Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
At 04:24 PM 10/5/2009, Margaret Wasserman wrote: Do you know if the PGP signing (and taking the keys home) was legal when we did it in France? It is my understanding that there are (or were) French laws forbidding the export of crypto. However, I don't remember this being raised as a big concern when we held the IETF in Paris. http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/ http://rechten.uvt.nl/koops/cryptolaw/CLS2.HTM I do know that there were discussions about holding meetings in France prior to 1999 that ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
John, Dave, I disagree, at least slightly, but that is because I suffer from a concern --documented in a request for review and previous notes to this list-- that the IAOC/Trustees are _not_ doing their job, or at least the part of that job that requires keeping the community informed about the decisions they are making and the reasons for them. Speaking as myself. I think we have heard this message and we are working on improving communications. We have spent time to get all outstanding meetings done, we are now working on making minutes of new meetings more readable for somebody not present at the meeting. We also started to explicitly ask the community about choices we have to make for meetings, for example, Quebec vs. Vancouver or China or no China. BTW, we are still looking for a volunteer scribe for our meetings :-) Suppose he posted a list of questions to which he thought we should have answers before we put a meeting in any location that has a reputation (justified or not) for regulating the free flow of information, asked whether the IAOC had answers to those questions for a particular case, and, if they did, that they share those answers with the community? I think that would be reasonable and that the IAOC could reasonably respond to such a question by saying yes, similar questions were asked, we think the answers are reasonable, and the discussion is documented in the IAOC Minutes of Except that he did ask, hasn't gotten an answer like that and, by the way, there are no minutes of enough substance to be pointed to on that (or any other) issue. We have a long list with issues that we think should be settled before we decide to go there or not, and we are working on the document describing why we decided one way or another. Henk -- -- Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.xs4all.nl/~henku P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The NetherlandsThe NetherlandsMobile: +31.6.55861746 -- Belgium: an unsolvable problem, discussed in endless meetings, with no hope for a solution, where everybody still lives happily. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
Cullen, For purposes of discussion, one comment below and one addition to your list... --On Monday, October 05, 2009 11:07 -0600 Cullen Jennings flu...@cisco.com wrote: I have done a little digging around on the questions I asked and thought I might summarize some of the responses I got back to my email. ... 3) Are there any rules around discussion, publication, or export of of cryptography algorithms and technology? publishing weaknesses of national crypto algorithms? The advice I got was that unless we got a license if the IETF developed crypto in China and we exported it out, then this would be illegal in PRC. It was pointed out PRC is not part of Wassenaar Arrangement. I was advised our broadcasts of and export of minutes from meetings would be Deemed Export. It seems pretty hard to argue that the IETF does not develop any crypto. Has the IAOC received any legal advice on this? Another piece of this question is whether PGP (or CACert) key-signing activities, with signed private keys being taken out of the country afterwards, would violate any law or require a license. I had previously assumed that the answer would be no, but the answers you have given to this question, the P2PSIP/CA one, and maybe others, leads me to wonder a bit. 7) Would we be OK running a BOF on techniques for firewall advancement in general and in particular on getting around any firewalls China runs? [Seriously, you know someone will propose this BOF, the questions is could we run it or not?] Answer I got was discussion of security policies of PRC's firewall and methods to get around it would definitely not be OK to discuss. Two of the many problems would be: 1) this is defamatory towards the state agency that run the firewalls 2) this could be considered release of state secrets Answer seemed pretty solid that this topic was not one that most people would consider a really bad idea to discuss in PRC. Too many negatives in that sentence for me to parse. Did you mean was one that ...bad idea to discuss or ok to discuss? 