On Jul 1, 2011, at 2:55 PM, Scott Brim wrote:
The IETF has several times veered away from the deep water where internet
standards cross paths with regulatory requirements.
http://tools.ietf.org/html/rfc2804
We are not legal experts we are not qualified to interpret the statutory
requirements of various nation states, our own or others. We need to be
clear on what is in vs out of scope for IETF work. Focus on what would be
percieved to be in the best interests the users and the network. Nation
states will do whatever they do and sovereign by definition can impose
whatever mandate they find necessary on their network operations and
citizens.
Joel, the issue is very clear: what the IETF does must not make
privacy and confidentiality impossible. It's not just some arbitrary
regulation from a committee, there are whole cultures who take this
very seriously. You cite the wiretapping decision -- note we didn't
make wiretapping impossible, we just didn't support it. In this case
it is very easy to make privacy (the right to control personal
information) and confidentiality (the right to know that private
information you share with one party will be kept within that scope)
impossible -- that's a position you may not take as someone making the
Internet work, since the ultimate stakeholders are those humans out at
the edges. See also "Changes to Internet Architecture Can Collide
With Privacy" <http://www.ietf.org/proceedings/79/slides/intarea-3.pdf>
for a discussion of mobility.
When you think "oh right, I have to come up with a security
considerations section", include privacy and confidentiality
implications in your checklist of things to think about.
Very much agree.
I strongly disagree with the statement that every home network should have only
ephemeral external addresses and that it should NAT to stable internal
addresses. I also strongly disagree with the assertion that EU law requires
IETF to make it so. But the underlying concerns are quite valid and important.
I don't want to cripple all home networks and applications by imposing
ephemeral addresses and/or NATs on them. But having a stable address prefix
associated with every device in one's home network that communicates with the
public Internet can indeed threaten the user's privacy. (Note that privacy
addresses don't really solve the problem as they still all have the same
prefix.) Some applications and hosts require stable addresses; others do not.
So it might be that a home network needs to be able to support two prefixes -
a stable one that can be used by those applications that need it, and an
ephemeral one that can be used by everything else. That's not difficult to do
by itself, but my next question is how to arrange these things such that
ordinary consumers can understand such details and manage them?
Anyway, to me it seems reasonable for the HOMENET group to consider privacy
issues associated with address assignment.
As to the technical issues here, higher layers don't need to use IP
addresses as identifiers, they have their own. The only layer that
needs to care about IP addresses is the IP layer itself.
This has been demonstrated many times to be false.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf