IETF Logo Mail Archive

Re: [regext] "Considerations" Sections

Kal Feher <ietf@feherfamily.org> Wed, 07 November 2018 02:13 UTC

Return-Path: <ietf@feherfamily.org>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D40E6128CE4 for <regext@ietfa.amsl.com>; Tue, 6 Nov 2018 18:13:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7T_8PVKS8vw9 for <regext@ietfa.amsl.com>; Tue, 6 Nov 2018 18:13:29 -0800 (PST)
Received: from indigo.securenic.net (li90-55.members.linode.com [74.207.248.55]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39638127598 for <regext@ietf.org>; Tue, 6 Nov 2018 18:13:29 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by indigo.securenic.net (Postfix) with ESMTP id F12EF66CD6 for <regext@ietf.org>; Wed, 7 Nov 2018 13:13:28 +1100 (AEDT)
X-Virus-Scanned: amavisd-new at securenic.net
Received: from indigo.securenic.net ([127.0.0.1]) by localhost (indigo.securenic.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obxjDH2bLDIu for <regext@ietf.org>; Wed, 7 Nov 2018 13:13:28 +1100 (AEDT)
Received: from dhcp-9e4a.meeting.ietf.org (dhcp-9e4a.meeting.ietf.org [31.133.158.74]) by indigo.securenic.net (Postfix) with ESMTPSA id 020E366CC9 for <regext@ietf.org>; Wed, 7 Nov 2018 13:13:26 +1100 (AEDT)
To: regext@ietf.org
References: <d250d4aa2e284ab1bc4fdc770770d2d1@verisign.com> <3feaffd7-902a-d9f3-5ff6-58313ef412a8@digitaldissidents.org> <d99249ab1a8a450996d936272e90ebcb@verisign.com> <05858420-677d-4569-82c5-f2fdcccd2eef@digitaldissidents.org> <89c3df7d69844e51aa156210d90052a6@verisign.com> <290edd26-2f7e-35ee-47d6-5708bcabcdd1@digitaldissidents.org> <5B212B3C-45B0-47BD-8BBB-91C6C0E0F0A6@verisign.com> <3f5815ca-e3cb-e696-12cf-c9bd7e4f120f@digitaldissidents.org> <1a4d3364-e138-a2ca-ed8b-5fd30ac0bbe1@feherfamily.org> <BB87EF5B-86B0-4203-9D60-AA466B0D4B84@verisign.com> <236de218-13cb-d1c3-e831-0a6a24e10d8e@digitaldissidents.org> <384B783C-6DF7-4FCC-8159-D45FCC605F0D@verisign.com> <4dac9c14-cc16-5ffd-46db-91aae47a1cbf@digitaldissidents.org> <CAAQiQRcdF0bft2BznsYxHOJDVX+_0SuFV_JtpXy3B7a49shVdQ@mail.gmail.com>
From: Kal Feher <ietf@feherfamily.org>
Openpgp: preference=signencrypt