10) If the meeting is canceled, will the IETF be reimbursing the registration fees? That question may have an answer under US or European law (and probably other places): if someone paid the registration fee for a meeting, and paid for non-refundable airline tickets, hotel room, etc., on the basis of a good-faith assumption that the meeting would be held, would he or she have the right to a reasonable expectation of recovering those costs if the meeting were called off? Called off on any basis other than what I believe some lawyers call an Act of God? If the IAOC has gotten legal advice on this --from the IAOC's point of view, IASA's liability to participants if a meeting were cancelled-- could that advice be shared. As an interesting side note, it seems that some people think that many of these things are officially illegal but they are fine to do anyway because other meetings are doing them etc. This is not a position I share and more importantly, it is not a position where I am willing to ask our WG Chairs, authors, and other volunteers to do something illegal because it will all be fine. Even if there are no short term consequences, I can imagine a case where 10 years later someone is seeking security clearance and this comes back to bite them. Concur For the record, I'm still generally in favor of a meeting in Beijing. But I agree with Cullen that answers to these types of questions should be extremely clear before a decision to go is made and that, if any of the answers are sub-optimal, that the IESG should make a formal decision, after reviewing community input, etc., as to whether they believe that a satisfactory meeting can be held in spite of them. And I believe we should hold any potential meeting site to those standards, i.e., that this is not about the PRC. john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
While I do think that the IAOC should be aware of the potential legal implications of where we hold our meetings, I wonder if we are treating China unfairly in this discussion... On Oct 5, 2009, at 2:30 PM, Cullen Jennings wrote: The PGP Key signing is a good question - I have no idea - it's certainly something we have done in the past but if it is not legal in the PRC, I could live with a meeting where we did not do any PGP key signing. It detracts a bit from the meeting but is not in what I consider the mediatory must have core of the meeting. Of course this would mean that a group of people that did not often travel out of the PRC would be missing a great opportunity to sign with a group of people outside of China which I view as one of the benefits of having a meeting in Beijing. Do you know if the PGP signing (and taking the keys home) was legal when we did it in France? It is my understanding that there are (or were) French laws forbidding the export of crypto. However, I don't remember this being raised as a big concern when we held the IETF in Paris. Did we hire a Swedish lawyer to determine if all of our planned activities were legal before going to Stockholm? Does anyone know what laws there are about public assembly and/or public discussion of political issues in Japan? I realize that there is a lot of concern about going to China, and some of it may be justified. But, we should also be careful that we don't end-up holding China to a higher standard than other countries that we visit. If we believe that we should only go to countries where a specific set of activities are legal, we should (IMO) itemize those activities and seek to determine that they are legal in all of our destination countries before we commit to going there. Perhaps this is something that we could expect our host to help us determine? Margaret ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
I have done a little digging around on the questions I asked and thought I might summarize some of the responses I got back to my email. More inline Note all the comments below do not refer to the Special Administrative Regions. I strongly support Ted's suggestion that running the meeting in one of theses zones would eliminate the concerns I have raised. On Sep 23, 2009, at 9:45 PM, Cullen Jennings (fluffy) wrote: IAOC, I'm trying to understand what is political speech in China. The Geopriv WG deals with protecting users' location privacy. The policies of more than one country have come up in geopriv meetings in very derogatory terms. There have been very derogatory comments made by people about the US's wiretap policy. Unless someone can point me at specifics of what is or is not OK, I would find this very concerning. We also regularly discuss issues around Taiwan/China, cryptography, wiretap, DNS root server location, reverse engineering, and so on. Clearly most the people involved with IETF would never want to break the laws of the country they are visiting but the question is do we actually understand the laws and what impact do they have on our technical work? To help us make informed decision about whether these terms are issues or not: 1) What is political speech in China? And can we explain that to IETF participants well enough that they know what is OK and what is not. Got a few reposes to this - none very solid but they seemed generally along the lines of If you are looking for something crisp, forget it 2) Are there any special rules about publishing and broadcasting? I note that the IETF, unlike most other groups having meetings, broadcasts the meetings live over the internet, which will be both publishing the material and exporting it outside of the PRC. Got answer from non legal person of yes you need a license for this but they could not point me to the actually regulations. Still hoping to get a better answer. Hs the IAOC got legal advice on this? 3) Are there any rules around discussion, publication, or export of of cryptography algorithms and technology? publishing weaknesses of national crypto algorithms? The advice I got was that unless