Cullen,
For purposes of discussion, one comment below and one addition
to your list...
--On Monday, October 05, 2009 11:07 -0600 Cullen Jennings
<fluffy(_at_)cisco(_dot_)com> wrote:
I have done a little digging around on the questions I asked
and thought I might summarize some of the responses I got back
to my email.
...
3) Are there any rules around discussion, publication, or
export of of cryptography algorithms and technology?
publishing weaknesses of national crypto algorithms?
The advice I got was that unless we got a license if the IETF
developed crypto in China and we exported it out, then this
would be illegal in PRC. It was pointed out PRC is not part of
Wassenaar Arrangement. I was advised our broadcasts of and
export of minutes from meetings would be "Deemed Export". It
seems pretty hard to argue that the IETF does not develop any
crypto. Has the IAOC received any legal advice on this?
Another piece of this question is whether PGP (or CACert)
key-signing activities, with signed private keys being taken out
of the country afterwards, would violate any law or require a
license. I had previously assumed that the answer would be
"no", but the answers you have given to this question, the
P2PSIP/CA one, and maybe others, leads me to wonder a bit.
7) Would we be OK running a BOF on techniques for firewall
advancement in general and in particular on getting around
any firewalls China runs? [Seriously, you know someone will
propose this BOF, the questions is could we run it or not?]
Answer I got was discussion of security policies of PRC's
firewall and methods to get around it would definitely not be
OK to discuss. Two of the many problems would be:
1) this is defamatory towards the state agency that run the
firewalls
2) this could be considered release of state secrets
Answer seemed pretty solid that this topic was not one that
most people would consider a really bad idea to discuss in PRC.
Too many negatives in that sentence for me to parse. Did you
mean "was one that ...bad idea to discuss" or "ok to discuss"?
10) If the meeting is canceled, will the IETF be reimbursing
the registration fees?
That question may have an answer under US or European law (and
probably other places): if someone paid the registration fee for
a meeting, and paid for non-refundable airline tickets, hotel
room, etc., on the basis of a good-faith assumption that the
meeting would be held, would he or she have the right to a
reasonable expectation of recovering those costs if the meeting
were called off? Called off on any basis other than what I
believe some lawyers call an Act of God? If the IAOC has gotten
legal advice on this --from the IAOC's point of view, IASA's
liability to participants if a meeting were cancelled-- could
that advice be shared.
As an interesting side note, it seems that some people think
that many of these things are officially illegal but they are
fine to do anyway because other meetings are doing them etc.
This is not a position I share and more importantly, it is not
a position where I am willing to ask our WG Chairs, authors,
and other volunteers to do something illegal because it will
all be fine. Even if there are no short term consequences, I
can imagine a case where 10 years later someone is seeking
security clearance and this comes back to bite them.
Concur
For the record, I'm still generally in favor of a meeting in
Beijing. But I agree with Cullen that answers to these types of
questions should be extremely clear before a decision to go is
made and that, if any of the answers are sub-optimal, that the
IESG should make a formal decision, after reviewing community
input, etc., as to whether they believe that a satisfactory
meeting can be held in spite of them. And I believe we should
hold any potential meeting site to those standards, i.e., that
this is not about the PRC.
john
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf