Cullen, For purposes of discussion, one comment below and one addition to your list... --On Monday, October 05, 2009 11:07 -0600 Cullen Jennings <fluffy@xxxxxxxxx> wrote: > I have done a little digging around on the questions I asked > and thought I might summarize some of the responses I got back > to my email. >... >> 3) Are there any rules around discussion, publication, or >> export of of cryptography algorithms and technology? >> publishing weaknesses of national crypto algorithms? >> > > The advice I got was that unless we got a license if the IETF > developed crypto in China and we exported it out, then this > would be illegal in PRC. It was pointed out PRC is not part of > Wassenaar Arrangement. I was advised our broadcasts of and > export of minutes from meetings would be "Deemed Export". It > seems pretty hard to argue that the IETF does not develop any > crypto. Has the IAOC received any legal advice on this? Another piece of this question is whether PGP (or CACert) key-signing activities, with signed private keys being taken out of the country afterwards, would violate any law or require a license. I had previously assumed that the answer would be "no", but the answers you have given to this question, the P2PSIP/CA one, and maybe others, leads me to wonder a bit. >> 7) Would we be OK running a BOF on techniques for firewall >> advancement in general and in particular on getting around >> any firewalls China runs? [Seriously, you know someone will >> propose this BOF, the questions is could we run it or not?] > > Answer I got was discussion of security policies of PRC's > firewall and methods to get around it would definitely not be > OK to discuss. Two of the many problems would be: > > 1) this is defamatory towards the state agency that run the > firewalls > 2) this could be considered release of state secrets > > Answer seemed pretty solid that this topic was not one that > most people would consider a really bad idea to discuss in PRC. Too many negatives in that sentence for me to parse. Did you mean "was one that ...bad idea to discuss" or "ok to discuss"? >> 10) If the meeting is canceled, will the IETF be reimbursing >> the registration fees? That question may have an answer under US or European law (and probably other places): if someone paid the registration fee for a meeting, and paid for non-refundable airline tickets, hotel room, etc., on the basis of a good-faith assumption that the meeting would be held, would he or she have the right to a reasonable expectation of recovering those costs if the meeting were called off? Called off on any basis other than what I believe some lawyers call an Act of God? If the IAOC has gotten legal advice on this --from the IAOC's point of view, IASA's liability to participants if a meeting were cancelled-- could that advice be shared. > As an interesting side note, it seems that some people think > that many of these things are officially illegal but they are > fine to do anyway because other meetings are doing them etc. > This is not a position I share and more importantly, it is not > a position where I am willing to ask our WG Chairs, authors, > and other volunteers to do something illegal because it will > all be fine. Even if there are no short term consequences, I > can imagine a case where 10 years later someone is seeking > security clearance and this comes back to bite them. Concur For the record, I'm still generally in favor of a meeting in Beijing. But I agree with Cullen that answers to these types of questions should be extremely clear before a decision to go is made and that, if any of the answers are sub-optimal, that the IESG should make a formal decision, after reviewing community input, etc., as to whether they believe that a satisfactory meeting can be held in spite of them. And I believe we should hold any potential meeting site to those standards, i.e., that this is not about the PRC. john _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf