This document requires that Internet Standards consider end users as their highest priority concern.
The issues list for this draft can be found at https://github.com/mnot/I-D/labels/for-the-users.
The most recent (often, unpublished) draft is at https://mnot.github.io/I-D/for-the-users/.
Recent changes are listed at https://github.com/mnot/I-D/commits/gh-pages/for-the-users.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress”.
This Internet-Draft will expire on September 29, 2017.
Copyright © 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The IETF, while focused on technical matters, is not neutral about the purpose of its work in developing the Internet [RFC3935]:
- The IETF community wants the Internet to succeed because we believe that the existence of the Internet, and its influence on economics, communication, and education, will help us to build a better human society.
However, the IETF is most comfortable making what we believe to be purely technical decisions; our process is defined to favor technical merit, through our well-known bias towards “rough consensus and running code”.
Nevertheless, the running code that results from our process (when things work well) inevitably has an impact beyond technical considerations, because the underlying decisions afford some uses, while discouraging others; while we believe we are making purely technical decisions, in reality that may not be possible. Or, in the words of Lawrence Lessig [CODELAW]:
- Ours is the age of cyberspace. It, too, has a regulator… This regulator is code — the software and hardware that make cyberspace as it is. This code, or architecture, sets the terms on which life in cyberspace is experienced. It determines how easy it is to protect privacy, or how easy it is to censor speech. It determines whether access to information is general or whether information is zoned. It affects who sees what, or what is monitored. In a host of ways that one cannot begin to see unless one begins to understand the nature of this code, the code of cyberspace regulates.
This impact has become significant. As the Internet increasingly mediates key functions in societies, it has unavoidably become profoundly political; it has helped people overthrow throw governments and revolutionize social orders, control populations and reveal secrets. It has created wealth for some individuals and companies, while destroying others’.
All of this raises the question: Who do we go through the pain of rough consensus and write that running code for?
There are a variety of identifiable parties in the larger Internet community that standards can provide benefit to, such as (but not limited to) end users, network operators, schools, equipment vendors, specification authors, specification implementers, content owners, governments, non-governmental organisations, social movements, employers, and parents.
Successful specifications will provide some benefit to all of the relevant parties, because standards do not represent a zero-sum game. However, there are often situations where we need to balance the benefits of a decision between two (or more) parties.
To help clarify such decisions, Section 2 mandates that end users have the highest priority.
Doing so helps the IETF achieve its mission, and also helps to assure the long-term health of the Internet. By prioritising the concerns of end users, we assure that it reaches the greatest number of people, thereby delivering greater utility by maximising its network effect.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].
Internet standards MUST consider the end users of the Internet to have priority over every other party.
While networks need to be managed, employers and equipment vendors need to meet business goals, and so on, the IETF’s mission is to “build a better human society” [RFC3935] and – on the Internet – society is composed of what we call “end users.”
By “end users”, we mean non-technical users whose activities our protocols are designed to support. Thus, the end user of a protocol to manage routers is not a router administrator; it is the people using the network that the router operates within.
This does not mean that the IETF community has any specific insight into what is “good for end users”; as always, we will need to interact with the greater Internet community and apply our process to help us make decisions, deploy our protocols, and ultimately determine their success or failure.
It does mean that when a proposed solution to a problem has a benefit to some other party at the identified expense of end users, we will find a different solution or find another way to frame the problem.
There may be cases where genuine technical need requires compromise. However, such tradeoffs need to be carefully examined, and avoided when there are alternate means of achieving the desired goals. If they cannot be, these choices and reasoning SHOULD be carefully documented.
For example, IPv6 [RFC2460] identifies each client with a unique address – even though this provides a way to track end user activity and helps identify them – because it is technically necessary to provide networking (and despite this, there are mechanisms like [RFC4941] to mitigate this effect, for those users who desire it).
Finally, this requirement only comes into force when an explicit conflict between the interests of end users and other relevant parties is encountered (e.g., by being brought up in the Working Group). It does not imply that a standards effort needs to be audited for user impact, or every decision weighed against end user interests.
This document does not require action by IANA.
This document does not have direct security impact; however, failing to apply it might affect security negatively in the long term.
5.1 Normative References
- Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
5.2 Informative References
- Lessig, L., “Code Is Law: On Liberty in Cyberspace”, 2000, <http://harvardmagazine.com/2000/01/code-is-law-html>.
- Deering, S. and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification”, RFC 2460, DOI 10.17487/RFC2460, December 1998, <http://www.rfc-editor.org/info/rfc2460>.
- Alvestrand, H., “A Mission Statement for the IETF”, BCP 95, RFC 3935, DOI 10.17487/RFC3935, October 2004, <http://www.rfc-editor.org/info/rfc3935>.
- Narten, T., Draves, R., and S. Krishnan, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”, RFC 4941, DOI 10.17487/RFC4941, September 2007, <http://www.rfc-editor.org/info/rfc4941>.
- Resnick, P., “On Consensus and Humming in the IETF”, RFC 7282, DOI 10.17487/RFC7282, June 2014, <http://www.rfc-editor.org/info/rfc7282>.
Thanks to Edward Snowden for his comments regarding the priority of end users at IETF93.
Thanks to Harald Alvestrand for his substantial feedback and Stephen Farrell, Joe Hildebrand, Russ Housley, Niels ten Oever, and Martin Thomson for their suggestions.
The most noticeable thing that this document changes is a situation where a proposal is made to do something that disadvantages end users, for the benefit of another party (e.g., network operators).
If the Working Group reaches consensus (even rough, as per [RFC7282]) that this is the case, then there is no need for debate about whose interests are most important; it has been made clear. Instead, the Working Group can go on to finding other solutions that don’t disadvantage end users, or (if need be) document why there is no other choice.
Such documentation might already be required; e.g., as part of Security Considerations.