, Amy Gajda's book "Seek and Hide" is excellent. Regarding the
philosophical foundations of rights and responsibilities, Onora O'Neill has
published a book "A Philosopher Looks at Digital Communications" that
provides a gentle introduction to the basics, with some more thorough
treatment in her book "Justice without Boundaries." A foundational source
is Immanuel Kant's "Groundwork for the Metaphysics of Morals" which is not
for the meek.

The direction explored on this thread represents a tremendous and important
task. I'm pretty sure the way to fail is for engineers to go it alone. To
be competent, we need to figure out how to recognize the relevance of
disciplines like law and philosophy and history, and how to benefit from
their perspective on these issues.

Brad


On Thu, Jan 5, 2023 at 3:59 AM Tony Rutkowski <trutkowski.netmagic@gmail.com>
wrote:

> With NIS2 coming now coming into force, and the CRA being finalized,
> sorting out some of the threats is underway, although there are now 50
> relevant EU Directives and 55 EU Regulations in force with 16 coming into
> force in 2023 at present count...plus an assortment of Decisions and
> Resolutions that all effect electronic communication mandates.  Most of
> them have extraterritorial application.  In the real world, there are many
> competing requirements, and as Meta recently found out, with significant
> adverse consequences for non-compliance.  It is worth noting that while
> this list resides in the IETF domain, there are several hundred standards
> bodies - many of which are far larger, encompassing more of industry, and
> more relevant than the IETF.  So to borrow a Clint Eastwood phrase, a venue
> has got to know its limitations.
>
> --tony r
> On 1/5/2023 6:13 AM, John Mattsson wrote:
>
> Agree that there is not a single threat, and I don’t think it is so
> important to determine which one of the threats that are the biggest. The
> last 10 years IETF has been quite good at securing transit (which is great
> and something we should celebrate) while at the same time mostly ignoring
> endpoint threats. As Vittorio writes, this poses a risk to damage IETF’s
> reputation. Assuming that endpoints are not compromised, not malicious, and
> that the interests align with the interests of the end-users feels quite
> outdated with today’s zero trust principles.
>
> Cheers,
> John
>
> *From: *Ted Hardie <ted.ietf@gmail.com> <ted.ietf@gmail.com>
> *Date: *Thursday, 5 January 2023 at 11:36
> *To: *Vittorio Bertola <vittorio.bertola@open-xchange.com>
> <vittorio.bertola@open-xchange.com>
> *Cc: *Eric Rescorla <ekr@rtfm.com> <ekr@rtfm.com>, John Mattsson
> <john.mattsson@ericsson.com> <john.mattsson@ericsson.com>, ietf@ietf.org
> <ietf@ietf.org> <ietf@ietf.org>, hrpc@irtf.org <hrpc@irtf.org>
> <hrpc@irtf.org>, pearg@irtf.org <pearg@irtf.org> <pearg@irtf.org>, saag
> <saag@ietf.org> <saag@ietf.org>
> *Subject: *Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is
> IETF keeping its promises?
>
> A quick response in-line.
>
>
>
> On Thu, Jan 5, 2023 at 10:00 AM Vittorio Bertola <vittorio.bertola=
> 40open-xchange.com@dmarc.ietf.org> wrote:
>
>
>
> Il 04/01/2023 20:33 CET Eric Rescorla <ekr@rtfm.com> ha scritto:
>
>
>
> I still think this was a big fail; in fact, this implies that
> counteraction against surveillance capitalism practices can only happen
> elsewhere, at the regulatory level, as the IETF community either does not
> know what to do about it, or does not want to do anything about it.
>
>
>
> I don't think this is true at all.
>
>
>
> First, the IETF *is* working on issues around privacy and preventing
> various forms of surveillance capitalism. That's in part what initiatives
> like DoH, QUIC, TLS 1.3, ECH, OHAI, MASQUE etc. are about.
>
> Of course you will disagree with what I am going to say, but here is the
> common (though not unanimous) viewpoint from the technical policy community
> of a different part of the world - no offense implied.
>
>
>
> In Europe, "surveillance capitalism" is basically synonymous with a set of
> a few very big American companies that happen to be the ones promoting and
> deploying the standards you mention.
>
>
>
> First, I'm not sure that it is reasonable to assume that there is a single
> European position on anything.  Brussels is not Lisbon and neither is Oslo
> or Budapest.  And within each of those, academics, regulators, and civil
> society may have different opinions.  As in the US, there are folks
> cheering for DoH and people opposed; there are people delighted with OHAI
> and folks depressed about it.
>
>
>
> Second, I think we have to be careful to talk as if there is a single
> threat model here.  At least one of the threat models is truly about
> pervasive surveillance, which reflects an updated understanding that an
> attacker may be omnipresent across the network and thus able to correlate
> activities that a sender or receiver previously assumed could not be
> linked.  That's what RFC 7624, Section 5 described.   Many of the key
> characteristics of protocols like QUIC were designed with this threat model
> in mind; they provide increased confidentiality on the wire.  Because that
> threat model is focused on observation, rather than the capabilities of the
> parties, it has little to do with concerns that a small set of players is a
> party to many different sorts of communications.  That's a different
> threat, and some of the work to address it, like OHAI, starts from very
> different principles as a result.
>
>
>
> Both amongst ourselves and when talking to those working in policy
> circles, I think it is very important to be clear on what threat we
> perceive and what responses target that.   Lumping all the threats and all
> the responses together makes it difficult to see the progress that has been
> achieved and even more difficult to identify where work still needs to be
> done.
>
>
>
> Just my personal opinion, of course,
>
>
>
> regards,
>
>
>
> Ted Hardie
>
>
>
> So, it will be hard to convince people in Brussels or Berlin that those
> standards are meant to put the business model of their proponents under
> check. Actually, they are more likely to lead to the conclusion that the
> IETF is being used as an instrument to further that business model, and
> that the encrypted network architecture that it is promoting is meant to
> disempower end-users and any other party (including European law
> enforcement and privacy authorities) from checking what the endpoints do,
> which information they send and who they send it to, facilitating
> uncontrolled data extraction practices by the private companies that mostly
> control the endpoints, i.e. the above ones.
>
>
>
> There is a general feeling that the bigger threats to user privacy are now
> not in transit, but in or before the endpoints. So, the fact that the IETF
> does not want to consider threats in the endpoints is seen as additional
> evidence for the above.
>
>
>
> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchangevittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
>
> _______________________________________________
> saag mailing listsaag@ietf.orghttps://www.ietf.org/mailman/listinfo/saag
>
> --
> Pearg mailing list
> Pearg@irtf.org
> https://www.irtf.org/mailman/listinfo/pearg
>

v2.23.0 | Report a Bug | By Email