Without responding to Eliot's point in detail, one comparison point would be the HTML Priority of Constituencies:
"In case of conflict, consider users over authors over implementors over
specifiers over theoretical purity. In other words costs or difficulties
to the user should be given more weight than costs to authors; which in
turn should be given more weight than costs to implementors; which should
be given more weight than costs to authors of the spec itself, which
should be given more weight than those proposing changes for theoretical
reasons alone. Of course, it is preferred to make things better for
multiple constituencies at once."
I've certainly found this to be a useful framing of design principles that helps one reason about alternative designs. Perhaps that's one direction to take this document.
-Ekr
On Tue, Mar 19, 2019 at 3:22 AM Eliot Lear <lear@xxxxxxxxx> wrote:
Hi Jari,First, thanks to Mark for writing a provocative draft worthy of his role on the IAB.TL;DR I do not believe this document asks the right question, and further believe that there may be a better approach to take.On 19 Mar 2019, at 09:06, Jari Arkko <jari.arkko@xxxxxxxxx> wrote:My personal opinion is that it would be useful for the IETF to state its preference to benefit the users, and to begin with, consider the impacts its technology may have on the various relationships among users, and various other players. Of course, in many cases we are already doing this (and debating it!), but there’s obviously always room for improvement.
I do think though that if the document goes forward, it would be beneficial to rethink the examples. “Network operators and equipment vendors” as the threat picture… doesn’t sound to me like 2019 at all, with all the technology and deployment changes we’ve had in the last few years. How about “large content and application providers”? This seems like a major issue in today’s Internet.You raise an important point. More broadly, I would find it strange that someone participating here believes that he or she is not acting in the interests of the end users.
- Network operators believe they are acting in the interests of end users by intercepting threats to them.
- Browser developers believe they are operating in the interests of end users when they protect the privacy of communications.
- Social network providers believe they are operating in the interests of end users by providing them fora in which to congregate.
- Content providers believe they are operating in the interests of end users by providing them meaningful and sometimes entertaining content..
- Cloud providers believe they are operating in the interests of end users by supporting applications.
- Firewall vendors believe they are operating in the interests of end users even by eavesdropping on corporate communications to prevent embezzlement.
- Some civil society organizations believe they are operating in the interests of end users by preventing unwarranted and undetected surveillance by governments.
- Governments believe they are operating in the interests of end users by identifying risks to their citizens.
The document, however, is framed as though only a handful of these groups are operating in the interest of end users. And that is problematic, because it will lead to incessant argument over just who represents 7 billion people (did I mention the UN above?) with unpredictable and potentially perverse consequences.This leads to a question: what behavior do we actively want to change? What outcome went wrong that we would want to correct? Like you, Jari, I am hard pressed to find an applicable example, which is why I suspect the Examples section is so paltry. Put another way, what would be the practical ramifications of adopting this work as a BCP?Having a food fight over who best represents the user isn’t productive. We all think we do. And we all want to leave the world better than we found it. I would, therefore, propose that we frame our purpose accordingly, borrowing from the work of others, such as Hippocrates and Maimonides.. Practitioners of all sorts have ethics policies, including ISOC and the IEEE. Maybe what we really want is a promise from participants that they work for the betterment of society, however they understand that to mean, and that the higher they rise in leadership at the IETF, the more we will expect them to demonstrate having met that goal.If we are to take this up at all, and I am not opposed to doing so, I would suggest that we first be able to agree on the goal, that we have some understanding of what mechanism we want to use to achieve that goal, and that we understand the ramifications of our choices.The worst possible world is one in which we short circuit difficult decisions because we have enacted a policy that favors one view of users over another without regard to the consequences. Applying a normative imprimatur to this work that an IETF BCP carries would therefore be premature.Eliot