Autocrypt: addr=ietf@feherfamily.org; keydata= xsBNBFtz9XEBCAD2uTgg4OvehOlyellLS2prQpjmrMP6eck6Ow40GNZrqsM9XTCF1KRh1XmE qHHSEswbyoHia6mYfXrG/5lHjeisgVK6cqw2CpzyR+i/PhFbqjtiEQsWuiKa72hcW6J95TNL XEBvbcNHIkl1VOCbfKuMhqbtqoEfUWlsPdM/W5Vk/6OboY81VIPxpIws5Db8TIODjBEcKmhe BmkoIcsztHbo+p2uM7B2kyi9MzBFVYMeGF6IQTdinCw7WCBE8Jrmx645oQ/TNGT+//WXXTrU 5wajmHdNEYWa0muT/IhKstvU6K0/fWRfwQaQ4sdKAzJ+/8xu+A7xiPYBJq/7MHcpTIUfABEB AAHNIEthbCBGZWhlciA8aWV0ZkBmZWhlcmZhbWlseS5vcmc+wsCUBBMBCAA+FiEEce3bjehV CDyQmzspY20IgJ75NrcFAltz9XICGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA CgkQY20IgJ75Nrekgwf/Ubn9ADzWrkcdAx3UAbhpA0SSrnKA5KaZrzDdjQf85nUfw2hWLARs zEyhpgqcPoU6mSAcdUHcmufHPf2ovOpIzHlHNrsDmGbcU1ScLaVBrGcZJ3J9W5SbyJH5Repa bKildHVY5wn/FyB+KTBUD3pJ6VUhVqUvQhfBi3KN0moCfe77W8EpdCOifZ6m6mv8o9/xDArY xLJR9PAJto1wxMz1WznhTz5A7QiMTgHeeh5OYKz79pihUZPUCQY0oxhBDeK+bAtNl7I07vR6 XSqtM4chm6Zr4YV/QeugX8/Xj2OMxnQLqdnnwC8YhwNConEKalW7XEKb962ZS8/jbitkSaFq Vc7ATQRbc/VxAQgAwwHuWHsRk+56J3XACM4H0uZsunNU+Ic1nDQ/eVSLbHoYU3slSk+TbV/Z CV+pzYAJL3aRVDUFIlpeN7M3cmx23kgtIjzL9KdbZYKJ9QdFOrGht1S/iyFApmEWHVOjPegb gnaHzLKyJJGwTofjfhoz2yQG4JidRt11yGpsJ+Yd3FR7NeQiJy8gVmzcnmqBtw18nJstrEmE tIg4QGMgvSw4SfenoQh4S/kTW3aD1fQyFVDr/dhNuWdZom6D8GeOLvcpviLnFtcPyl7w4KuQ zwZPDhDTOt4eY8VKsyPdc3o8K5oL4hIx9IUVioQglxb5SRlLm+ihhUwp78+S0PxfzjBo6wAR AQABwsB8BBgBCAAmFiEEce3bjehVCDyQmzspY20IgJ75NrcFAltz9XECGwwFCQHhM4AACgkQ Y20IgJ75NrfSIQf+KshlrOAryQNJqAb2p+9XGamIHWvk/r6KVSDx16WI3F6VxlPCvnzKcOkM Lo8yBR28065fodAK6FWiK/PGv6wSNm5rXoEdishAtn4aH36hwFsNeQ3t5zbzj8LhuP0wf/xf 1I/5rSY8YSg2eW0/dMRKA+PTjLwlj/6nbVgjf9C3p2GiAPMDl49XVGpb5G8+C0GNarl7CFZz 7T9DVbwFKaM9u/a5ZVky9wZF6HzVxTkxPse28R1XvHfAafnfj+zWfiI8q0i/ALKDUOXxBpLY BGwWeqxIsnl6C4v65nHpGjeRfWwx+Nk8T85fI7aANsbIbmwAbX/hkzRd8tLLftUa2K3gqA==
Message-ID: <de3278d0-ac4e-65ba-a96a-6e1e54969a17@feherfamily.org>
Date: Wed, 07 Nov 2018 09:13:22 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAAQiQRcdF0bft2BznsYxHOJDVX+_0SuFV_JtpXy3B7a49shVdQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="Vfnmg3Z3dukeeVqmTOPdTBARgz8N1HHUg"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/a9K7zp85daWOyWiL9386yktLZOc>
Subject: Re: [regext] "Considerations" Sections
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 02:13:33 -0000

