The Internet is for End Users
mnot@mnot.net
https://www.mnot.net/
General
stakeholder
This document explains why, when a conflict cannot be avoided, the IETF considers end users as
its highest priority concern.
The issues list for this draft can be found at https://github.com/mnot/I-D/labels/for-the-users.
The most recent (often, unpublished) draft is at https://mnot.github.io/I-D/for-the-users/.
Recent changes are listed at https://github.com/mnot/I-D/commits/gh-pages/for-the-users.
See also the draft’s current status in the IETF datatracker, at
https://datatracker.ietf.org/doc/draft-nottingham-for-the-users/.
The IETF, while focused on technical matters, is not neutral about the purpose of its work in
developing the Internet; in “A Mission Statement for the IETF” , the definitions include:
The IETF community wants the Internet to succeed because we believe that the existence of the Internet, and its influence on economics, communication, and education, will help us to build a better human society.
and later in Section 2.1, “The Scope of the Internet” it says:
The Internet isn’t value-neutral, and neither is the IETF. We want the Internet to be useful for communities that share our commitment to openness and fairness. We embrace technical concepts such as decentralized control, edge-user empowerment and sharing of resources, because those concepts resonate with the core values of the IETF community. These concepts have little to do with the technology that’s possible, and much to do with the technology that we choose to create.
However, many in the IETF are most comfortable making what we believe to be purely technical
decisions; our process is defined to favor technical merit, through our well-known bias towards
“rough consensus and running code”.
Nevertheless, the running code that results from our process (when things work well) inevitably has
an impact beyond technical considerations, because the underlying decisions afford some uses while
discouraging others; while we believe we are making purely technical decisions, in reality that may
not be possible. Or, in the words of Lawrence Lessig :
Ours is the age of cyberspace. It, too, has a regulator… This regulator is code — the software and hardware that make cyberspace as it is. This code, or architecture, sets the terms on which life in cyberspace is experienced. It determines how easy it is to protect privacy, or how easy it is to censor speech. It determines whether access to information is general or whether information is zoned. It affects who sees what, or what is monitored. In a host of ways that one cannot begin to see unless one begins to understand the nature of this code, the code of cyberspace regulates.
This impact has become significant. As the Internet increasingly mediates key functions in
societies, it has unavoidably become profoundly political; it has helped people overthrow
governments and revolutionize social orders, control populations and reveal secrets. It has created
wealth for some individuals and companies, while destroying others’.
All of this raises the question: For whom do we go through the pain of gathering rough consensus
and writing running code?
There are a variety of identifiable parties in the larger Internet community that standards can
provide benefit to, such as (but not limited to) end users, network operators, schools, equipment
vendors, specification authors, specification implementers, content owners, governments,
non-governmental organisations, social movements, employers, and parents.
Successful specifications will provide some benefit to all of the relevant parties, because
standards do not represent a zero-sum game. However, there are sometimes situations where there is
a need to balance the benefits of a decision between two (or more) parties.
In these situations, when one of those parties is an “end user” of the Internet – for example, a
person using a Web browser, mail client, or other agent that connects to the Internet – the IETF
tends to protect their interests over those of parties such as network operators or equipement
vendors.
This document explains what is meant by “end users” in , why they tend to be prioritised in
IETF work in , and how that is done in .
In this document, “end users,” means non-technical users whose activities IETF protocols are
designed to support, sometimes indirectly. Thus, the end user of a protocol to manage routers is
not a router administrator; it is the people using the network that the router operates within.
An end user could be an individual, or it could be a collection of them; whether that be a social
movement, a business, or a government that represents a large number of people.
That said, end users are not necessarily a homogenous group; often, but not always, interactions on
the Internet are characterised by a seller/buyer, publisher/reader, or service provider/consumer
relationship.
Also, it’s important to note that even though we use the term “user” here, this does not
necessarily denote a passive relationship with the Internet; someone producing content, selling
goods or providing a service is equally a user of the Internet. The emphasis here is on “end” – as
in endpoint .
Similarly, a person whose interests we need to consider might not directly be an end-user of
a specific system connected to the Internet. For example, if a child is using a browser, the
interests of that child’s parents or guardians may be relevant; if a person is pictured in
a photograph, that person may have an interest in systems that process that photograph, or
if a person entering a room triggers sensors that send data to the Internet than that person’s
interests may be involved in our deliberations about how those sensor readings are handled.
While such less-direct interactions between people and the Internet may be harder to evaluate
compared to those involving people with accounts on some web service, such people are nonetheless
included in this document’s concept of end-user.
While networks need to be managed, employers and equipment vendors need to meet business goals, and
so on, the IETF’s mission is to “build a better human society” and – on the Internet
– society is composed of end users, along with groups of them forming business, governments,
clubs, civil society organizations, and other institutions that influence it.
Prioritising end users helps the IETF achieve its mission, and also helps to assure the long-term
health of the Internet. By prioritising their concerns, we assure that the Internet reaches the
greatest number of people, thereby delivering greater utility by maximising its network effect.
Prioritising end users’ needs also helps to assure that the Internet itself retains end users’
trust, preserving the benefit its network effect brings.
The IETF community does not have any specific insight into what is “good for end users”; to help
make decisions involving them, it interacts with the greater Internet community. Because end users
are typically not technical experts, the IETF has a responsibility to consider their interests, and
engages with those who understand how IETF work will affect end users, such as civil society
organisations, as well as governments, businesses and other groups representing some aspect of end
user interests.
When we’ve identified a conflict between the interests of end users and another stakeholder (e.g.,
a network operator), and need a “tiebreaker”, we should err on the side of finding a solution that
doesn’t harm end users.
Note that “harm” is not defined in this document; that is something that the relevant body (e.g.,
Working Group) needs to discuss.
The IETF has already established a body of guidance for situations where this sort of conflict is
common, including (but not limited to) on filtering, and on
pervasive surveillance, on host firewalls, and regarding privacy
considerations.
When such advice is not yet available, we try to find a different solution, or another way to frame
the problem, distilling the underlying principles into more general advice where appropriate.
When the needs of different end users conflict; for example, between governments and individuals,
we again try to minimise harm – this time, to the greatest number and most specific of end users.
In other words, when a decision improves the Internet for end users in one jurisdiction, but at the
cost of potential harm to others elsewhere, that is not a good tradeoff.
There may be cases where genuine technical need requires compromise. However, such tradeoffs are
carefully examined, and avoided when there are alternate means of achieving the desired goals. If
they cannot be, these choices and reasoning ought to be carefully documented.
IPv6 can be used to assign a client with a unique address prefix – even though this provides a way to track end user activity and helps identify them – because it is technically necessary to provide networking (and despite this, there are mechanisms like to mitigate this effect, for those users who desire it).
Different network operator communities have, from time to time, asked for a mechanism that would allow them to insert themselves into HTTPS connections to interpose caching and other performance optimisations. This was rejected for a number of reasons, including that end users’ conception of HTTPS as an encrypted end-to-end protocol had already formed, so that changing it would harm user security.
TODO: more examples.
This document does not require action by IANA.
This document does not have direct security impact; however, failing to prioritise end users might
well affect their security negatively in the long term.
Code Is Law: On Liberty in Cyberspace
Harvard Magazine
A Mission Statement for the IETF
This memo gives a mission statement for the IETF, tries to define the terms used in the statement sufficiently to make the mission statement understandable and useful, argues why the IETF needs a mission statement, and tries to capture some of the debate that led to this point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture
IAB
The end-to-end principle is the core architectural guideline of the Internet. In this document, we briefly examine the development of the end-to-end principle as it has been applied to the Internet architecture over the years. We discuss current trends in the evolution of the Internet architecture in relation to the end-to-end principle, and try to draw some conclusion about the evolution of the end-to-end principle, and thus for the Internet architecture which it supports, in light of these current trends. This memo provides information for the Internet community.
Technical Considerations for Internet Service Blocking and Filtering
The Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on "blocking" and "filtering", the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.
Pervasive Monitoring Is an Attack
Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.
Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement
Since the initial revelations of pervasive surveillance in 2013, several classes of attacks on Internet communications have been discovered. In this document, we develop a threat model that describes these attacks on Internet confidentiality. We assume an attacker that is interested in undetected, indiscriminate eavesdropping. The threat model is based on published, verified attacks.
Reflections on Host Firewalls
In today's Internet, the need for firewalls is generally accepted in the industry, and indeed firewalls are widely deployed in practice. Unlike traditional firewalls that protect network links, host firewalls run in end-user systems. Often the result is that software may be running and potentially consuming resources, but then communication is blocked by a host firewall. It's taken for granted that this end state is either desirable or the best that can be achieved in practice, rather than (for example) an end state where the relevant software is not running or is running in a way that would not result in unwanted communication. In this document, we explore the issues behind these assumptions and provide suggestions on improving the architecture going forward.
Privacy Considerations for Internet Protocols
This document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content.
Internet Protocol, Version 6 (IPv6) Specification
This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460.
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
Nodes use IPv6 stateless address autoconfiguration to generate addresses using a combination of locally available information and information advertised by routers. Addresses are formed by combining network prefixes with an interface identifier. On an interface that contains an embedded IEEE Identifier, the interface identifier is typically derived from it. On other interface types, the interface identifier is generated through other means, for example, via random number generation. This document describes an extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodes to generate global scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier. Changing the interface identifier (and the global scope addresses generated from it) over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node. [STANDARDS-TRACK]
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1 messages, as expressed by request methods, request header fields, response status codes, and response header fields, along with the payload of messages (metadata and body content) and mechanisms for content negotiation.
Thanks to Edward Snowden for his comments regarding the priority of end users at IETF93.
Thanks to the WHATWG for blazing the trail with the Priority of Constituencies.
Thanks to Harald Alvestrand for his substantial feedback and Mohamed Boucadair, Stephen Farrell,
Joe Hildebrand, Lee Howard, Russ Housley, Niels ten Oever, Mando Rachovitsa, Martin Thomson, and
Brian Trammell for their suggestions.