On Oct 5, 2009, at 11:53 AM, John C Klensin wrote:
For purposes of discussion, one comment below and one addition
to your list...
--On Monday, October 05, 2009 11:07 -0600 Cullen Jennings
> I have done a little digging around on the questions I asked
> and thought I might summarize some of the responses I got back
> to my email.
>> 3) Are there any rules around discussion, publication, or
>> export of of cryptography algorithms and technology?
>> publishing weaknesses of national crypto algorithms?
> The advice I got was that unless we got a license if the IETF
> developed crypto in China and we exported it out, then this
> would be illegal in PRC. It was pointed out PRC is not part of
> Wassenaar Arrangement. I was advised our broadcasts of and
> export of minutes from meetings would be "Deemed Export". It
> seems pretty hard to argue that the IETF does not develop any
> crypto. Has the IAOC received any legal advice on this?
Another piece of this question is whether PGP (or CACert)
key-signing activities, with signed private keys being taken out
of the country afterwards, would violate any law or require a
license. I had previously assumed that the answer would be
"no", but the answers you have given to this question, the
P2PSIP/CA one, and maybe others, leads me to wonder a bit.
The PGP Key signing is a good question - I have no idea - it's
certainly something we have done in the past but if it is not legal in
the PRC, I could live with a meeting where we did not do any PGP key
signing. It detracts a bit from the meeting but is not in what I
consider the mediatory must have core of the meeting. Of course this
would mean that a group of people that did not often travel out of the
PRC would be missing a great opportunity to sign with a group of
people outside of China which I view as one of the benefits of having
a meeting in Beijing.
>> 7) Would we be OK running a BOF on techniques for firewall
>> advancement in general and in particular on getting around
>> any firewalls China runs? [Seriously, you know someone will
>> propose this BOF, the questions is could we run it or not?]
> Answer I got was discussion of security policies of PRC's
> firewall and methods to get around it would definitely not be
> OK to discuss. Two of the many problems would be:
> 1) this is defamatory towards the state agency that run the
> 2) this could be considered release of state secrets
> Answer seemed pretty solid that this topic was not one that
> most people would consider a really bad idea to discuss in PRC.
Too many negatives in that sentence for me to parse. Did you
mean "was one that ...bad idea to discuss" or "ok to discuss"?
Oops - sorry. I meant to try and say, that most the people I had
talked to advised me *not* to have any such discussion in PRC.
>> 10) If the meeting is canceled, will the IETF be reimbursing
>> the registration fees?
That question may have an answer under US or European law (and
probably other places): if someone paid the registration fee for
a meeting, and paid for non-refundable airline tickets, hotel
room, etc., on the basis of a good-faith assumption that the
meeting would be held, would he or she have the right to a
reasonable expectation of recovering those costs if the meeting
were called off? Called off on any basis other than what I
believe some lawyers call an Act of God? If the IAOC has gotten
legal advice on this --from the IAOC's point of view, IASA's
liability to participants if a meeting were cancelled-- could
that advice be shared.
> As an interesting side note, it seems that some people think
> that many of these things are officially illegal but they are
> fine to do anyway because other meetings are doing them etc.
> This is not a position I share and more importantly, it is not
> a position where I am willing to ask our WG Chairs, authors,
> and other volunteers to do something illegal because it will
> all be fine. Even if there are no short term consequences, I
> can imagine a case where 10 years later someone is seeking
> security clearance and this comes back to bite them.
For the record, I'm still generally in favor of a meeting in
Beijing. But I agree with Cullen that answers to these types of
questions should be extremely clear before a decision to go is
made and that, if any of the answers are sub-optimal, that the
IESG should make a formal decision, after reviewing community
input, etc., as to whether they believe that a satisfactory
meeting can be held in spite of them. And I believe we should
hold any potential meeting site to those standards, i.e., that
this is not about the PRC.
+1, and speaking of other countries, I also thing it is a very
reasonable requirement that "most of the participants can get a visa
in a reasonable time". Not sure what the values of most and reasonable
time are but I would say something like we only meet in countries
where 95% of the participants can get a visa in under 4 months.
Ietf mailing list