Freedom of Association on the InternetUniversity of Amsterdammail@nielstenoever.netDerechos Digitalesgisela@derechosdigitales.org
IRTF
Human Rights Protocol Considerations Research GroupInternet-DraftThis document scopes the relation between Internet protocols and the right to freedom of assembly and association. Increasingly, the Internet mediates our lives, our relationships and our ability to excercise our human rights. The Internet provides a global public space, but one that is built on private infrastructure. Since Internet protocols play a central role in the management, development and use of the Internet, the relation between protocols and the aforementioned rights should be documented and any adverse impacts of this relation should be mitigated.The Internet is a technology which shapes modern information societies. The ordering that the Internet provides is socio-technical, in other words, the Internet infrastructure and architecture consists of social and technological arrangements . This odering is not always apparent because infrastructure also tends to hide itself in the societal woodwork , or with : ‘The most profound technologies are those that disappear’. Next to that infrastructure is often taken for granted by those using it. Infrastructure therefore mostly presents itself either to an epistemic community of experts or to a larger public upon breakdown. With the increasing societal use of the Internet the importance of the Internet is growing, and the decisions made about its infrastructure and architecture therefore also become more important. established the relationship between human rights and Internet protocols, and in this document we seek to uncover the relation between two specific human rights and the Internet infrastructure and architecture.The right to freedom of assembly and association protects collective expression, in turn, systems and protocols than enable communal communication between people and servers allow these rights to prosper. The Internet itself was originally designed as “a medium of communication for machines that share resources with each other as equals” , the Internet thus forms a basic infrastructure for the right freedom of assembly and association.The manner in which communication is designed and implemented impacts the ways in which rights can be excercised. For instance a decentralized and resilient architecture that protects anonimity and privacy, offers a strong protection for the exercise of such freedoms in the online environment. At the same time, centralized solutions have enabled people to group together in recognizable places and helped the visbility of groups. In other words, different architectural designs come with different affordances, or characteristics. These characteristics should be taken into account at the time of design, and when designing, updating and maintaining other parts of the architecture and infrastructure.This draft continues the work started in by investigating the exact impact of Internet protocols on a specific human rights, namely the right to freedom of assembly and association given their importance for the Internet, in order to mitigate (potential) negative impacts.
The design of a structure
Autonomous Systems are the unit of routing policy in the modern world of exterior routing .Within the Internet, an autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet .The classic definition of an Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs .
An inter-Autonomous System routing protocol .
The extent to which a device or network is able to reach other devices or networks to exchange data. The Internet is the Stool for providing global connectivity . Different types of connectivity are further specified in . The combination of the end-to-end principle, interoperability, distributed architecture, resilience, reliability and robustness are the enabling factors that result in connectivity to and on the Internet.
The ability to export ones data from a databases in a format that is compatible with other databases.
Implementation or deployment of standards, protocols or systems without one single point of control.
A system with multiple components that have their behavior co-ordinated via message passing. These components are usually spatially separated and communicate using a network, and may be managed by a single root of trust or authority.
Underlying basis or structure for a functioning society, organization or community. Because infrastructure is a precondition for other activities it has a procedural, rather than static, nature due to its social and cultural embeddedness. . This means that infrastructure is always relational: infrastructure always develops in relation to something or someone .
The Network of networks, that consists of Autonomous Systems that are connected through the Internet Protocol (IP).A persistent socio-technical system over which services are delivered A techno-social assemblage of devices, users, sensors, networks, routers, governance, administrators, operators and protocolsAn emergent-process-driven thing that is born from the collections of the ASes that happen to be gathered together at any given time. The fact that they tend to interact at any given time means it is an emergent property that happens because they use the protocols defined at IETF.How does the internet architecture enable and/or inhibit freedom of association and assembly?If the Internet is used to excercise the right to freedom of association, what are the implications for its architecture and infrastructure?In order to answer the research questions, first a number of cases have been collected to analyze where Internet infrastructure and protocols have either enabled or inhibited groups of people to collaborate, cooperate or communicate. This overview does not aim to cover all possible ways in which people can collectively organize or reach out to each other using Internet infrastructure and Internet protocols, but rather cover typical uses in an effort of doing an ethnography of infrastructure . Subsequently we analyze the cases with the theoretical framework provided in the literature review and provide recommendations based on the findings.The right to freedom of assembly and association protects and enables collective action and expression . These rights ensure everyone in a society has the opportunity to express the opinions they hold in common with others, which in turn facilitates dialogue among citizens, as well as with political leaders or governments . This is relevant because in the process of democratic delibration, causes and opinions are more widely heard when a group of people come together behind the same cause or issue .In international law, the right to freedom of assembly and association protects any collective, gathered either permanently or temporarily for “peaceful” purposes. We will later expand on the definitions and limits of “peacefulness” within these rights. For now it is important to underline the propery of “freedom” because the right to freedom of association and assembly is voluntary and uncoerced: anyone can join or leave a group of choice, which in turn means on should not be forced to either join, stay or leave.The difference between freedom of assembly and freedom of association is merely gradual one: the former tends to have an informal and ephemeral nature, whereas the latter refers to established and permanent bodies with specific objectives. Nonetheless, one and the other are protected to the same degree.An assembly is an intentional and temporary gathering of a collective in a private or public space for a specific purpose: demonstrations, indoor meetings, strikes, processions, rallies or even sits-in . Association on the other hand has a more formal and established nature. It refers to a group of individuals or legal entities brought together in order to collectively act, express, pursue or defend a field of common interests . Within this category we can think about civil society organizations, clubs, cooperatives, NGOs, religious associations, political parties, trade unions or foundations.The right to freedom of assembly and association is quitessential for the Internet, even if privacy and freedom of expression are the most discussed human rights when it comes to the online world. Online association and assembly are crucial to mobilise groups and people where physical gatherings have been impossible or dangerous . Throughout the world -from the Arab Spring to Latin American student movements- the Internet has also played a crucial role by providing a means for the fast dissemination of information that was otherwise mediated by broadcast media, or even forbidden by the government . According to Hussain and Howard the Internet helped to “build solidarity networks and identification of collective identities and goals, extend the range of local coverage to international broadcast networks” and as platform for contestation for the future of “the future of civil society and information infrastructure” .The IETF itself, defined as a ‘open global community’ of network designers, operators, vendors, and researchers, is also protected by freedom of assembly and association . Discussions, comments and consensus around RFCs are possible because of the collective expression that freedom of association and assembly allow. The very word “protocol” found its way into the language of computer networking based on the need for collective agreement among network users .We are aware that some of these examples go beyond the use of Internet protocols and flow over into the applications layer or examples in the offline world whereas the purpose of the following document is to break down the relationship between Internet protocols and the right to freedom of assembly and association. Nonetheless, given that protocols are a part of the socio-technical ordering of reality, we do recognize that in some cases the line between them and applications, implementations, policies and offline realities are often blurred and hard (if not impossible) to differentiate.The Internet has become a central mediator for collective action and collaboration. This means the Internet has become a strong enabler of the rights to freedom of association and assembly.Here we will discuss different cases to give an overview of how the Internet protocol and architecture facilitates the freedom of assembly and association.+An interactive conversation between two or more people forms the basis for people to organize and associate. According to Anderson “the relationship between political conversation and engagement in the democratic process is strong.” . By this definition, what defines the “political” is essentially assembly or association: a basis for the development of social cohesion in society.Since the beginning of the Internet mailing lists have been a key site of assembly and association . In fact, mailing lists were one of the Internet’s first functionalities .In 1971, four years after the invention of email, the first mailing list was created to talk about the idea of using Arpanet for discussion. What had initially propelled the Arpanet project forward as a resource sharing platform was gradually replaced by the idea of a network as a means of bringing people together . More than 45 years after, mailing lists are pervasive and help communities to engage, have discussion, share information, ask questions, and build ties. Even as social media and discussion forums grew, mailing lists continue to be widely used . They are a crucial tool to organise groups and individuals around themes and causes .Mailinglist are still in wide use, also in the IETF because they allow for easy association and allow people to subscribe (join) and unsubscribe (leave) as they please. They also allow for association of specific groups on closed lists. Finally the archival function allows for accountabilty. The downsides of mailinglists are similar to the ones generally associated with e-mail, except that end-to-end encryption such as OpenPGP and S/MIME is not possible because the final recipients are not known. There have been experimental solutions to address this issues such as Schleuder , but this has not been standardized or widely deployed.Multi-party video conferencing protocols such as WebRTC allow for robust, bandwidth-adaptive, wideband and super-wideband video and audio discussions in groups. ‘The WebRTC protocol was designed to enable responsive real-time communications over the Internet, and is instrumental in allowing streaming video and conferencing applications to run in the browser. In order to easily facilitate direct connections between computers (bypassing the need for a central server to act as a gatekeeper), WebRTC provides functionality to automatically collect the local and public IP addresses of Internet users (ICE or STUN). These functions do not require consent from the user, and can be instantiated by sites that a user visits without their awareness. The potential privacy implications of this aspect of WebRTC are well documented, and certain browsers have provided options to limit its behavior.’ .While facilitating freedom of assembly and association multi-party video conferencing tools might pose concrete risks for those who use them. One the one hand WebRTC is providing a resilient channels of communications, but on the other hand it also exposes information about those who are using the tool which might lead to increased surveillance, identification and the consequences that might be derived from that. This is especially concerning because the usage of a VPN does not protect against the exposure of IP addresses .The risk of surveillance is also true in an offline space, but this is generally easy to analyze for the end-user. Security and privacy expectations of the end-user could be made more clear to the user (or improved) which would result in a more secure and/or private excercise or the right to freedom of assembly or association.Internet Relay Chat (IRC) is an application layer protocol that enables communication in the form of text through a a client/server networking model . In other words, a chat service. IRC clients are computer programs that a user can install on their system. These clients communicate with chat servers to transfer messages to other clients .For order to be kept within the IRC network, special clases of users become “operators” and are allowed to perform general maintenance functions on the network: basic network tasks such as disconnecting (temporary or permanently) and reconnecting servers as needed . One of the most controversial power of operators is the ability to remove a user from the connected network by ‘force’, i.e., operators are able to close the connection between any client and server .IRC servers may deploy different policies for the ability of users to create their own channels or ‘rooms’, and for the delegation of ‘operator’-rights in such a room. Some IRC servers support SSL/TLS connections for security purposes. This helps stop the use of packet sniffer programs to obtain the passwords of IRC users, but has little use beyond this scope due to the public nature of IRC channels. SSL connections require both client and server support (that may require the user to install SSL binaries and IRC client specific patches or modules on their computers). Some networks also use SSL for server to server connections, and provide a special channel flag (such as +S) to only allow SSL-connected users on the channel, while disallowing operator identification in clear text, to better utilize the advantages that SSL provides.At the organizational level, peer production is one of the most relevant innovations from Internet mediated social practices. According to , it implies ‘open collaborative innovation and creation, performed by diverse, decentralized groups organized principally by neither price signals nor organizational hierarchy, harnessing heterogeneous motivations, and governed and managed based on principles other than the residual authority of ownership implemented through contract.’ .In his book The Wealth of Networks, Benkler significantly expands on his definition of commons-based peer production. According to Benkler, what distinguishes commons-based production is that it doesn’t rely upon or propagate proprietary knowledge: “The inputs and outputs of the process are shared, freely or conditionally, in an institutional form that leaves them equally available for all to use as they choose at their individual discretion.” To ensure that the knowledge generated is available for free use, commons-based projects are often shared under an open license.Peer-to-peer (P2P) is esentially a model of how people interact in real life because “we deal directly with one another whenever we wish to” . Usually if we need something we ask our peers, who in turn refer us to other peers. In this sense, the ideal definition of P2P is that “nodes are able to directly exchange resources and services between themselves without the need for centralized servers” and where each participating node typically acts both as a server and as a client . In RFC 5694 P2P has been defined as peers or nodes that should be able to communicate directly between themselves without passing intermediaries, and that the system should be self-organizing and have decentralized control . With this in mind, the ultimate model of P2P is a completely decentralized system, which is more resistant to speech regulation, immune to single points of failure and have a higher performance and scalability. Nonetheless, in practice some P2P systems are supported by centralized servers and some others have hybrid models where nodes are organized into two layers: the upper tier servers and the lower tier common nodes .Since the ARPANET project, the original idea behind the Internet was conceived as what we would now call a peer-to-peer system . Over time it has increasingly shifted towards a client/server model with “millions of consumer clients communicating with a relatively priviledged set of servers” .Whether for resource sharing or data sharing, P2P systems are a form of enabling freedom of assembly and association. Not only they allow for effective dissemination of information, but because they leverage computing resources by diminishing costs allowing for the formation of open collectives at the network level. At the same time, in completely descentralized systems the nodes are autonomous and can join or leave the network as they want also makes the system unpredicable: a resource might be only sometimes available, and some others it might be missing or incomplete . Lack of information might in turn make association or assembly more difficult.Additionally, when one architecturally asseses the role of P2P systems one can say that: “The main advantage of centralized P2P systems is that they are able to provide a quick and reliable resource locating. Their limitation, however, is that the scalability of the systems is affected by the use of servers. While decentralized P2P systems are better than centralized P2P systems in this aspect, they require a longer time in resource locating. As a result, hybrid P2P systems have been introduced to take advantage of both centralized and decentralized architectures. Basically, to maintain the scalability, similar to decentralized P2P systems, there are no servers in hybrid P2P systems. However, peer nodes that are more powerful than others can be selected to act as servers to serve others. These nodes are often called super peers. In this way, resource locating can be done by both decentralized search techniques and centralized search techniques (asking super peers), and hence the systems benefit from the search techniques of centralized P2P systems.” Ever since developers needed to collaboratively write, maintain and discuss large code basis for the Internet there have been different approaches of doing so. One approach is discussing code through mailing lists, but this has proven to be hard in case of maintaining the most recent versions. There are many different versions and characteristics of version control systems.A version control system is a piece of software that enables developers on a software team to work together and also archive a complete history of their work . This allows teams to be working simultaneously on updated. According to Sink, broadly speaking, the history of version control tools can be dividied into three generations. In the first one, concurrent development meant that only one person could be working on a file at a time. The second generation tools permit simultaneous modifications as long as users merge the current revisions into their work before they are allowed to commit. The third generation tools allow merge and commit to be separated .Interestingly no version control system has ever been standardized in the IETF whereas the version control systems like Subversion and Git have are widely used within the community, as well as by working groups. There has been a spirited discussion on whether working groups should use centralized forms of the Git protocol, such as those offered by Gitlab or Github. Proponents argue that this simplifies the workflow and allows for a more transparent workflow. Opponents argue that the relience on a centralized service which is not merely using the Git protocol, but also used non-standardize options like an Issue-Tracker, makes the process less transparent and reliant on a third party.The IETF has not made a decision on the use of centralized instances of git, such as Github or Gitlab. There have been two efforts to standardize the workflow vis a vis these third party services, but these haven’t come to fruition:
https://www.ietf.org/archive/id/draft-nottingham-wugh-services-00.txt
https://www.ietf.org/archive/id/draft-thomson-github-bcp-00.txtCollective identities are also protected by freedom of association and assembly. Acording to Melucci these are ‘shared definitions produced by several interacting individuals who are concerned with the orientation of their action as well as the field of opportunities and constraints in which their action takes place.’ In this sense, assemblies and associations are an important base in the maintenance and development of culture, as well as preservation of minority identities .Domain names allow hosts to be identified by human parsable information. Whereas an IP address might not be the expression of an identity, a domain name can be, and often is. On the other hand the grouping of a certain identity under a specific domain or even a Top Level Domain brings about risks because connecting an identity to a hierarchically structured identifier systems creates a central attack surface. Some of these risks are the surveillance of the services running on the domain, domain based censorship , or impersonation of the domain through DNS cache poisoning. Several technologies have been developed in the IETF to mitigated these risks such as DNS over TLS , DNSSEC , and TLS . These mitigations would, when implemented, not make censorship impossible, but rather make it visible. The use of a centralized authority always makes censorship through a registry or registrar possible, as well as by using a fake resolver or using proposed standards such as DNS Response Policy Zones .The structuring of DNS as a hierarchical authority structure also brings about specific characteristic, namely the possibility of centralized policy making vis a vis the management and operation of Top Level Domains, which is what (in part) happens at ICANN. The impact of ICANN processes on human rights will not be discussed here.In order for edge-users to connect to the Internet, they need to be connected to an Automous System (AS) which, in turn, has peering or transit relations with other AS’es. This means that in the process of accessing the Internet, edge-users need to accept the policies and practices of the intermediary that provides them access to the other networks. In other words, for users to be able to join the ‘network of networks’, they always need to connect through an intermediary.While accessing the Internet through an intermediary, the user is forced to accept the policies, practices and principles of a network. This could impede the rights of the edge-user, depending on the implemented policies and practices on the network and how (if at all) they are communicated to them. For example: filtering, blocking, extensive logging, slowing down connection or specific services, or other invasive practices that are not clearly communicated to the user.In some cases it also means that there is no other way for the edge-user to connect to the network of networks, and is thus forced into accepting the policies of a specific network, because it is not trivial for an edge-user to operate an AS and engage in peering relation with other ASes. This design, combined with the increased importance of the Internet to make use of basic services, forces edge-user to engage in association with a specific network eventhough the user does not consent with the policies of the network.This is also true for the Border Gateway Protocol - the protocol that selects the route for traffic over the Internet. Aside from significant security issues there is no transparency about the routes that packets have taken, and thus it is also unclear which ASes a packet has transversed.The Internet increasingly becomes a vehicle for commercial, propietary, non-interoperable platforms. The Internet has always allowed for closed-off networks, but the current trend show the rise of a small number of very large non-interoperable platforms. Chat has moved from finger , XMPP and IRC to Facebook Messenger, Whatsapp and WeChat and there has been a strong rise of social media networks with large numbers of users, such as Facebook, Twitter and Instagram. A similar trend can be found among e-mail providers, with the significant difference that e-mail is interoperable.Often these non-interoperable platform are built on open-protocols but do not allow for inter-operability or data-portability. In the case of these large platforms this leads to strong network externalities, also know as a network effect; because the users are there, users will be there. The use of social-media platforms has enabled groups to associate, but is has also led to a ‘tactical freeze’ because of the inability to change the platforms . Whereas these networks a ready-to-hand networked public sphere, it does not allow for its inhabitants to change, or fully understand, their workings.This potentially has a significant impact on the distributed nature of the Internet .It is undeniable that communities, collaboration and joint action lie at the heart of the Internet. Even at at linguistical level, the words “networks” and “associations” are close synonyms. Both interconnected groups and assemblies of people depend on “links” and “relationships” .
Assemblies however have an inherently temporary nature, whereas associations do not. Taking these definition and the previous analysis into consideration, we argue that the Internet constitutes an an association. What are the implications of this? Does it mean that every network is an assembly within the association and has absolute freedom to implement its own rules? Or does the importance of a functioning ‘larger’ association (the Internet) has prevails over the preferences of the smaller assemblies (individual AS’es)? Or rather, is there a tipping point? For instance if an operator (an AS) wants to filter a specific IP-range. Today, they can do it technically (it is quite easy) and legally (their network, their rules, and, for this specific case, few people would complain). But if everyone started to do it, and to filter networks they don’t like (or filtering TLDs they don’t like in their DNS resolvers), then there would be a significant problem. A minority of operators filtering a specific IP-range, the Internet would still work and would still be “the Internet”. A majority of operators filtering a lot of networks they don’t like and, at a point, this would no longer be the Internet. This is a case
where quantitative changes bring qualitative changes: too much
filtering and we would no longer have a global network. Despite that fact that each AS has the right to take decisions such as filtering, if everyone started to exercice this right fully, this would destroy the Internet.The demands that have been set for ASes is very limited and are based on routing principles: an AS must be used for exchanging external routing information with other ASes through BGP, should therefore use BGP and IP and have a routing policy . So in order to be able to connect to the Internet as an AS, which means to engage in peering or transit relations, there are basic rules one needs to adhere to. But theses rules do not say anything on how the AS will or should treat traffic on its network. If we take the example of ASes, we could say they are private infrastructure (therefore souvereign with the ability to set their own policies), but jointly they form a type of public infrastructure, from the moment the receive an Autonomous Systems Number. But, even things that are private, need to live up to standards because they have public consequences. Especially because specific behaviour of ASes can lead to vicious or virtuous circles.The Internet is made of up interconnected ASes (one would argue that this doesn’t include IXPs, but most modern IXPs will have an ASN for their route server (and possibly a separate ASN for their management infrastructure), which jointly form an association. This association should be protected. This means that rights and obligations that sterm from this organizational form, should also be protected and respected.The Internet has an impact on the ability for people to excercise their right to freedom of association and assembly. The Internet, since its inception has enabled people to jointly communicate, collaborate and collaborate. The same could also be argued with relation to freedom of expression, some have argued that the text in article 19 of the reads like a description of the Internet:The difference between freedom of expression and freedom of association and assembly is that the Internet itself takes the form on an association; it reproduces its features of collaboration. Recognizing this is a crucial step in determining architectural features of the Internet and its usage.Fred Baker, Jefsey, and Andrew Sullivan for work on Internet definitionsStephane Bortzmeyer for several concrete text suggestions that found their way in this document (such as the AS filtering example)the hrpc mailinglist at large for a very constructive discussion on a hard topic.As this draft concerns a research document, there are no security considerations.This document has no actions for IANA.The discussion list for the IRTF Human Rights Protocol Considerations Research Group is located at the e-mail address hrpc@ietf.org. Information on the group and information on how to subscribe to the list is at
https://www.irtf.org/mailman/listinfo/hrpcArchives of the list can be found at:
https://www.irtf.org/mail-archive/web/hrpc/current/index.htmlHost SoftwareARPA Network mailing listsProblems with the maintenance of large mailing listsThis RFC discusses problems with maintaining large mailing lists, especially the processing of error reports. This memo provides information for the Internet community. It does not specify an Internet standard.Towards the Future Internet ArchitectureThis informational RFC discusses important directions for possible future evolution of the Internet architecture, and suggests steps towards the desired goals. This memo provides information for the Internet community. It does not specify an Internet standard.The Finger User Information ProtocolThis memo describes the Finger user information protocol.This is a simple protocol which provides an interface to a remote user information program. [STANDARDS-TRACK]A Border Gateway Protocol 4 (BGP-4)This document, together with its companion document, "Application of the Border Gateway Protocol in the Internet", define an inter-autonomous system routing protocol for the Internet. [STANDARDS-TRACK]Guidelines for creation, selection, and registration of an Autonomous System (AS)This memo discusses when it is appropriate to register and utilize an Autonomous System (AS), and lists criteria for such. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Internet Relay Chat: Client ProtocolThis document defines the Client Protocol, and assumes that the reader is familiar with the IRC Architecture. This memo provides information for the Internet community.Defining the IETFThis document gives a more concrete definition of "the IETF" as it understood today. Many RFCs refer to "the IETF". Many important IETF documents speak of the IETF as if it were an already-defined entity. However, no IETF document correctly defines what the IETF is. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Architectural Principles of the InternetThe Internet and its architecture have grown in evolutionary fashion from modest beginnings, rather than from a Grand Plan. While this process of evolution is one of the main reasons for the technology's success, it nevertheless seems useful to record a snapshot of the current principles of the Internet architecture. This is intended for general guidance and general interest, and is in no way intended to be a formal or invariant reference model. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.DNS Security Introduction and RequirementsThe Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. This document introduces these extensions and describes their capabilities and limitations. This document also discusses the services that the DNS security extensions do and do not provide. Last, this document describes the interrelationships between the documents that collectively describe DNSSEC. [STANDARDS-TRACK]Internet X.509 Public Key Infrastructure Warranty Certificate ExtensionThis document describes a certificate extension to explicitly state the warranty offered by a Certificate Authority (CA) for the certificate containing the extension. This memo provides information for the Internet community.Terminology for Describing Internet ConnectivityAs the Internet has evolved, many types of arrangements have been advertised and sold as "Internet connectivity". Because these may differ significantly in the capabilities they offer, the range of options, and the lack of any standard terminology, the effort to distinguish between these services has caused considerable consumer confusion. This document provides a list of terms and definitions that may be helpful to providers, consumers, and, potentially, regulators in clarifying the type and character of services being offered. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.A Border Gateway Protocol 4 (BGP-4)This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol.The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced.BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths.This document obsoletes RFC 1771. [STANDARDS-TRACK]OpenPGP Message FormatThis document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws.OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. [STANDARDS-TRACK]Internet Security Glossary, Version 2This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed. This memo provides information for the Internet community.The Transport Layer Security (TLS) Protocol Version 1.2This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]Peer-to-Peer (P2P) Architecture: Definition, Taxonomies, Examples, and ApplicabilityIABIn this document, we provide a survey of P2P (Peer-to-Peer) systems. The survey includes a definition and several taxonomies of P2P systems. This survey also includes a description of which types of applications can be built with P2P technologies and examples of P2P applications that are currently in use on the Internet. Finally, we discuss architectural trade-offs and provide guidelines for deciding whether or not a P2P architecture would be suitable to meet the requirements of a given application. This memo provides information for the Internet community.Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message SpecificationThis document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.2. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 3851. [STANDARDS-TRACK]Prohibiting Secure Sockets Layer (SSL) Version 2.0This document requires that when Transport Layer Security (TLS) clients and servers establish connections, they never negotiate the use of Secure Sockets Layer (SSL) version 2.0. This document updates the backward compatibility sections found in the Transport Layer Security (TLS). [STANDARDS-TRACK]Privacy Considerations for Internet ProtocolsThis document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content.The WebSocket Protocol as a Transport for the Session Initiation Protocol (SIP)The WebSocket protocol enables two-way real-time communication between clients and servers in web-based applications. This document specifies a WebSocket subprotocol as a reliable transport mechanism between Session Initiation Protocol (SIP) entities to enable use of SIP in web-oriented deployments.Technical Considerations for Internet Service Blocking and FilteringThe Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on "blocking" and "filtering", the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.Specification for DNS over Transport Layer Security (TLS)This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS.This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic.Research into Human Rights Protocol ConsiderationsThis document aims to propose guidelines for human rights considerations, similar to the work done on the guidelines for privacy considerations (RFC 6973). The other parts of this document explain the background of the guidelines and how they were developed.This document is the first milestone in a longer-term research effort. It has been reviewed by the Human Rights Protocol Considerations (HRPC) Research Group and also by individuals from outside the research group.The Universal Declaration of Human RightsUnited Nations General AssemblyInternational Covenant on Civil and Political RightsUnited Nations General AssemblyDemocracy in AmericaDissecting 'Operation Ababil' - an OSINT AnalysisIran DDoSGuidelines for Writing RFC Text on Security ConsiderationsIETFWhat Best Explains Successful Protest Cascades? ICTs and the Fuzzy Causes of the Arab SpringReport of the Special Rapporteur on the rights to freedom of peaceful assembly and of associationFreedom of assembly and association online in India, Malaysia and Pakistan. Trends, challenges and recommendations.Association for Progressive CommunicationsSocial Networks, Privacy, and Freedom of Association: Data Empowerment vs. Data ProtectionThe Right to Protest Principles: Background PaperARTICLE 19Human rights defendersWhere Wizards Stay Up Late. The Origins of the InternetStudent Activism. Utopian Dreams.Inventing the InternetThe Filter Bubble: How the New Personalized Web Is Changing What We Read and How We ThinkThe Process of Collective IdentityMailing Lists: Why Are They Still Here, What’s Wrong With Them, and How Can We Fix Them?Commercial Speech on the Internet: Spam and the first amendmentPeer Production and CooperationFictitious Profiles and WebRTC's Privacy Leaks Used to Identify Iranian ActivistsGuidelines on Freedom of Peaceful AssemblyOSCE Office for Democratic Institutions and Human RightsA Network of Peers: Models Through the History of the InternetPeer-to-Peer Computing: Principles and ApplicationsThe Ethnography of InfrastructureSchleuder - A gpg-enabled mailinglist with remailing-capabilities.NadirThe WebRTC VPN “Bug” and How to FixDNS Response Policy Zones (RPZ)Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and DeploymentsSteps toward an ecology of infrastructure: Design and access for large information spacesThe computer for the 21st centuryIntroduction: epistemic communities and international policy coordinationInfrastructures and Their Discontents: Implications for UbicompInformation mythology and infrastructureInfrastructuring EnvironmentsInfrastructuring: Towards an Integrated Perspective on the Design and Use of Information TechnologyThe political voice of young citizens Educational conditions for political conversation – school and social mediaTwitter and Tear Gas: The Power and Fragility of Networked ProtestThe Computer for the 21st CenturyVersion Control by ExampleThe Digital Sublime: Myth, Power, and Cyberspace