The Internet is for End UsersPrahranVICAustraliamnot@mnot.nethttps://www.mnot.net/stakeholderThis document explains why the IAB believes that, when there is a
conflict between the interests of end users of the Internet and other
parties, IETF decisions should favor end users. It also explores how
the IETF can more effectively achieve this.Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Architecture Board
(IAB) and represents information that the IAB has deemed valuable
to provide for permanent record. It represents the consensus of the Internet
Architecture Board (IAB). Documents approved for publication
by the IAB are not candidates for any level of Internet Standard; see
Section 2 of RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document.
Table of Contents
. Introduction
. Who Are "End Users"?
. Why the IETF Should Prioritize End Users
. How the IETF Can Prioritize End Users
. Engaging the Internet Community
. Creating User-Focused Systems
. Identifying Negative End-User Impact
. Handling Conflicting End-User Needs
. Deprioritizing Internal Needs
. IANA Considerations
. Security Considerations
. Informative References
IAB Members at the Time of Approval
Acknowledgements
Author's Address
IntroductionMany who participate in the IETF are most comfortable making what we
believe to be purely technical decisions; our process
favors technical merit through our well-known mantra of "rough consensus
and running code."Nevertheless, the running code that results from our process (when
things work well) inevitably has an impact beyond technical
considerations, because the underlying decisions afford some uses while
discouraging others. While we believe we are making only technical
decisions, in reality, we are defining (in some degree) what is possible
on the Internet itself.This impact has become significant. As the Internet increasingly
mediates essential functions in societies, it has unavoidably become
profoundly political; it has helped people overthrow governments,
revolutionize social orders, swing elections, control populations,
collect data about individuals, and reveal secrets. It has created
wealth for some individuals and companies while destroying that of others.All of this raises the question: For whom do we go through the pain
of gathering rough consensus and writing running code?After all, there are a variety of parties that standards can benefit,
such as (but not limited to) end users, network operators, schools,
equipment vendors, specification authors, specification implementers,
content owners, governments, nongovernmental organizations, social
movements, employers, and parents.Successful specifications will provide some benefit to all the
relevant parties because standards do not represent a zero-sum
game. However, there are sometimes situations where there is a conflict
between the needs of two (or more) parties.In these situations, when one of those parties is an "end user" of
the Internet -- for example, a person using a web browser, mail client,
or another agent that connects to the Internet -- the Internet
Architecture Board argues that the IETF should favor their interests
over those of other parties. explains what is meant by "end
users", outlines why IETF work
should prioritize them, and
describes how we can do that.Who Are "End Users"?In this document, "end users" means human users whose activities
IETF standards support, sometimes
indirectly. Thus, the end user of a protocol to manage routers is not a
router administrator; it is the people using the network that the router
operates within.End users are not necessarily a homogenous group; they might have
different views of how the Internet should work and might occupy
several roles, such as a seller, buyer, publisher, reader, service
provider, and consumer. An end user might browse the Web, monitor
remote equipment, play a game, videoconference with colleagues,
send messages to friends, or perform an operation in a remote
surgery theater. They might be "at the keyboard" or represented by
software indirectly (e.g., as a daemon).Likewise, an individual end user might have many interests (e.g.,
privacy, security, flexibility, reachability) that are sometimes in
tension.A person whose interests we need to consider might not directly be
using a specific system connected to the Internet. For example, if a
child is using a browser, the interests of that child's parents or
guardians may be relevant. A person pictured in a photograph may have an
interest in systems that process that photograph; a person entering a
room with sensors that send data to the Internet may have interests that may
be involved in our deliberations about how those sensor readings are
handled.While such less-direct interactions between people and the Internet
may be harder to evaluate, this document's concept of "end user"
nonetheless includes such people.Why the IETF Should Prioritize End UsersEven before the IETF was established, the Internet technical
community has focused on user needs since at least , which stated that "One of our goals
must be to stimulate the immediate and easy use by a wide class of
users."And, while we specialize in technical matters, the IETF is not
neutral about the purpose of its work in developing the Internet; in "A
Mission Statement for the IETF" , the definitions include:
The IETF community wants the Internet to succeed because we
believe that the existence of the Internet, and its influence on economics,
communication, and education, will help us to build a better human
society.
Later, in "The Scope of the Internet" (),
it says:
The Internet isn't value-neutral, and neither is the IETF. We want
the Internet to be useful for communities that share our commitment to
openness and fairness. We embrace technical concepts such as decentralized
control, edge-user empowerment and sharing of resources, because those
concepts resonate with the core values of the IETF community. These concepts
have little to do with the technology that's possible, and much to do with the
technology that we choose to create.
In other words, the IETF develops and maintains
the Internet to promote the social good. The society that the IETF
is attempting to enhance is composed of end users, along with groups of
them forming businesses, governments, clubs, civil society
organizations, and other institutions.Merely advancing the measurable success of the Internet (e.g.,
deployment size, bandwidth, latency, number of users) is not an adequate
goal; doing so ignores how technology is so often used as a lever to
assert power over users, rather than empower them.Beyond fulfilling the IETF's mission, prioritizing end users can also
help to ensure the long-term health of the Internet and the IETF's
relevance to it. Perceptions of capture by vendors or other providers
harm both; the IETF's work will (deservedly) lose end users' trust if it
prioritizes (or is perceived to prioritize) others' interests over
them.Ultimately, the Internet will succeed or fail based upon the actions
of its end users, because they are the driving force behind its growth
to date. Not prioritizing them jeopardizes the network effect that the
Internet relies upon to provide so much value.How the IETF Can Prioritize End UsersThere are a few ways that the IAB believes the IETF community can
prioritize end users, based upon our observations. This
is not a complete list.Engaging the Internet CommunityThe IETF community does not have any unique insight into what is
"good for end users", and it is not uncommon for us to be at a further
disadvantage because of our close understanding of some -- but not all
-- aspects of the Internet.At the same time, we have a culture of considerable deference to
a broader "Internet community" -- roughly what this document calls end
users -- in our decision-making processes. Mere deference, however, is
not adequate; even with the best intentions, we cannot assume that our
experiences of the Internet are those of all of its end users or that
our decisions have a positive impact upon them.Therefore, we have not only a responsibility to analyze and
consider the impacts of the IETF's work, but also a responsibility to
consult with that greater Internet community. In particular, we should
do so when one of our decisions has a potential impact upon end
users.The IETF community faces significant hurdles in doing so. Our work
is specialized and often esoteric, and processes for developing
standards often involve very long timescales. Affected parties are
rarely technical experts, and they often base their understanding of the Internet
upon incomplete (and sometimes inaccurate) models. Often,
even when we try to engage a broader audience, their participation is
minimal -- until a change affects someone in a way they don't
like. Surprising the Internet community is rarely a good outcome.Government-sponsored individuals sometimes participate in the IETF
community. While this is welcome, it should not be taken as
automatically representative of end users elsewhere, or even all end
users in the relevant jurisdiction. Furthermore, what is desirable in
one jurisdiction (or at least to its administrators) might be
detrimental in others (see ).While some civil society organizations specialize in technology and
Internet policy, they rarely can
participate broadly, nor are they necessarily representative of the
larger Internet community. Nevertheless, their understanding of
end-user needs is often profound, and they are in many ways the
best-informed advocates for end-user concerns; they should be
considered a primary channel for engaging the broader Internet
community.A promising approach to help fill these gaps is to identify and
engage with specifically affected communities when making decisions
that might affect them, for example, one or more industry
associations, user groups, or a set of individuals, though we can't
formally ensure that they are appropriately representative.In doing so, we should not require them to "come to us"; unless a
stakeholder community is already engaged in the IETF process
effectively, the IETF community should explore how to meet with them
on their terms -- take the initiative to contact them, explain our
work, and solicit their feedback.In particular, while IAB workshops, BOFs, and Bar BOFs can be an
effective mechanism to gather input within our community, they rarely
have the visibility into other communities that is required to
solicit input, much less effective participation.Instead, an event like a workshop may be more effective if
co-located with -- and ideally hosted or co-hosted by -- a forum that's
familiar to that stakeholder community. We should also
raise the visibility of IETF work (or potential IETF
work) in such fora through conference talks, panels, newsletter
articles, etc.For example, the IAB ESCAPE workshop solicited input from Internet
publishers and advertisers about a proposal that might affect them.
While the workshop was considered successful,
participation might have been improved by identifying an appropriate
industry forum and working with them to host the event.When we engage with the Internet community, we should also clearly
identify tailored feedback mechanisms (e.g., subscribing to a mailing
list may not be appropriate) and assure that they are well known in
those communities.The Internet Society can be an invaluable partner in these efforts;
their focus on the Internet community, policy expertise, and resources
can help to facilitate discussions with the appropriate parties.Finally, we should remember that the RFC Series contains Requests For
Comments; if there are serious implications of our work, we should
document them and ask for feedback from the Internet community.Creating User-Focused SystemsWe should pay particular attention to the kinds of architectures we
create and whether they encourage or discourage an Internet that
works for end users.For example, one of the most successful Internet applications is
the Web, which uses the HTTP application protocol. One of HTTP's key
implementation roles is that of the web browser -- called the "user
agent" in and other
specifications.User agents act as intermediaries between a service and the end
user; rather than downloading an executable program from a service
that has arbitrary access into the users' system, the user agent only
allows limited access to display content and run code in a sandboxed
environment. End users are diverse and the ability of a few user
agents to represent individual interests properly is imperfect, but
this arrangement is an improvement over the alternative -- the need to
trust a website completely with all information on your system to
browse it.Defining the user agent role in standards also creates a virtuous
cycle; it allows multiple implementations, allowing end users
to switch between them with relatively low costs (although there are
concerns about the complexity of the Web creating barriers to entry
for new implementations). This creates an incentive for implementers
to consider the users' needs carefully, which are often reflected into
the defining standards. The resulting ecosystem has many
remaining problems, but a distinguished user agent role provides an
opportunity to improve it.In contrast, the Internet of Things (IoT) has not yet seen the
broad adoption of a similar role; many current systems require opaque,
vendor-specific software or hardware for the user-facing
component. Perhaps as a result of this, that ecosystem and its end
users face serious challenges.Identifying Negative End-User ImpactAt its best, our work will unambiguously build a better human
society. Sometimes, we will consciously be neutral and
open-ended, allowing the "tussle" among stakeholders to produce a
range of results (see for
further discussion).At the very least, however, we must examine our work for negative
impact on end users and take steps to mitigate it where
encountered. In particular, when we've identified a conflict between
the interests of end users and other stakeholders, we should err on
the side of protecting end users.Note that "negative impact on end users" is not defined in this
document; that is something that the relevant body (e.g., working
group) needs to discuss and come to consensus on. Merely asserting
that something is harmful is not adequate. The converse is also true,
though; it's not good practice to avoid identifying harms, nor is it
acceptable to ignore them when brought to our attention.The IAB and IETF have already established a body of guidance for
situations where this conflict is common, including (but not
limited to) on filtering,
and on pervasive surveillance, on host firewalls, and regarding privacy considerations.Much of that advice has focused on maintaining the end-to-end
properties of a connection . This does not mean that our responsibility to end
users stops there; decisions might affect them in other ways. For
example, data collection by various applications even inside otherwise
secure connections is a major problem on the Internet today. Also,
inappropriate concentration of power on the Internet has become a
concerning phenomenon -- one that protocol design might have some
influence upon.Handling Conflicting End-User NeedsWhen the needs of different end users conflict (for example, two
sets of end users both have reasonable desires), we again should try to
minimize negative impact.For example, when a decision improves the Internet for end users in
one jurisdiction, but at the cost of potential harm to others
elsewhere, that is not a good trade-off. As such, we design
the Internet for the pessimal environment; if a user can be harmed,
they probably will be, somewhere.There may be cases where genuine technical need requires
compromise. However, such trade-offs are carefully examined and avoided
when there are alternate means of achieving the desired goals. If they
cannot be, these choices and reasoning ought to be thoroughly
documented.Deprioritizing Internal NeedsThere are several needs that are very visible to us as
specification authors but should explicitly not be prioritized over
the needs of end users.These include convenience for document editors, IETF process
matters, and "architectural purity" for its own sake.IANA ConsiderationsThis document has no IANA actions.Security ConsiderationsThis document does not have any direct security impact; however,
failing to prioritize end users might well affect their security
negatively in the long term.Informative ReferencesHost SoftwareThe Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet ArchitectureIABThe end-to-end principle is the core architectural guideline of the Internet. In this document, we briefly examine the development of the end-to-end principle as it has been applied to the Internet architecture over the years. We discuss current trends in the evolution of the Internet architecture in relation to the end-to-end principle, and try to draw some conclusion about the evolution of the end-to-end principle, and thus for the Internet architecture which it supports, in light of these current trends. This memo provides information for the Internet community.A Mission Statement for the IETFThis memo gives a mission statement for the IETF, tries to define the terms used in the statement sufficiently to make the mission statement understandable and useful, argues why the IETF needs a mission statement, and tries to capture some of the debate that led to this point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Privacy Considerations for Internet ProtocolsThis document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content.Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and RoutingThe Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.Pervasive Monitoring Is an AttackPervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.Reflections on Host FirewallsIn today's Internet, the need for firewalls is generally accepted in the industry, and indeed firewalls are widely deployed in practice. Unlike traditional firewalls that protect network links, host firewalls run in end-user systems. Often the result is that software may be running and potentially consuming resources, but then communication is blocked by a host firewall. It's taken for granted that this end state is either desirable or the best that can be achieved in practice, rather than (for example) an end state where the relevant software is not running or is running in a way that would not result in unwanted communication. In this document, we explore the issues behind these assumptions and provide suggestions on improving the architecture going forward.Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem StatementSince the initial revelations of pervasive surveillance in 2013, several classes of attacks on Internet communications have been discovered. In this document, we develop a threat model that describes these attacks on Internet confidentiality. We assume an attacker that is interested in undetected, indiscriminate eavesdropping. The threat model is based on published, verified attacks.Technical Considerations for Internet Service Blocking and FilteringThe Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on "blocking" and "filtering", the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.Report from the IAB Workshop on Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE)The Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE) Workshop was convened by the Internet Architecture Board (IAB) in July 2019. This report summarizes its significant points of discussion and identifies topics that may warrant further consideration.Note that this document is a report on the proceedings of the workshop. The views and positions documented in this report are those of the workshop participants and do not necessarily reflect IAB views and positions.Tussle in Cyberspace: Defining Tomorrow's InternetMIT Lab for Computer ScienceMIT Lab for Computer ScienceMIT Lab for Computer ScienceUSC Information Sciences InstituteIAB Members at the Time of ApprovalInternet Architecture Board members at the time this document was approved
for publication were:
AcknowledgementsMany discussions influenced this document, both inside and
outside of the IETF and IAB. In particular, 's comments regarding the priority of end users at IETF 93 and
the HTML5 Priority of Constituencies were both influential.Many people gave feedback and input, including , ,
, , , , , , and .Author's AddressPrahranVICAustraliamnot@mnot.nethttps://www.mnot.net/