we got a license if the IETF developed crypto in China and we exported it out, then this would be illegal in PRC. It was pointed out PRC is not part of Wassenaar Arrangement. I was advised our broadcasts of and export of minutes from meetings would be Deemed Export. It seems pretty hard to argue that the IETF does not develop any crypto. Has the IAOC received any legal advice on this? 4) Many of our participants use communications products (like jabber clients) that they helped develop and include strong cryptography. Do they need permission to use these in China? One person with what I view as a reasonable background in PRC law told me this would be illegal and violate State Council Order No. 273, Commercial Use Password Management Regulations among other things. The clarification letter does not seem to change this. It seems this would be illegal there without a license. Has the IAOC received legal advice on how this impacts us. 5) When discussing what I think of as technical issues, many participants regularly treat Taiwan and PRC as two different countries and currently recognize both of them as separate countries in their own right. I'd actually venture a guess that there is strong IETF consensus they should be treated this way. Could any discussions like this be viewed as political speech? What are the rules on this? Still gathering data on this one. If you know something, let me know. I heard a rumor that on our registration form, when we asked what country you are from, we would not be allowed to ask Taiwan or PRC. Does anyone know any truth value to this rumor? 6) It is not core to IETF work but some of us do some interop of running code for IETF protocols under development sometimes at IETF. This would be about the right timing for running P2PSIP code, but that requires us to to run a local CA. Is any special permission needed to run a CA in China? A license is needed to run a CA in PRC. What we normally do would be illegal there. 7) Would we be OK running a BOF on techniques for firewall advancement in general and in particular on getting around any firewalls China runs? [Seriously, you know someone will propose this BOF, the questions is could we run it or not?] Answer I got was discussion of security policies of PRC's firewall and methods to get around it would definitely not be OK to discuss. Two of the many problems would be: 1) this is defamatory towards the state agency that run the firewalls 2) this could be considered release of state secrets Answer seemed pretty solid that this topic was not one that most people would consider a really bad idea to discuss in PRC. 8) Given the Chairs for WG set the agendas and such, I
Re: [IAOC] Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
Cullen, I will only answer #5 here, since I am not a lawyer (the rest will have to wait for now): Most organizations, including the IETF, asks for ISO-3166 codes on the registration form. Not all those codes are necessarily countries by some other countries' definition, or even by the definition in that document. We are certainly allowed to ask where are you from and we even have a other field in case the pull-down is incomplete. This particular concern is not an issue. Public demonstrations regarding the underlying issues might be. Ole Ole J. Jacobsen Editor and Publisher, The Internet Protocol Journal Cisco Systems Tel: +1 408-527-8972 Mobile: +1 415-370-4628 E-mail: o...@cisco.com URL: http://www.cisco.com/ipj ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
Cullen Jennings wrote: I have done a little digging around on the questions I asked and thought I might summarize some of the responses I got back to my email. More inline Note all the comments below do not refer to the Special Administrative Regions. I strongly support Ted's suggestion that running the meeting in one of theses zones would eliminate the concerns I have raised. Cullen, At its base, your exercise seems to be an effort at doing the IAOC's job for it. It's their job to research venue details and make choices and to ensure the logistics for productive IETF meetings. The IETF as a body is not likely to become experts in the details of holding a meeting in China. Nor is it our job to. The IAOC came to us with a very specific question. To the extent we pursue other questions, we dilute the help we can give them to resolve this one, difficult issue that they've asked us about. By virtue of the public ruckus a debate on the IETF list can cause, it also could de-stabilize the considerable 10-year effort that has been put in, to get arrangements to their current point. It's not that suggesting paths for resolving the issue they raised is unproductive or inappropriate. It's that pursuing ancillary details, paths and issues is. The suggestion to have the meeting in a China SAR has already been made. Whether it can pragmatically resolve the issue we've been asked about is something the IAOC can juggle best. If the goal of your effort is to review and change IAOC responsibilities or procedures for site selection and event management, then that ought to be pursued independently of the China meeting discussion. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [IAOC] Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
And just to be 100% clear: Holding the meeting in Hong Kong is not an option for the current discussion. There is neither a host nor a venue available there for the time period in question. It is entirely possible, I will even go so far as to say probable, that we indeed WILL meet in Hong Kong some day, but that isn't what the current discussion is about. Ole Ole J. Jacobsen Editor and Publisher, The Internet Protocol Journal Cisco Systems Tel: +1 408-527-8972 Mobile: +1 415-370-4628 E-mail: o...@cisco.com URL: http://www.cisco.com/ipj ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
--On Monday, October 05, 2009 10:45 -0700 Dave CROCKER d...@dcrocker.net wrote: Cullen Jennings wrote: I have done a little digging around on the questions I asked and thought I might summarize some of the responses I got back to my email. More inline Note all the comments below do not refer to the Special Administrative Regions. I strongly support Ted's suggestion that running the meeting in one of theses zones would eliminate the concerns I have raised. Cullen, At its base, your exercise seems to be an effort at doing the IAOC's job for it. It's their job to research venue details and make choices and to ensure the logistics for productive IETF meetings. The IETF as a body is not likely to become experts in the details of holding a meeting in China. Nor is it our job to. The IAOC came to us with a very specific question. To the extent we pursue other questions, we dilute the help we can give them to resolve this one, difficult issue that they've asked us about. By virtue of the public ruckus a debate on the IETF list can cause, it also could de-stabilize the considerable 10-year effort that has been put in, to get arrangements to their current point. ... Dave, I disagree, at least slightly, but that is because I suffer from a concern --documented in a request for review and previous notes to this list-- that the IAOC/Trustees are _not_ doing their job, or at least the part of that job that requires keeping the community informed about the decisions they are making and the reasons for them. In Cullen's situation, I would have asked the questions a little differently. And I agree that he is trying to do their job for them, but, other than more requests for review that get responses that amount to things are Under Control and Just Fine, I don't know what else I would suggest that he do... and wonder what you would suggest. Suppose he posted a list of questions to which he thought we should have answers before we put a meeting in any location that has a reputation (justified or not) for regulating the free flow of information, asked whether the IAOC had answers to those questions for a particular case, and, if they did, that they share those answers with the community? I think that would be reasonable and that the IAOC could reasonably respond to such a question by saying yes, similar questions were asked, we think the answers are reasonable, and the discussion is documented in the IAOC Minutes of Except that he did ask, hasn't gotten an answer like that and, by the way, there are no minutes of enough substance to be pointed to on that (or any other) issue. What is to be done? john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Oct 5, 2009, at 11:53 AM, John C Klensin wrote: Cullen, For purposes of discussion, one comment below and one addition to your list... --On Monday, October 05, 2009 11:07 -0600 Cullen Jennings flu...@cisco.com wrote: I have done a little digging around on the questions I asked and thought I might summarize some of the responses I got back to my email. ... 3) Are there any rules around discussion, publication, or export of of cryptography algorithms and technology? publishing weaknesses of national crypto algorithms? The advice I got was that unless we got a license if the IETF developed crypto in China and we exported it out, then this would be illegal in PRC. It was pointed out PRC is not part of Wassenaar Arrangement. I was advised our broadcasts of and export of minutes from meetings would be Deemed Export. It seems pretty hard to argue that the IETF does not develop any crypto. Has the IAOC received any legal advice on this? Another piece of this question is whether PGP (or CACert) key-signing activities, with signed private keys being taken out of the country afterwards, would violate any law or require a license. I had previously assumed that the answer would be no, but the answers you have given to this question, the P2PSIP/CA one, and maybe others, leads me to wonder a bit. The PGP Key signing is a good question - I have no idea - it's certainly something we have done in the past but if it is not legal in the PRC, I could live with a meeting where we did not do any PGP key signing. It detracts a bit from the meeting but is not in what I consider the mediatory must have core of the meeting. Of course this would mean that a group of people that did not often travel out of the PRC would be missing a great opportunity to sign with a group of people outside of China which I view as one of the benefits of having a meeting in Beijing. 