Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
Brad Chen <bradchen@google.com> Fri, 06 January 2023 15:01 UTC
Return-Path: <bradchen@google.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA959C1524C6 for <pearg@ietfa.amsl.com>; Fri, 6 Jan 2023 07:01:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.597
X-Spam-Level:
X-Spam-Status: No, score=-17.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WO_d05zPxAs for <pearg@ietfa.amsl.com>; Fri, 6 Jan 2023 07:01:16 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EF9BC151716 for <pearg@irtf.org>; Fri, 6 Jan 2023 07:01:15 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id j17so2315520lfr.3 for <pearg@irtf.org>; Fri, 06 Jan 2023 07:01:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NH7Z9KAivvoCZPyJawwUi0cr1AFUj3EMRlQtVZJlx0g=; b=YDxdWSztIckeQ3mMWMZpKZejXX+BcMdAsAUBshC4ZoGBOxREs2KMd330ailgR341/U fOIuxAmVeQZKp3aV7pbhQUA9EDmDnlA6NZBSqCGnxfgBytGvqQQq+WrTtw8USv63eJtL LJK3v75HIjRZ7QiNTppMIZyU2fZmSDiiHUSqBjOSm5s+sJirYj1CQQhWr+u92P9pTcHn eEdMAbcnSTP6zv1qvOfxSgN+gb+SoNOlz1dF5tBa9IPsZAO56W2KvQYft2pSEoL3qUUK Oxv0fMeCVRr7kjGxyO/HT4plBp3b8fdVpDrvgp9gjKM5ijbrbq+1s/0HXRC678fURfja rKgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NH7Z9KAivvoCZPyJawwUi0cr1AFUj3EMRlQtVZJlx0g=; b=PJITj7hQneMRY8sjKvFT9aF8nFmmeZw5WbxLH9mJZug7R21gsmrwFC/ez+PdoCuJLJ lRfHjONqnzi17KGTh016ZIZpvEh1UzGaIr9fqwCF7UOPBcQ5dhTaqhS56n8qCdJGlDxm f5wJ+3lZKrgGjKdKN3iFJdtCz4Y2Aqiwq0qk0JkeH0bzzUjqyXFmiXgvtO6jwGbaWWV5 iwVsC69iKxe+ri2EaFbaNwd2T+9cUPxkf7qfmGS2Ba4t2pNv3BIESSlAxsNI6v5VpB1g eTbd3zJdh+QKnY6bf9gj1uSP+2iIohPHoNRK3fIQFrlpvj3TbjmBASoxERnUA9mA6/vI 5W6w==
X-Gm-Message-State: AFqh2kq9oBeqK6cDPp8jO3KrASGgFkx19fEDJODRkr/6GHxc2oreznFl q80+Yf6/yotOUVNzQtiOQ7S9sWYpXxlPRtqxQ4tqXIU6tllvy2SO
X-Google-Smtp-Source: AMrXdXsnSWr0UHZqF5/5kNiG/Osaofh4BhYxeVxHf+A/mw3AXCTTPpkklMVEoE6gSotdpt6bsiqfoYDOYT1QJ7yRym0=
X-Received: by 2002:ac2:4e81:0:b0:4cb:38e:776b with SMTP id o1-20020ac24e81000000b004cb038e776bmr1965175lfr.688.1673017272936; Fri, 06 Jan 2023 07:01:12 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com> <764163366.39904.1672842828297@appsuite-gw2.open-xchange.com> <CABcZeBNA_nJ2waQVENUvEXro91wAYOcH0ZxWqbLH4hoKcGkosw@mail.gmail.com> <9658281.42904.1672912808774@appsuite-gw2.open-xchange.com> <CA+9kkMBLiijcAyLYn_6h8z3N00EDaxdP=f7P2-qUt4Bn1iSWEg@mail.gmail.com> <HE1PR0701MB30505DC24A725E014D60FE0189FA9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <560fae4b-8624-f4ff-63a9-78e4362a5939@netmagic.com> <CAFzihuVwNEhW0trz6UP-KC6YNOFp+puvUcDkroVJkPXjSe8drQ@mail.gmail.com> <9F859ABE-6AB0-4376-9395-ACA9431AE073@mnot.net>
In-Reply-To: <9F859ABE-6AB0-4376-9395-ACA9431AE073@mnot.net>
Reply-To: bradchen@google.com
From: Brad Chen <bradchen@google.com>
Date: Fri, 06 Jan 2023 07:00:47 -0800
Message-ID: <CAFzihuWW1V4g+fUsOu3+xE6V3E0ZW-BV+6nTnXHwwROCSDKiLA@mail.gmail.com>
To: Mark Nottingham <mnot=40mnot.net@dmarc.ietf.org>
Cc: bradchen=40google.com@dmarc.ietf.org, vittorio.bertola=40open-xchange.com@dmarc.ietf.org, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004ce3ec05f199b098"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/vhQL7qoin7fuxgxy4r-4cML2LPk>
Subject: Re: [Pearg] [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2023 15:01:21 -0000
Thank you for the thoughtful feedback. I will be first to admit I do not know enough about the IETF and as I dig into this thread and recognize various participants I am learning a few things. I completely agree that engineers and the IETF have a substantial role participating in the policy discussion. Engineers can invent solutions to open problems. More broadly they need to provide an authoritative opinion on what is possible and what is impossible regarding technology, and provide expertise on cost and other implications of a technology option. When technology is the wrong way to solve a problem, engineers need to be a part of the conversation to explain why. It is necessary and proper that the IETF contribute to the broader expertise required to recognize problems that are amenable to a technology solution and those that are not. At Google I work on public safety. I think in my comments above I may have overreacted to some of the language in this thread. I apologize if that was disruptive. However my reaction is also coming out of my broader experience, and my frustration at times with technical designs that have the consequence of sacrificing one human right for another, while ignoring notions of responsibility and concretely making safety worse. The industry has made magnificent progress on privacy in the last decade, driven by the leadership, sometimes self-interested, of a subset of players. I can't say the same thing about our progress on public safety; on the contrary I would argue our progress has been negative, and our trajectory is yet to be corrected. Brad On Thu, Jan 5, 2023 at 5:19 PM Mark Nottingham <mnot= 40mnot.net@dmarc.ietf.org> wrote: > A few thoughts on parts of this thread -- > > > On 6 Jan 2023, at 12:19 am, Brad Chen <bradchen= > 40google.com@dmarc.ietf.org> wrote: > > > > I question whether the IETF has the competence to unilaterally determine > policy in this space. Recent comments on this thread reassure me that some > of us are at least equipped to recognize the limits of our competence and > to recognize the discretion that the IETF needs to exercise in how we > impact policy. > > and: > > > On 6 Jan 2023, at 3:20 am, Vittorio Bertola <vittorio.bertola= > 40open-xchange.com@dmarc.ietf.org> wrote: > > > > Yes, I totally agree. Ten years ago, the IETF sincerely (with the best > of intentions) and naively thought to be in charge of setting this tradeoff > in Internet communications. > > > I'm going to pick on the language used here, because the framing of the > IETF as "unilaterally determining policy" or "being in charge" leads the > reader to assume that we should defer to other, seemingly more > authoritative institutions. > > In fact, policy for the Internet isn't set by any one entity -- it's > polycentric / decentred governance, a trend in regulation that's been > widely recognised now for a couple of decades. Even inside a single > country, policy matters are often arrived at through collaboration between > many stakeholders and often are effectively controlled by non-state actors. > When global, this is transnational private regulation and there are many > examples of it beyond the Internet. It means that we need to become > comfortable in our role co-regulating the Internet, not try to claim > control or cede it to others. > > The IETF has considerable legitimacy as not only an institution that can > create useful technical documents, but also as a steward of the Internet > architecture as a means to realise and maintain a global public good, even > as we ourselves are an essentially private institution. In contrast, state > actors are still relatively unproven in their roles as Internet regulators. > > Of course we should understand what other regulators of the Internet are > doing and what their attitudes are, along with those of other stakeholders > -- for our protocols to be successful, doing so is essential. That doesn't > mean, however, that we should tie our hands or ask permission before > developing protocols. Nor does it mean we should just give up and hand over > change control to others, or jump to accommodate their actions when we > identify serious concerns around security, privacy, ossification, or other > areas where we have expertise. > > > The direction explored on this thread represents a tremendous and > important task. I'm pretty sure the way to fail is for engineers to go it > alone. To be competent, we need to figure out how to recognize the > relevance of disciplines like law and philosophy and history, and how to > benefit from their perspective on these issues. > > Very much agreed here, but recognise that the IETF isn't 'just engineers' > -- we are an open organisation representing diverse viewpoints and > experiences. Is it diverse enough? Of course not, but we can take steps to > improve this and other factors that will shore up our legitimacy for the > task at hand. I'd much rather do that than bury our heads in the sand -- > which is the outcome whether we defer to external parties *or* we ignore > them. > > Cheers, > > > -- > Mark Nottingham https://www.mnot.net/ > > -- > Pearg mailing list > Pearg@irtf.org > https://www.irtf.org/mailman/listinfo/pearg >
- [Pearg] Ten years after Snowden (2013 - 2023), is… John Mattsson
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christopher Wood
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Brian E Carpenter
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … George Michaelson
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Niels ten Oever
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Vittorio Bertola
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Stewart Bryant
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eliot Lear
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brian E Carpenter
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Ted Hardie
- Re: [Pearg] [saag] Ten years after Snowden (2013 … John Mattsson
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Kyle Rose
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Antoine FRESSANCOURT
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Eric Rescorla
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [EXT] Re: [saag] Ten years after Snow… Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alan DeKok
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [hrpc] Ten years after Snowden (2013 … Stephen Farrell
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Deen, Glenn (NBCUniversal)
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… bzs
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Abdussalam Baryun
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Brad Chen
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Laurence Lundblade
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Adrian Gropper
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dino Farinacci
- Re: [Pearg] [saag] [hrpc] Ten years after Snowden… Tony Rutkowski
- [Pearg] times square 15 sec delay new years Dave Taht
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Dan Harkins
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Vittorio Bertola
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Alec Muffett
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Mark Nottingham
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Vittorio Bertola
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Ted Lemon
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [hrpc] [saag] Ten years after Snowden… Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Tony Rutkowski
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Lloyd W
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Phillip Hallam-Baker
- Re: [Pearg] Ten years after Snowden (2013 - 2023)… Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Fernando Gont
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Luigi Iannone
- Re: [Pearg] [saag] Ten years after Snowden (2013 … Christian Huitema