[Docs] [txt|pdf|xml|html] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-nottingham-for-the-users) 00 01 02

Internet Architecture Board (IAB)                          M. Nottingham
Internet-Draft                                           22 January 2020
Intended status: Informational
Expires: 25 July 2020


                     The Internet is for End Users
                       draft-iab-for-the-users-02

Abstract

   This document explains why the IAB believes the IETF should consider
   end users as its highest priority concern, and how that can be done.

Note to Readers

   The issues list for this draft can be found at
   https://github.com/intarchboard/for-the-users/issues
   (https://github.com/intarchboard/for-the-users/issues).

   The most recent (often, unpublished) draft is at
   https://intarchboard.github.io/for-the-users/
   (https://intarchboard.github.io/for-the-users/).

   Recent changes are listed at https://github.com/intarchboard/for-the-
   users/commits/master (https://github.com/intarchboard/for-the-
   users/commits/master).

   See also the draft's current status in the IETF datatracker, at
   https://datatracker.ietf.org/doc/draft-iab-for-the-users/
   (https://datatracker.ietf.org/doc/draft-iab-for-the-users/).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 25 July 2020.



Nottingham                Expires 25 July 2020                  [Page 1]


Internet-Draft        The Internet is for End Users         January 2020


Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  What Are "End Users"? . . . . . . . . . . . . . . . . . . . .   3
   3.  Why The IETF Should Prioritise End Users  . . . . . . . . . .   4
   4.  How The IETF Can Prioritise End Users . . . . . . . . . . . .   5
     4.1.  Engaging the Internet Community . . . . . . . . . . . . .   5
     4.2.  Creating User-Focused Systems . . . . . . . . . . . . . .   7
     4.3.  Identifying Negative End User Impact  . . . . . . . . . .   7
     4.4.  Handling Conflicting End User Needs . . . . . . . . . . .   8
     4.5.  Deprioritising Internal Needs . . . . . . . . . . . . . .   8
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   7.  Informative References  . . . . . . . . . . . . . . . . . . .   9
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   Many who participate in the IETF are most comfortable making what we
   believe to be purely technical decisions; our process is defined to
   favor technical merit, through our well-known mantra of "rough
   consensus and running code."

   Nevertheless, the running code that results from our process (when
   things work well) inevitably has an impact beyond technical
   considerations, because the underlying decisions afford some uses
   while discouraging others.  While we believe we are making only
   technical decisions, in reality, we are defining (in some degree)
   what is possible on the Internet itself.

   This impact has become significant.  As the Internet increasingly
   mediates essential functions in societies, it has unavoidably become
   profoundly political; it has helped people overthrow governments and
   revolutionize social orders, swing elections, control populations,
   collect data about individuals, and reveal secrets.  It has created
   wealth for some individuals and companies while destroying others'.



Nottingham                Expires 25 July 2020                  [Page 2]


Internet-Draft        The Internet is for End Users         January 2020


   All of this raises the question: Who do we go through the pain of
   gathering rough consensus and writing running code for?

   After all, there are a variety of parties that standards can benefit,
   such as (but not limited to) end users, network operators, schools,
   equipment vendors, specification authors, specification implementers,
   content owners, governments, non-governmental organisations, social
   movements, employers, and parents.

   Successful specifications will provide some benefit to all of the
   relevant parties because standards do not represent a zero-sum game.
   However, there are sometimes situations where there is a need to
   balance the benefits of a decision between two (or more) parties.

   In these situations, when one of those parties is an "end user" of
   the Internet - for example, a person using a Web browser, mail
   client, or another agent that connects to the Internet - the Internet
   Architecture Board argues that the IETF should favor their interests
   over those of parties.

   Section 2 explains what is meant by "end users"; Section 3 outlines
   why IETF work should prioritise them, and Section 4 describes how we
   can do that.

2.  What Are "End Users"?

   In this document, "end users," means non-technical users whose
   activities IETF standards are designed to support, sometimes
   indirectly.  Thus, the end user of a protocol to manage routers is
   not a router administrator; it is the people using the network that
   the router operates within.

   End users are not necessarily a homogenous group; they might have
   different views of how the Internet should work, and might occupy
   several roles, such as a seller, buyer, publisher, reader, service
   provider and consumer.  An end user might be browsing the Web,
   monitoring remote equipment, playing a game, video conferencing with
   colleagues, sending messages to friends, or performing an operation
   in a remote surgery theatre.  They might be "at the keyboard", or
   represented by software indirectly (e.g., as a daemon).

   Likewise, an individual end user might have many interests (e.g.,
   privacy, security, flexibility, reachability) that are sometimes in
   tension.

   A person whose interests we need to consider might not directly be
   using a specific system connected to the Internet.  For example, if a
   child is using a browser, the interests of that child's parents or



Nottingham                Expires 25 July 2020                  [Page 3]


Internet-Draft        The Internet is for End Users         January 2020


   guardians may be relevant.  A person pictured in a photograph may
   have an interest in systems that process that photograph; a person
   entering a room with sensors that send data to the Internet has
   interests that may be involved in our deliberations about how those
   sensor readings are handled.

   While such less-direct interactions between people and the Internet
   may be harder to evaluate, this document's concept of end-user
   nonetheless includes such people.

3.  Why The IETF Should Prioritise End Users

   Even before the IETF was established, the Internet technical
   community has focused on user needs since at least [RFC0001], which
   stated that "One of our goals must be to stimulate the immediate and
   easy use by a wide class of users."

   And, while we specialise in technical matters, the IETF is not
   neutral about the purpose of its work in developing the Internet; in
   "A Mission Statement for the IETF" [RFC3935], the definitions
   include:

      The IETF community wants the Internet to succeed because we
      believe that the existence of the Internet, and its influence on
      economics, communication, and education, will help us to build a
      better human society.

   Later in Section 2.1, "The Scope of the Internet" it says:

      The Internet isn't value-neutral, and neither is the IETF.  We
      want the Internet to be useful for communities that share our
      commitment to openness and fairness.  We embrace technical
      concepts such as decentralized control, edge-user empowerment and
      sharing of resources, because those concepts resonate with the
      core values of the IETF community.  These concepts have little to
      do with the technology that's possible, and much to do with the
      technology that we choose to create.

   In other words, the IETF is concerned with developing and maintaining
   the Internet to promote the social good, and the society that the
   IETF is attempting to improve is composed of end users, along with
   groups of them forming businesses, governments, clubs, civil society
   organizations, and other institutions.

   Merely advancing the measurable success of the Internet (e.g.,
   deployment size, bandwidth, latency, number of users) is not an
   adequate goal; doing so ignores how technology is so often used as a
   lever to assert power over users, rather than empower them.



Nottingham                Expires 25 July 2020                  [Page 4]


Internet-Draft        The Internet is for End Users         January 2020


   Beyond fulfilling the IETF's mission, prioritising end users also
   helps to ensure the long-term health of the Internet and the IETF's
   relevance to it.  Perceptions of capture by vendors or other
   providers harm both; the IETF's work will (deservedly) lose end
   users' trust if it prioritises (or is perceived to prioritise)
   others' interests over them.

   Ultimately, the Internet will succeed or fail based upon the actions
   of its users, because they are the driving force behind its growth to
   date.  Not prioritising them jeopardizes the network effect which the
   Internet relies upon to provide so much value.

4.  How The IETF Can Prioritise End Users

   There are a few ways that the IAB believes the IETF community can
   prioritise end users, based upon our observations.  By its nature,
   this is not a complete list.

4.1.  Engaging the Internet Community

   The IETF community does not have any unique insight into what is
   "good for end users," and it is not uncommon for us to be at a
   further disadvantage because of our close understanding of some - but
   not all - aspects of the Internet.

   At the same time, we do have a culture of considerable deference to a
   broader "Internet community" in our decision-making processes.  Mere
   deference, however, is not adequate; even with the best intentions,
   we cannot assume that our experiences of the Internet are those of
   all of its end users, or that our decisions have a positive impact
   upon them.

   Therefore, we have not only a responsibility to analyse and consider
   the impacts of the IETF's work, but also a responsibility to consult
   with that greater Internet community.  We should enter into a
   dialogue about not only the technical concerns that are well-
   represented in the IETF but also the political, social and economic
   concerns that it engenders, and that are better represented
   elsewhere.

   The IETF community faces significant hurdles in doing so.  Our work
   is specialised and often esoteric, and standard processes often occur
   on very long timescales.  Affected parties are rarely technical
   experts, and their experience of the Internet is often based upon
   incomplete (and sometimes inaccurate) models.  Often, even when we
   try to engage a broader audience, their participation is minimal -
   until a change affects someone in a way they don't like.  Surprising
   the Internet community is rarely a good outcome.



Nottingham                Expires 25 July 2020                  [Page 5]


Internet-Draft        The Internet is for End Users         January 2020


   Government representatives sometimes participate in the IETF
   community.  While this is welcome, it should not be taken as
   automatically representative of end users elsewhere, or even all end
   users in the relevant jurisdiction.  Furthermore, what is desirable
   in one jurisdiction (or at least to its administrators) might be
   detrimental in others (see Section 4.4).

   While some civil society organisations specialise in technology and
   Internet policy, they typically do not have the capacity to
   participate broadly, nor are they necessarily representative of the
   larger Internet community.  Nevertheless, their understanding of end
   user needs is often profound, and they are in many ways the most
   representative advocates for end user concerns; they should be
   considered a primary channel for engaging the broader Internet
   community.

   A promising approach to help fill these gaps is to identify and
   engage with specifically affected communities; for example, one or
   more industry associations, user groups, or a set of individuals,
   though we can't of course formally ensure that they are appropriately
   representative.

   In doing so, we should not require them to "come to us"; unless a
   stakeholder community is already engaged in the IETF process
   effectively, the IETF community should explore how to meet with them
   on their terms - taking the initiative to contact them, explain our
   work, and solicit their feedback.

   In particular, while IAB workshops, BoFs and Bar BoFs can be an
   effective mechanism to gather input within our community, they often
   do not have the visibility in other communities that is required to
   solicit input, much less effective participation.

   Instead, an event like a workshop should be co-located - and ideally
   hosted or co-hosted - by a forum that's familiar to that stakeholder
   community.  We should also take the opportunity to raise the
   visibility of IETF work (or potential IETF work) in such fora through
   conference talks, panels, newsletter articles, etc.

   When we engage with the Internet community, we should also clearly
   identify tailored feedback mechanisms (e.g., subscribing to a mailing
   list may not be appropriate), and assure that they are well-known in
   those communities.

   Finally, we should remember that the RFC series are Requests For
   Comments; if there are serious implications of our work, we should
   document them and ask for feedback from the Internet Community.




Nottingham                Expires 25 July 2020                  [Page 6]


Internet-Draft        The Internet is for End Users         January 2020


4.2.  Creating User-Focused Systems

   We should pay particular attention to the kinds of architectures we
   create, and whether they encourage or discourage an Internet that
   works for end users.

   For example, one of the most successful Internet applications is the
   Web. One of its key implementation roles is that of the Web browser -
   called the User Agent in [RFC7230] and other specifications.  Because
   there are multiple interoperable implementations, users can switch
   with relatively low costs, and as a result there is a natural
   tendency to more carefully consider the user's needs as an agent.
   This leads to Web browsers' interests being better aligned with those
   of their users, creating an ecosystem that is more user-focused (even
   if there are serious challenges in it regarding the balance of power
   between implementations and the barrier to entry for new
   implementations).

   In contrast, the Internet of Things (IoT) has not yet seen the
   emergence of a natural role for representing the needs of the end
   user.  Perhaps as a result of this, that ecosystem and its users face
   serious challenges.

   We should also create explicit roles for users in our protocols where
   appropriate, and respect them.

4.3.  Identifying Negative End User Impact

   At its best, our work will unambiguously promote the collective
   social good.  In some cases, we will consciously decide to be neutral
   and open-ended, allowing the "tussle" among stakeholders to produce a
   range of results (see [TUSSLE] for further discussion).

   At the very least, however, we must examine our work for negative
   impact on end users, and take steps to mitigate it where encountered.
   In particular, when we've identified a conflict between the interests
   of end users and other stakeholders, we should err on the side of
   protecting end users.

   Note that "negative impact on end users" is not defined in this
   document; that is something that the relevant body (e.g., Working
   Group) needs to discuss and come to consensus on.  Merely asserting
   that something is harmful is not adequate.  The converse is also
   true, though; it's not permissible to avoid identifying harms, nor is
   it acceptable to ignore them when brought to our attention.

   The IAB and IETF have already established a body of guidance for
   situations where this sort of conflict is common, including (but not



Nottingham                Expires 25 July 2020                  [Page 7]


Internet-Draft        The Internet is for End Users         January 2020


   limited to) [RFC7754] on filtering, [RFC7258] and [RFC7624] on
   pervasive surveillance, [RFC7288] on host firewalls, and [RFC6973]
   regarding privacy considerations.

   Much of that advice has focused on maintaining the end-to-end
   properties of a connection [RFC3724].  This does not mean that our
   responsibility to users stops there; decisions might affect users in
   other ways.  For example, data collection by various applications
   even inside otherwise secure connections is a major problem on the
   Internet today.  Also, inappropriate concentration of power on the
   Internet has become a concerning phenomenon - one that protocol
   design might have some influence upon.

4.4.  Handling Conflicting End User Needs

   When the needs of different end users conflict (for example, two sets
   of end users both have reasonable desires) we again should try to
   minimise negative impact.

   For example, when a decision improves the Internet for end users in
   one jurisdiction, but at the cost of potential harm to others
   elsewhere, that is not a good tradeoff.  As such, we effectively
   design the Internet for the pessimal environment; if a user can be
   harmed, they probably will be, somewhere.

   There may be cases where genuine technical need requires compromise.
   However, such tradeoffs are carefully examined and avoided when there
   are alternate means of achieving the desired goals.  If they cannot
   be, these choices and reasoning ought to be thoroughly documented.

4.5.  Deprioritising Internal Needs

   There are a number of needs that are very visible to us as
   specification authors, but should explicitly not be prioritised over
   the needs of end users.

   These include: convenience for document editors, IETF process
   matters, and "architectural purity" for its own sake.

5.  IANA Considerations

   This document does not require action by IANA.

6.  Security Considerations

   This document does not have any direct security impact; however,
   failing to prioritise end users might well affect their security
   negatively in the long term.



Nottingham                Expires 25 July 2020                  [Page 8]


Internet-Draft        The Internet is for End Users         January 2020


7.  Informative References

   [RFC0001]  Crocker, S., "Host Software", RFC 1, DOI 10.17487/RFC0001,
              April 1969, <https://www.rfc-editor.org/info/rfc1>.

   [RFC3724]  Kempf, J., Ed., Austein, R., Ed., and IAB, "The Rise of
              the Middle and the Future of End-to-End: Reflections on
              the Evolution of the Internet Architecture", RFC 3724,
              DOI 10.17487/RFC3724, March 2004,
              <https://www.rfc-editor.org/info/rfc3724>.

   [RFC3935]  Alvestrand, H., "A Mission Statement for the IETF",
              BCP 95, RFC 3935, DOI 10.17487/RFC3935, October 2004,
              <https://www.rfc-editor.org/info/rfc3935>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,
              <https://www.rfc-editor.org/info/rfc6973>.

   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
              Protocol (HTTP/1.1): Message Syntax and Routing",
              RFC 7230, DOI 10.17487/RFC7230, June 2014,
              <https://www.rfc-editor.org/info/rfc7230>.

   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
              2014, <https://www.rfc-editor.org/info/rfc7258>.

   [RFC7288]  Thaler, D., "Reflections on Host Firewalls", RFC 7288,
              DOI 10.17487/RFC7288, June 2014,
              <https://www.rfc-editor.org/info/rfc7288>.

   [RFC7624]  Barnes, R., Schneier, B., Jennings, C., Hardie, T.,
              Trammell, B., Huitema, C., and D. Borkmann,
              "Confidentiality in the Face of Pervasive Surveillance: A
              Threat Model and Problem Statement", RFC 7624,
              DOI 10.17487/RFC7624, August 2015,
              <https://www.rfc-editor.org/info/rfc7624>.

   [RFC7754]  Barnes, R., Cooper, A., Kolkman, O., Thaler, D., and E.
              Nordmark, "Technical Considerations for Internet Service
              Blocking and Filtering", RFC 7754, DOI 10.17487/RFC7754,
              March 2016, <https://www.rfc-editor.org/info/rfc7754>.

   [TUSSLE]   Clark, D., Sollins, K., Wroclawski, J., and R. Braden,
              "Tussle in Cyberspace: Defining Tomorrow's Internet",



Nottingham                Expires 25 July 2020                  [Page 9]


Internet-Draft        The Internet is for End Users         January 2020


              2002,
              <http://groups.csail.mit.edu/ana/Publications/PubPDFs/
              Tussle2002.pdf>.

Appendix A.  Acknowledgements

   This document was influenced by many discussions, both inside and
   outside of the IETF and IAB.  In particular, Edward Snowden's
   comments regarding the priority of end users at IETF 93 and the HTML5
   Priority of Constituencies were both influential.

   Many people gave feedback and input, including Harald Alvestrand,
   Mohamed Boucadair, Stephen Farrell, Joe Hildebrand, Lee Howard, Russ
   Housley, Niels ten Oever, Mando Rachovitsa, Martin Thomson, Brian
   Trammell, John Klensin, Eliot Lear, Ted Hardie, and Jari Arkko.

Author's Address

   Mark Nottingham

   Email: mnot@mnot.net
   URI:   https://www.mnot.net/





























Nottingham                Expires 25 July 2020                 [Page 10]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/