7) Would we be OK running a BOF on techniques for firewall advancement in general and in particular on getting around any firewalls China runs? [Seriously, you know someone will propose this BOF, the questions is could we run it or not?] Answer I got was discussion of security policies of PRC's firewall and methods to get around it would definitely not be OK to discuss. Two of the many problems would be: 1) this is defamatory towards the state agency that run the firewalls 2) this could be considered release of state secrets Answer seemed pretty solid that this topic was not one that most people would consider a really bad idea to discuss in PRC. Too many negatives in that sentence for me to parse. Did you mean was one that ...bad idea to discuss or ok to discuss? Oops - sorry. I meant to try and say, that most the people I had talked to advised me *not* to have any such discussion in PRC. 10) If the meeting is canceled, will the IETF be reimbursing the registration fees? That question may have an answer under US or European law (and probably other places): if someone paid the registration fee for a meeting, and paid for non-refundable airline tickets, hotel room, etc., on the basis of a good-faith assumption that the meeting would be held, would he or she have the right to a reasonable expectation of recovering those costs if the meeting were called off? Called off on any basis other than what I believe some lawyers call an Act of God? If the IAOC has gotten legal advice on this --from the IAOC's point of view, IASA's liability to participants if a meeting were cancelled-- could that advice be shared. As an interesting side note, it seems that some people think that many of these things are officially illegal but they are fine to do anyway because other meetings are doing them etc. This is not a position I share and more importantly, it is not a position where I am willing to ask our WG Chairs, authors, and other volunteers to do something illegal because it will all be fine. Even if there are no short term consequences, I can imagine a case where 10 years later someone is seeking security clearance and this comes back to bite them. Concur For the record, I'm still generally in favor of a meeting in Beijing. But I agree with Cullen that answers to these types of questions should be extremely clear before a decision to go is made and that, if any of the answers are sub-optimal, that the IESG should make a formal decision, after reviewing community input, etc., as to whether they believe that a satisfactory meeting can be held in spite of them. And I believe we should hold any potential meeting site to those standards, i.e., that this is not about the PRC. +1, and speaking of other countries, I also thing it is a very reasonable requirement that most of the participants can get a visa in a reasonable time. Not sure what the values of most and reasonable time are but I would say something like we only meet in countries where 95% of the participants can get a visa in under 4
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
John C Klensin wrote: Dave, I disagree, at least slightly, The last paragraph of my note covered agendas like yours: If the goal of your effort is to review and change IAOC responsibilities or procedures for site selection and event management, then that ought to be pursued independently of the China meeting discussion. What is to be done? Respect the goal of the original query. If you have a different goal, persue it separately. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [IAB] Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
--On Monday, October 05, 2009 12:30 -0600 Cullen Jennings flu...@cisco.com wrote: ... Another piece of this question is whether PGP (or CACert) key-signing activities, with signed private keys being taken out of the country afterwards, would violate any law or require a license. I had previously assumed that the answer would be no, but the answers you have given to this question, the P2PSIP/CA one, and maybe others, leads me to wonder a bit. The PGP Key signing is a good question - I have no idea - it's certainly something we have done in the past but if it is not legal in the PRC, I could live with a meeting where we did not do any PGP key signing. It detracts a bit from the meeting but is not in what I consider the mediatory must have core of the meeting. Of course this would mean that a group of people that did not often travel out of the PRC would be missing a great opportunity to sign with a group of people outside of China which I view as one of the benefits of having a meeting in Beijing. I am suggesting only that this is another question --perhaps on a par with some of your other ones and perhaps not-- where we need to know the answer for planning purposes. We might not need to know the answer in order to decide whether to hold a meeting or not, but would certainly want to know before we started scheduling. In principle, I believe that, if there are other strong reasons for holding a meeting in a particular place, we might be able to live without holding meetings of one or two WGs (e.g., by forcing them into interim meetings at some other time and place), so the issues are not all that different. ... Answer seemed pretty solid that this topic was not one that most people would consider a really bad idea to discuss in PRC. Too many negatives in that sentence for me to parse. Did you mean was one that ...bad idea to discuss or ok to discuss? Oops - sorry. I meant to try and say, that most the people I had talked to advised me *not* to have any such discussion in PRC. Ack. Thanks. Again, just wanted to understand what you were reporting. ... For the record, I'm still generally in favor of a meeting in Beijing. But I agree with Cullen that answers to these types of questions should be extremely clear before a decision to go is made and that, if any of the answers are sub-optimal, that the IESG should make a formal decision, after reviewing community input, etc., as to whether they believe that a satisfactory meeting can be held in spite of them. And I believe we should hold any potential meeting site to those standards, i.e., that this is not about the PRC. +1, and speaking of other countries, I also thing it is a very reasonable requirement that most of the participants can get a visa in a reasonable time. Not sure what the values of most and reasonable time are but I would say something like we only meet in countries where 95% of the participants can get a visa in under 4 months. FWIW, I believe the PRC meets that requirement. It is not clear that the US would if it were not the case that a significant fraction of our participants are either US citizens, US permanent residents, or qualify for some sort of visa waiver program. If you looked only at how long it takes for someone who needs a visa to get one, I believe the answer for China would be well over 95% in under four months and that that answer for the US would be, at best, unclear. john john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [IAOC] Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Mon, Oct 05, 2009 at 10:42:44AM -0700, Ole Jacobsen wrote: I will only answer #5 here, since I am not a lawyer (the rest will have to wait for now): I would hope the IAOC would see fit get formal legal advice on the various issues which Cullen has raised before green-lighting an IETF meeting in the PRC. (Especially since his further research seems to show that they are indeed may be some real problems!) Is that a reasonable expectation? - Ted ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Oct 5, 2009, at 11:45 AM, Dave CROCKER wrote: At its base, your exercise seems to be an effort at doing the IAOC's job for it. It's their job to research venue details and make choices and to ensure the logistics for productive IETF meetings. The IETF as a body is not likely to become experts in the details of holding a meeting in China. Well it sounds like we both agree that it is the IAOC job to make sure they have answers to the questions I am raising before making a decision. I asked about legalities of discussing crypto a few years ago when this China meeting was raised to IESG. I did not get an answer. I asked about it around the time of the Stockholm meeting and got no answer. I am asking publicly on the IETF list when the topic finally got brought to a public list. I think it is a reasonable question. I'm not asking about if someone stands up at a plenary and asked some questions that is totally tangental to the IETF. I am asking about the legality of discussions we regularly have to produce the type of things that we have put in RFCs. If the IAOC was telling me, yep, we contacted these lawyers in PRC and here is what they told us, we think we can run a normal IETF discussion in PRC then I'd feel like they looked at this and it is all fine. I do understand the IAOC is a thankless job where arm chair experts complain about everything you do on the IETF list. (I'm sort of familiar with a job that is similar to that). ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
Cullen Jennings wrote: Well it sounds like we both agree that it is the IAOC job to make sure they have answers to the questions I am raising before making a decision. We are seeing a solid pattern to suggest that U.S. reading skills have declined seriously. I neither expressed nor implied any opinion at all about your questions, except that they are out of scope for the query being made by the IAOC and that any pursuit of your questions ought to be done *separately*. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Oct 5, 2009, at 1:28 PM, Dave CROCKER wrote: Cullen Jennings wrote: Well it sounds like we both agree that it is the IAOC job to make sure they have answers to the questions I am raising before making a decision. We are seeing a solid pattern to suggest that U.S. reading skills have declined seriously. Sorry but I'm Canadian, Eh, so don't blame the US. Besides, as Spencer correctly points out, my writing is worse than many ESL people. I neither expressed nor implied any opinion at all about your questions, except that they are out of scope for the query being made by the IAOC and that any pursuit of your questions ought to be done *separately*. By separately you mean doing something like changing the subject line? But on to the serious answer As an IESG member, I was aware the IAOC was considering a meeting in China before the IAOC announced it on a public list. I felt that I should not discuss it as an individual contributor on a a public list until the IAOC made the topic public. To my knowledge this query from the IAOC was the first time it had been made public so I brought up the issues at the first point in time available. I'm not sure what else you would have suggested I do to ask for information that I think is important. The question from the IAOC, as far as I can read it, asks if we are OK with having the meeting be canceled for everyone if one person discuss various under specified things