On 7/11/18 1:19 am, Andrew Newton wrote:
>
> 2. In my opinion, I do not believe a human rights considerations
> section would negatively impact the readability of this draft if
> written properly. That said, the text put forward in the other thread
> is certainly not acceptable as it has the tone of "only people who
> crush cute puppies under their boots would do this". The text should
> be neutral in its advice and merely note the issues, as we see with
> most security considerations in the IETF. The text I read said a lot
> of things "will" happen instead of "may" happen.

KF I agree with this position. The measure of acceptability for an HRPC
section would have to be that it provides clear comment on the
deployment of the technology, but does not alter ones understanding of
the technology.

I also think that fear of setting a precedent or of being first, should
not govern what is considered useful and appropriate for any draft,
whether that's an HRPC section or not. Either the section is useful and
appropriate or it isnt. Being first should not be relevant to that
assessment.

It might be more productive if the list discussed whether an HRPC is
needed in light of the changing direction of the draft. It could save us
all a lot of time.

> 3. I do take issue with some of the text put forward for the human
> rights considerations:
>
> a) The section regarding law enforcement subverting a VSP is difficult
> to understand in that law enforcement by definition has a monopoly on
> power, and therefore they could also simply subvert the will of the
> registry or registrar as well. The only point to really be made is
> that a VSP in one jurisdiction may impact the operations of a
> registrar/registry in another jurisdiction.
agree.
>
> b) There is zero mention of the benefits that may come of this with
> regard to keeping criminals from using the domain infrastructure. For
> example, freedom from harassment seems like it would be a human right
> (and yes, I understand there is a fine line between harassment and
> free speech, but that's why courts decide such things and not IETF
> documents).  I personally do not place much value in this benefit, but
> there are certainly others who feel strongly about it.
My preference is to constrain any HRPC section to only those whose data
is directly impacted. This suggestion (b) might actually increase the
scope of such a section.
>
> -andy
> On Tue, Nov 6, 2018 at 12:32 PM Niels ten Oever
> <lists@digitaldissidents.org> wrote:
>>
>> On 11/6/18 6:19 PM, Gould, James wrote:
>>> Niels,
>>>
>>> I belief inclusion of an HRPC section pulls policy into the draft that will add confusion.
>> Describing the implication of technologies on humans is not at all the same as policy. This is also the standpoint of the IAB, as laid out in RFC6973. So I am not pulling this out of my hat.
>>
>> The chair described the way forward on this draft today as follows (as far as I understood it): we would first see what technical amendments to the draft we could make, then see what human rights considerations are relevant, and then seek WG consensus around that.
>>
>> Again, I and others are happy to work with you on text that is very clear, and leaves no space for confusion. We can then use that to build consensus in this WG.
>>
>> I hope we can continue going down the road suggested by the chair.
>>
>> Best,
>>
>> Niels
>>
>>
>>>
>>> James Gould
>>> Distinguished Engineer
>>> jgould@Verisign.com
>>>
>>> 703-948-3271
>>> 12061 Bluemont Way
>>> Reston, VA 20190
>>>
>>> Verisign.com <http://verisigninc.com/>
>>>
>>> On 11/7/18, 12:02 AM, "regext on behalf of Niels ten Oever" <regext-bounces@ietf.org on behalf of lists@digitaldissidents.org> wrote:
>>>
>>>     On 11/6/18 5:50 PM, Gould, James wrote:
>>>     > KF I wonder if this is a useful observation. I havent heard anyone
>>>     >
>>>     > suggest that a HRPC section is required, only that it seems very
>>>     >
>>>     > appropriate for this draft. So it might be appropriate to focus on why
>>>     >
>>>     > the section should be or should not be present in the context of how an
>>>     >
>>>     > implementer might consume the document.
>>>     >
>>>     >
>>>     >
>>>     > I don’t believe adding an HRPC section to draft-ietf-regext-verificationcode will assist the implementer in consuming the draft, but instead will add confusion.
>>>
>>>     Why would a well formulated paragraph, as laid out in RFC6973 and expanded in RFC8280, add confusing?
>>>
>>>     > What makes it appropriate for this draft over other drafts?
>>>
>>>     I think it would also be appropriate for other drafts, as we've for instance seen today in the discussion of the reverse search.
>>>
>>>     >  My recommendation is to focus on addressing any applicable technical elements raised, and as Scott recommended, raise the inclusion of an HRPC section in any draft up to the IETF.
>>>
>>>     That was not the way forward was summarized by Jim.
>>>
>>>     The WG can decide what we add to the draft or not, so I think we should discuss it in the WG and seek for consensus.
>>>
>>>     Next to that we can also discuss in other parts of the IETF whether this should be applicable to drafts in general, or how to further and structurally integrate such reviews in our processes.
>>>
>>>     Best,
>>>
>>>     Niels
>>>
>>>
>>>     >
>>>     >
>>>     >
>>>     > —
>>>     >
>>>     > JG
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     > James Gould
>>>     >
>>>     > Distinguished Engineer
>>>     >
>>>     > jgould@Verisign.com
>>>     >
>>>     >
>>>     >
>>>     > 703-948-3271
>>>     >
>>>     > 12061 Bluemont Way
>>>     >
>>>     > Reston, VA 20190
>>>     >
>>>     >
>>>     >
>>>     > Verisign.com <http://verisigninc.com/>
>>>     >
>>>     >
>>>     >
>>>     > On 11/6/18, 11:31 PM, "regext on behalf of Kal Feher" <regext-bounces@ietf.org on behalf of ietf@feherfamily.org> wrote:
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >     On 6/11/18 10:52 pm, Niels ten Oever wrote:
>>>     >
>>>     >     > On 11/6/18 1:00 PM, Hollenbeck, Scott wrote:
>>>     >
>>>     >     >>> On Nov 6, 2018, at 4:32 PM, Niels ten Oever <lists@digitaldissidents.org> wrote:
>>>     >
>>>     >     >>>
>>>     >
>>>     >     >>>
>>>     >
>>>     >     >>>
>>>     >
>>>     >     >>> On 11/6/18 9:59 AM, Hollenbeck, Scott wrote:
>>>     >
>>>     >     >>>>> -----Original Message-----
>>>     >
>>>     >     >>>>> From: Niels ten Oever <lists@digitaldissidents.org>
>>>     >
>>>     >     >>>>> Sent: Tuesday, November 06, 2018 3:36 AM
>>>     >
>>>     >     >>>>> To: Hollenbeck, Scott <shollenbeck@verisign.com>; 'regext@ietf.org'
>>>     >
>>>     >     >>>>> <regext@ietf.org>
>>>     >
>>>     >     >>>>> Subject: [EXTERNAL] Re: [regext] "Considerations" Sections
>>>     >
>>>     >     >>>>>
>>>     >
>>>     >     >>>>>
>>>     >
>>>     >     >>>>>
>>>     >
>>>     >     >>>>> On 11/6/18 9:22 AM, Hollenbeck, Scott wrote:
>>>     >
>>>     >     >>>>>>> -----Original Message-----
>>>     >
>>>     >     >>>>>>> From: regext <regext-bounces@ietf.org> On Behalf Of Niels ten Oever
>>>     >
>>>     >     >>>>>>> Sent: Tuesday, November 06, 2018 3:07 AM
>>>     >
>>>     >     >>>>>>> To: regext@ietf.org
>>>     >
>>>     >     >>>>>>> Subject: [EXTERNAL] Re: [regext] "Considerations" Sections
>>>     >
>>>     >     >>>>>>>
>>>     >
>>>     >     >>>>>>>> On 11/06/2018 09:01 AM, Hollenbeck, Scott wrote:
>>>     >
>>>     >     >>>>>>>> Following up on the in-room discussion regarding Human Rights
>>>     >
>>>     >     >>>>>>>> Protocol
>>>     >
>>>     >     >>>>>>> Considerations as compared to Security Considerations and other types
>>>     >
>>>     >     >>>>>>> of considerations that appear in IETF documents:
>>>     >
>>>     >     >>>>>>>> I mentioned at the mic that we don't have any documents representing
>>>     >
>>>     >     >>>>>>> IETF consensus that provide guidance for writing human rights
>>>     >
>>>     >     >>>>>>> protocol considerations. It was mentioned that RFC 8280 describes such
>>>     >
>>>     >     >>>>> guidelines.
>>>     >
>>>     >     >>>>>>> True, it does, but it's an Informational document that "represents
>>>     >
>>>     >     >>>>>>> the consensus of the Human Rights Protocol Considerations Research
>>>     >
>>>     >     >>>>>>> Group of the Internet Research Task Force". RFCs 3552 (Security
>>>     >
>>>     >     >>>>>>> Considerations) and
>>>     >
>>>     >     >>>>>>> 8126 (IANA Considerations) are, in comparison, IETF BCPs. So, I'll
>>>     >
>>>     >     >>>>>>> stand by my comment regarding the lack of _IETF_ consensus on the
>>>     >
>>>     >     >>>>> topic.
>>>     >
>>>     >     >>>>>>> Thanks Scott, as you know there are also Privacy Considerations, as
>>>     >
>>>     >     >>>>>>> outlined in RFC6973, which also do not constitute community consensus
>>>     >
>>>     >     >>>>>>> but are widely used.
>>>     >
>>>     >     >>>>>>>
>>>     >
>>>     >     >>>>>>> Furthermore, if something is not a community consensus, it doesn't
>>>     >
>>>     >     >>>>>>> mean we MAY/SHOULD/MUST NOT do it.
>>>     >
>>>     >     >>>>>> True. It also does not mean that we MUST do it. As Jim Galvin noted,
>>>     >
>>>     >     KF I wonder if this is a useful observation. I havent heard anyone
>>>     >
>>>     >     suggest that a HRPC section is required, only that it seems very
>>>     >
>>>     >     appropriate for this draft. So it might be appropriate to focus on why
>>>     >
>>>     >     the section should be or should not be present in the context of how an
>>>     >
>>>     >     implementer might consume the document.
>>>     >
>>>     >     >>>>> it's up to the editor and WG to decide how to address the topic.
>>>     >
>>>     >     >>>>> My understanding is that at the point of WG adoption, change control is
>>>     >
>>>     >     >>>>> handed over to the WG, right? So in that case it means that it is up to
>>>     >
>>>     >     >>>>> the WG.
>>>     >
>>>     >     >>>> The editor controls the pen. It's the responsibility of the editor to ensure that the text that appears in the document ultimately represents WG consensus.
>>>     >
>>>     >     >>>>
>>>     >
>>>     >     >>> I thought that it is up to the WG chair to establish what does or does not constitute consensus.
>>>     >
>>>     >     >> See Section 6.3 of RFC 2418.
>>>     >
>>>     >     >>
>>>     >
>>>     >     >>> Am also a bit confused about the interchangeable use of editor and author here. James is the author, right?
>>>     >
>>>     >     >> He is the author of the pre-WG version. He is the editor of the WG version that is the subject of WG discussion.
>>>     >
>>>     >     >>
>>>     >
>>>     >     > Are you saying that all people who are listed on RFCs that previously have been adopted by WGs are actually editors, and not RFC authors? I think this is not standing practice across the IETF.
>>>     >
>>>     >     >
>>>     >
>>>     >     > For instance in the QUIC WG, there are some documents where it is clearly indicated that there is an editor, and and in other cases someone is an author. Compare for instance:
>>>     >
>>>     >     >
>>>     >
>>>     >     > https://tools.ietf.org/html/draft-ietf-quic-http-16
>>>     >
>>>     >     > https://tools.ietf.org/html/draft-ietf-quic-manageability-03
>>>     >
>>>     >     >
>>>     >
>>>     >     > Or has there been an agreement in this WG that James is an editor and not an author? Then I think that it should be made clear on the Internet Draft as well.
>>>     >
>>>     >
>>>     >
>>>     >     KF I have no opinion on the author vs editor debate, but I do wonder if
>>>     >
>>>     >     there is any utility to continue the discussion on that point.
>>>     >
>>>     >
>>>     >
>>>     >     There are those who object to including the HRPC section on the basis
>>>     >
>>>     >     that the technology is agnostic and shouldnt be saddled with moral
>>>     >
>>>     >     judgement.
>>>     >
>>>     >
>>>     >
>>>     >     There are those who think the section is a good idea based on the impact
>>>     >
>>>     >     to those whose data is being shared.
>>>     >
>>>     >
>>>     >
>>>     >     I'd much prefer a debate on the relevant topics than document pedantry,
>>>     >
>>>     >     which probably has its place on another list.
>>>     >
>>>     >
>>>     >
>>>     >     > Best,
>>>     >
>>>     >     >
>>>     >
>>>     >     > Niels
>>>     >
>>>     >     >
>>>     >
>>>     >     --
>>>     >
>>>     >     Kal Feher
>>>     >
>>>     >     Melbourne, Australia
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     >
>>>     > _______________________________________________
>>>     > regext mailing list
>>>     > regext@ietf.org
>>>     > https://www.ietf.org/mailman/listinfo/regext
>>>     >
>>>
>>>     --
>>>     Niels ten Oever
>>>     Researcher and PhD Candidate
>>>     Datactive Research Group
>>>     University of Amsterdam
>>>
>>>     PGP fingerprint      2458 0B70 5C4A FD8A 9488
>>>                        643A 0ED8 3F3A 468A C8B3
>>>
>>>     _______________________________________________
>>>     regext mailing list
>>>     regext@ietf.org
>>>     https://www.ietf.org/mailman/listinfo/regext
>>>
>>>
>> --
>> Niels ten Oever
>> Researcher and PhD Candidate
>> Datactive Research Group
>> University of Amsterdam
>>
>> PGP fingerprint    2458 0B70 5C4A FD8A 9488
>>                    643A 0ED8 3F3A 468A C8B3
>>
>> _______________________________________________
>> regext mailing list
>> regext@ietf.org
>> https://www.ietf.org/mailman/listinfo/regext
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

-- 
Kal Feher
Melbourne, Australia

v2.23.0 | Report a Bug | By Email