that includes topics that are illegal in China. It seems to me the questions of if our normal discussions are illegal or not is very relevant to making that decision. d/ ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Mon, 5 Oct 2009, Cullen Jennings wrote: On Oct 5, 2009, at 11:45 AM, Dave CROCKER wrote: At its base, your exercise seems to be an effort at doing the IAOC's job for it. It's their job to research venue details and make choices and to ensure the logistics for productive IETF meetings. The IETF as a body is not likely to become experts in the details of holding a meeting in China. Well it sounds like we both agree that it is the IAOC job to make sure they have answers to the questions I am raising before making a decision. I asked about legalities of discussing crypto a few years ago when this China meeting was raised to IESG. I did not get an answer. I asked about it around the time of the Stockholm meeting and got no answer. I am asking publicly on the IETF list when the topic finally got brought to a public list. I think it is a reasonable question. So do I. While it is certainly the IAOC's job to reserach possible venues and select a meeting location, many of us have jobs which require knowing the answers to some of the questions you've raised. For example... I co-chair a working group which is responsible for a cryptographic authentication protocol. If it is not legal to discuss and develop cryptographic algorithms and protocols in the PRC, or to export the results of such work, then my working group cannot usefully meet there, regardless of what the IAOC decides about the IETF as a whole being able to meet. I also normally organize PGP key-signing sessions at IETF meetings. If the operation of a CA or other cryptographic signing service requires a license in the PRC, then we may not be able to hold such a session, or it may require a special license. I consider it entirely appropriate for me in my role as a working group chair, or Cullen in his role as an AD, to ask that the IAOC obtain answers to these questions from competent experts, such as legal counsel familiar with PRC law. Finally, I would note that I am all for appointing people to positions of responsibility, putting appropriate checks and appeal and recall mechanisms in place, and them letting them go about doing their jobs. However, in this instance, the IAOC _asked_ for community input, so it seems silly to object to someone providing such input on the grounds that they are doing the IAOC's job for it. -- Jeff ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: [IAOC] Legality of IETF meetings in PRC. Was: Re: Request for community guidance on issue concerning a futuremeetingof the IETF
On Oct 5, 2009, at 7:03 PM, Jeffrey Hutzelman wrote: On Mon, 5 Oct 2009, Cullen Jennings wrote: On Oct 5, 2009, at 11:45 AM, Dave CROCKER wrote: At its base, your exercise seems to be an effort at doing the IAOC's job for it. It's their job to research venue details and make choices and to ensure the logistics for productive IETF meetings. The IETF as a body is not likely to become experts in the details of holding a meeting in China. Well it sounds like we both agree that it is the IAOC job to make sure they have answers to the questions I am raising before making a decision. I asked about legalities of discussing crypto a few years ago when this China meeting was raised to IESG. I did not get an answer. I asked about it around the time of the Stockholm meeting and got no answer. I am asking publicly on the IETF list when the topic finally got brought to a public list. I think it is a reasonable question. So do I. While it is certainly the IAOC's job to reserach possible venues and select a meeting location, many of us have jobs which require knowing the answers to some of the questions you've raised. For example... I co-chair a working group which is responsible for a cryptographic authentication protocol. If it is not legal to discuss and develop cryptographic algorithms and protocols in the PRC, or to export the results of such work, then my working group cannot usefully meet there, regardless of what the IAOC decides about the IETF as a whole being able to meet. I also normally organize PGP key-signing sessions at IETF meetings. If the operation of a CA or other cryptographic signing service requires a license in the PRC, then we may not be able to hold such a session, or it may require a special license. I consider it entirely appropriate for me in my role as a working group chair, or Cullen in his role as an AD, to ask that the IAOC obtain answers to these questions from competent experts, such as legal counsel familiar with PRC law. Finally, I would note that I am all for appointing people to positions of responsibility, putting appropriate checks and appeal and recall mechanisms in place, and them letting them go about doing their jobs. However, in this instance, the IAOC _asked_ for community input, so it seems silly to object to someone providing such input on the grounds that they are doing the IAOC's job for it. I would just note that no one on the IAOC has objected to this. I, for one, find all of this discussion useful and enlightening. Regards Marshall -- Jeff ___ IAOC mailing list i...@ietf.org https://www.ietf.org/mailman/listinfo/iaoc ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf