RFC 8280
Research into Human Rights Protocol Considerations
7. Security Considerations
As this document discusses research, there are no security considerations.8. IANA Considerations
This document does not require any IANA actions.
9. Research Group Information
The discussion list for the IRTF Human Rights Protocol Considerations Research Group is located at the email address <hrpc@ietf.org>. Information on the group and information on how to subscribe to the list are provided at <https://www.irtf.org/mailman/listinfo/hrpc>. Archives of the list can be found at <https://www.irtf.org/mail-archive/web/hrpc/current/index.html>.10. Informative References
[Ababil] Danchev, D., "Dissecting 'Operation Ababil' - an OSINT Analysis", September 2012, <http://ddanchev.blogspot.be/ 2012/09/dissecting-operation-ababil-osint.html>. [Abbate] Abbate, J., "Inventing the Internet", MIT Press, 2000, <https://mitpress.mit.edu/books/inventing-internet>. [Adrian] Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J., Heninger, N., Springall, D., Thome, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Beguelin, S., and P. Zimmermann, "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice", Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5-17, DOI 10.1145/2810103.2813707, October 2015. [Alshalan-etal] Alshalan, A., Pisharody, S., and D. Huang, "A Survey of Mobile VPN Technologies", IEEE Communications Surveys & Tutorials, Volume 18, Issue 2, pp. 1177-1196, DOI 10.1109/COMST.2015.2496624, 2016, <http://ieeexplore.ieee.org/ document/7314859/?arnumber=7314859>. [APIP] Naylor, D., Mukerjee, M., and P. Steenkiste, "Balancing accountability and privacy in the network", SIGCOMM '14, Proceedings of the 2014 ACM Conference on SIGCOMM, pp. 75-86, DOI 10.1145/2740070.2626306, October 2014, <https://dl.acm.org/citation.cfm?id=2626306>. [Appelbaum] Appelbaum, J., Gibson, A., Goetz, J., Kabisch, V., Kampf, L., and L. Ryge, "NSA targets the privacy-conscious", 2014, <http://daserste.ndr.de/panorama/aktuell/ nsa230_page-1.html>.
[ars] Anderson, N., "P2P researchers: use a blocklist or you will be tracked... 100% of the time", October 2007, <http://arstechnica.com/uncategorized/2007/10/ p2p-researchers-use-a-blocklist-or-you-will-be-tracked- 100-of-the-time/>. [Aryan-etal] Aryan, S., Aryan, H., and J. Alex Halderman, "Internet Censorship in Iran: A First Look", 2013, <https://jhalderm.com/pub/papers/iran-foci13.pdf>. [Babbie] Babbie, E., "The Basics of Social Research", Cengage, Belmont, CA, 2017. [BBC-wikileaks] BBC, "Whistle-blower site taken offline", February 2008, <http://news.bbc.co.uk/2/hi/technology/7250916.stm>. [BCP72] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003, <https://www.rfc-editor.org/info/bcp72>. [Benkler] Benkler, Y., "The Wealth of Networks - How Social Production Transforms Markets and Freedom", Yale University Press, New Haven and London, 2006, <http://is.gd/rxUpTQ>. [Berners-Lee] Berners-Lee, T. and M. Fischetti, "Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web", HarperCollins, p. 208, 1999. [BernersLeeHalpin] Berners-Lee, T. and H. Halpin, "Internet Access is a Human Right", 2012, <http://www.ibiblio.org/hhalpin/homepage/ publications/def-timbl-halpin.pdf>. [Bhargavan] Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., and P. Strub, "Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS", 2014 IEEE Symposium on Security and Privacy, pp. 98-113, DOI 10.1109/SP.2014.14, May 2014. [Bitmessage] Bitmessage, "Bitmessage Wiki", March 2017, <https://bitmessage.org/wiki/Main_Page>.
[Bless1] Orwat, C. and R. Bless, "Values and Networks - Steps Toward Exploring their Relationships", ACM SIGCOMM Computer Communication Review, Volume 46, Number 2, pp. 25-31, DOI 10.1145/2935634.2935640, April 2016, <http://www.sigcomm.org/sites/default/files/ccr/ papers/2016/April/0000000-0000003.pdf>. [Bless2] Bless, R. and C. Orwat, "Values and Networks", July 2015, <https://www.ietf.org/proceedings/93/slides/ slides-93-hrpc-2.pdf>. [Broeders] Broeders, D., "The public core of the Internet. An international agenda for Internet governance", The Netherlands Scientific Council for Government Policy (WRR) Report No. 94 (under "Reports to the government"), 2015, <https://english.wrr.nl/publications/reports/2015/10/01/ the-public-core-of-the-internet> [Brown] Ziewitz, M. and I. Brown, Ed., "A Prehistory of Internet Governance", Research Handbook on Governance of the Internet, Part 1, Chapter 1 (pp. 3-26), Edward Elgar Publishing Ltd, Cheltenham, DOI 10.4337/9781849805049, 2013. [Brown-etal] Brown, I., Clark, D., and D. Trossen, "Should Specific Values Be Embedded In The Internet Architecture?", ReARCH '10, Proceedings of the Re-Architecting the Internet Workshop, Article No. 10, DOI 10.1145/1921233.1921246, November 2010, <http://conferences.sigcomm.org/co-next/2010/Workshops/ REARCH/ReArch_papers/10-Brown.pdf>. [BrownMarsden] Brown, I. and C. Marsden, "Regulating Code: Good Governance and Better Regulation in the Information Age", MIT Press, 2013, <https://mitpress.mit.edu/books/regulating-code>. [CAIDA] Dainotti, A., Squarcella, C., Aben, E., Claffy, K., Chiesa, M., Russo, M., and A. Pescape, "Analysis of Country-wide Internet Outages Caused by Censorship", DOI 10.1109/TNET.2013.2291244, December 2013, <http://www.caida.org/publications/papers/2014/ outages_censorship/outages_censorship.pdf>.
[Cath] Cath, C., "A Case Study of Coding Rights: Should Freedom of Speech Be Instantiated in the Protocols and Standards Designed by the Internet Engineering Task Force?", August 2015, <https://www.ietf.org/mail-archive/web/ hrpc/current/pdf36GrmRM84S.pdf>. [CathFloridi] Cath, C. and L. Floridi, "The Design of the Internet's Architecture by the Internet Engineering Task Force (IETF) and Human Rights", April 2017. [Clark] Clark, D., "The Design Philosophy of the DARPA Internet Protocols", SIGCOMM '88, Proceedings of the ACM CCR, Volume 18, Number 4, pp. 106-114, DOI 10.1145/52324.52336, August 1988. [Clark-etal] Clark, D., Wroclawski, J., Sollins, K., and R. Braden, "Tussle in cyberspace: defining tomorrow's Internet", IEEE/ACM Transactions on Networking (TON) archive, Volume 13, Issue 3, pp. 462-475, DOI 10.1109/TNET.2005.850224, June 2005, <https://dl.acm.org/citation.cfm?id=1074049>. [CoE] Council of Europe, "Applications to ICANN for Community- based New Generic Top Level Domains (gTLDs): Opportunities and challenges from a human rights perspective", 2016, <https://rm.coe.int/CoERMPublicCommonSearchServices/ DisplayDCTMContent?documentId=09000016806b5a14>. [Collins] Collins, K., "Hacking Team's oppressive regimes customer list revealed in hack", July 2015, <http://www.wired.co.uk/news/archive/2015-07/06/ hacking-team-spyware-company-hacked>. [Davidson-etal] Davidson, A., Morris, J., and R. Courtney, "Strangers in a Strange Land: Public Interest Advocacy and Internet Standards", Telecommunications Policy Research Conference, Alexandria, VA, September 2002, <https://www.cdt.org/files/publications/piais.pdf>. [DeNardis14] DeNardis, L., "The Global War for Internet Governance", Yale University Press, 2014, <https://www.jstor.org/stable/j.ctt5vkz4n>.
[DeNardis15] DeNardis, L., "The Internet Design Tension between Surveillance and Security", IEEE Annals of the History of Computing, Volume 37, Issue 2, DOI 10.1109/MAHC.2015.29, 2015, <http://is.gd/7GAnFy>. [Denzin] Denzin, N., Ed., and Y. Lincoln, Ed., "The SAGE Handbook of Qualitative Research", SAGE Handbooks, Thousand Oaks, CA, 2011, <http://www.amazon.com/ SAGE-Handbook-Qualitative-Research-Handbooks/ dp/1412974178>. [dict] BusinessDictionary.com, "Reliability (dictionary entry)", WebFinance, Inc., 2017, <http://www.businessdictionary.com/ definition/reliability.html>. [Doty] Doty, N., "Automated text analysis of Requests for Comment (RFCs)", 2014, <https://github.com/npdoty/rfc-analysis>. [Douceur] Douceur, J., "The Sybil Attack", 2002, <https://www.microsoft.com/en-us/research/wp-content/ uploads/2002/01/IPTPS2002.pdf>. [Dutton] Dutton, W., Dopatka, A., Law, G., and V. Nash, "Freedom of Connection, Freedom of Expression: The Changing Legal and Regulatory Ecology Shaping the Internet", 2011, <http://www.unesco.org/new/en/communication-and- information/resources/publications-and-communication- materials/publications/full-list/freedom-of-connection- freedom-of-expression-the-changing-legal-and-regulatory- ecology-shaping-the-internet/>. [Farrow] Farrow, R., "Source Address Spoofing", 2016, <https://technet.microsoft.com/library/cc723706.aspx>. [FIArch] "Future Internet Design Principles", January 2012, <http://www.future-internet.eu/uploads/media/ FIArch_Design_Principles_V1.0.pdf>. [FOC] Ministers of the Freedom Online Coalition, "The Tallinn Agenda - Recommendations for Freedom Online", 2014, <https://www.freedomonlinecoalition.com/wp-content/ uploads/2014/04/FOC-recommendations-consensus.pdf>.
[FRAMEWORK] ISO/IEC, "Information technology - Framework for internationalization", prepared by ISO/IEC JTC 1/SC 22/WG 20 ISO/IEC TR 11017, 1998. [Franklin] Franklin, U., "The Real World of Technology", June 1999, <http://houseofanansi.com/products/ the-real-world-of-technology-digital>. [freenet1] Freenet, "What is Freenet?", n.d., <https://freenetproject.org/whatis.html>. [freenet2] Clarke, I., "The Philosophy behind Freenet", n.d., <https://freenetproject.org/pages/about.html>. [geekfeminism] Geek Feminism Wiki, "Pseudonymity", 2015, <http://geekfeminism.wikia.com/wiki/Pseudonymity>. [Geertz] Geertz, H. and C. Geertz, "Kinship in Bali", University of Chicago Press, Chicago, 1975, <http://press.uchicago.edu/ucp/books/book/chicago/K/ bo25832222.html>. [Googlepatent] Google, "Method and device for network traffic manipulation", 2012, <https://www.google.com/patents/EP2601774A1?cl=en>. [greatfirewall] Anonymous, "Towards a Comprehensive Picture of the Great Firewall's DNS Censorship", 4th USENIX Workshop on Free and Open Communications on the Internet (FOCI) '14, August 2014, <https://www.usenix.org/system/files/ conference/foci14/foci14-anonymous.pdf>. [GreenMovement] Villeneuve, N., "Iran DDoS", 2009, <https://www.nartv.org/2009/06/16/iran-ddos/>. [Greenwald] Greenwald, G., "XKeyscore: NSA tool collects 'nearly everything a user does on the internet'", July 2013, <https://www.theguardian.com/world/2013/jul/31/ nsa-top-secret-program-online-data>.
[Haagsma] Haagsma, L., "Deep dive into QUANTUM INSERT", April 2015, <http://blog.fox-it.com/2015/04/20/ deep-dive-into-quantum-insert/>. [Hall] Hall, J., Aaron, M., Jones, B., and N. Feamster, "A Survey of Worldwide Censorship Techniques", Work in Progress, draft-hall-censorship-tech-04, July 2016. [Hill2014] Hill, R., "Partial Catalog of Human Rights Related to ICT Activities", May 2014, <http://www.apig.ch/UNIGE%20Catalog.pdf>. [HORNET] Chen, C., Asoni, D., Barrera, D., Danezis, G., and A. Perrig, "HORNET: High-speed Onion Routing at the Network Layer", CCS '15, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1441-1454, DOI 10.1145/2810103.2813628, October 2015, <https://dl.acm.org/citation.cfm?id=2813628>. [HTML5] Hickson, I., Ed., Berjon, R., Ed., Faulkner, S., Ed., Leithead, T., Ed., Navara, E., Ed., O'Connor, E., Ed., and S. Pfeiffer, Ed., "HTML5", W3C Recommendation, October 2014, <https://www.w3.org/TR/html5/>. [ICCPR] United Nations General Assembly, "International Covenant on Civil and Political Rights", 1966, <http://www.ohchr.org/EN/ProfessionalInterest/Pages/ CCPR.aspx>. [ICESCR] United Nations General Assembly, "International Covenant on Economic, Social and Cultural Rights", 1966, <http://www.ohchr.org/EN/ProfessionalInterest/Pages/ CESCR.aspx>. [Insinuator] Schiess, N., "Vulnerabilities & attack vectors of VPNs (Pt 1)", August 2013, <https://www.insinuator.net/2013/08/ vulnerabilities-attack-vectors-of-vpns-pt-1/>. [IRP] Internet Rights and Principles Dynamic Coalition, "10 Internet Rights & Principles", 2017, <http://internetrightsandprinciples.org/site/campaign/>. [Jabri] Jabri, V., "Discourses on violence: conflict analysis reconsidered", Manchester University Press, 1996.
[Kaye] Kaye, D., "Freedom of expression and the private sector in the digital age", 2016, <http://www.ohchr.org/EN/Issues/ FreedomOpinion/Pages/Privatesectorinthedigitalage.aspx>. [King] King, C., "Power, Social Violence and Civil Wars", Chapter 8 of "Leashing the Dogs of War: Conflict Management in a Divided World", United States Institute of Peace Press, Washington, D.C., 2007. [Lessig] Lessig, L., "Code and Other Laws of Cyberspace, Version 2.0 ('Codev2')", Basic Books, New York, 2006, <http://codev2.cc/>. [Marcak] Marcak, B., Weaver, N., Dalek, J., Ensafi, R., Fifield, D., McKune, S., Rey, A., Scott-Railton, J., Deibert, R., and V. Paxson, "China's Great Cannon", April 2015, <https://citizenlab.org/2015/04/chinas-great-cannon/>. [Marquis-Boire] Marquis-Boire, M., "Schrodinger's Cat Video and the Death of Clear-Text", August 2014, <https://citizenlab.org/ 2014/08/cat-video-and-the-death-of-clear-text/>. [Meyer] Meyer, J., "Defining and Evaluating Resilience: A Performability Perspective", presentation at International Workshop on Performability Modeling of Computer and Communication Systems, September 2009. [Mueller] Mueller, M., "Networks and States: The Global Politics of Internet Governance", MIT Press, DOI 10.7551/mitpress/9780262014595.001.0001, 2010, <https://mitpress.mit.edu/books/networks-and-states>. [Musiani] Musiani, F., "Giants, Dwarfs and Decentralized Alternatives to Internet-based Services: An Issue of Internet Governance", Westminster Papers in Communication and Culture, 10(1), pp. 81-94, DOI 10.16997/wpcc.214, 2015, <https://www.westminsterpapers.org/ articles/10.16997/wpcc.214/>. [Namecoin] Namecoin, "Namecoin", 2015, <https://namecoin.info/>.
[NATusage] Maier, G., Schneider, F., and A. Feldmann, "NAT usage in Residential Broadband networks", PAM: International Conference on Passive and Active Network Measurement Lecture Notes in Computer Science, Volume 6579, Springer, Berlin and Heidelberg, DOI 10.1007/978-3-642-19260-9_4, 2011, <http://www.icsi.berkeley.edu/pubs/networking/ NATusage11.pdf>. [NETmundial] NETmundial, "NETmundial Multistakeholder Statement", April 2014, <http://netmundial.br/wp-content/ uploads/2014/04/NETmundial-Multistakeholder-Document.pdf>. [Newegg] Mullin, J., "Newegg on trial: Mystery company TQP rewrites the history of encryption", November 2013, <http://arstechnica.com/tech-policy/2013/11/newegg-on- trial-mystery-company-tqp-re-writes-the-history-of- encryption/>. [notewell] IETF, "Note Well", 2015, <https://www.ietf.org/about/note-well.html>. [patentpolicy] Weitzner, D., Ed., "W3C Patent Policy", World Wide Web Consortium, February 2004, <https://www.w3.org/Consortium/Patent-Policy-20040205/>. [Penney] Penney, J., "Chilling Effects: Online Surveillance and Wikipedia Use", 2016, <http://papers.ssrn.com/sol3/ papers.cfm?abstract_id=2769645>. [Peterson] Peterson, A., Gellman, B., and A. Soltani, "Yahoo to make SSL encryption the default for Webmail users. Finally.", October 2013, <https://www.washingtonpost.com/ news/the-switch/wp/2013/10/14/ yahoo-to-make-ssl-encryption-the-default- for-webmail-users-finally/?utm_term=.a17eca45ddfe>. [PETS2015VPN] Perta, V., Barbera, M., Tyson, G., Haddadi, H., and A. Mei, "A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients", DOI 10.1515/popets-2015-0006, 2015, <http://www.eecs.qmul.ac.uk/~hamed/papers/ PETS2015VPN.pdf>.
[Pidgin] js and Pidgin Developers, "[XMPP] Invisible mode violating standard", 2007, <https://developer.pidgin.im/ticket/4322>. [Pouwelse] Pouwelse, J., Ed., "Media without censorship (CensorFree) scenarios", Work in Progress, draft-pouwelse-censorfree- scenarios-02, October 2012. [Rachovitsa] Rachovitsa, A., "Engineering and lawyering privacy by design: understanding online privacy both as a technical and an international human rights issue", International Journal of Law and Information Technology, Volume 24, Issue 4, pp. 374-399, DOI 10.1093/ijlit/eaw012, December 2016, <https://academic.oup.com/ijlit/ article/24/4/374/2566975/ Engineering-and-lawyering-privacy-by-design>. [RFC760] Postel, J., "DoD standard Internet Protocol", RFC 760, DOI 10.17487/RFC0760, January 1980, <https://www.rfc-editor.org/info/rfc760>. [RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, <https://www.rfc-editor.org/info/rfc791>. [RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <https://www.rfc-editor.org/info/rfc793>. [RFC894] Hornig, C., "A Standard for the Transmission of IP Datagrams over Ethernet Networks", STD 41, RFC 894, DOI 10.17487/RFC0894, April 1984, <https://www.rfc-editor.org/info/rfc894>. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987, <https://www.rfc-editor.org/info/rfc1035>. [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989, <https://www.rfc-editor.org/info/rfc1122>. [RFC1958] Carpenter, B., Ed., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, <https://www.rfc-editor.org/info/rfc1958>.
[RFC1984] IAB and IESG, "IAB and IESG Statement on Cryptographic Technology and the Internet", BCP 200, RFC 1984, DOI 10.17487/RFC1984, August 1996, <https://www.rfc-editor.org/info/rfc1984>. [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, <https://www.rfc-editor.org/info/rfc2026>. [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, January 1998, <https://www.rfc-editor.org/info/rfc2277>. [RFC2775] Carpenter, B., "Internet Transparency", RFC 2775, DOI 10.17487/RFC2775, February 2000, <https://www.rfc-editor.org/info/rfc2775>. [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, DOI 10.17487/RFC3022, January 2001, <https://www.rfc-editor.org/info/rfc3022>. [RFC3365] Schiller, J., "Strong Security Requirements for Internet Engineering Task Force Standard Protocols", BCP 61, RFC 3365, DOI 10.17487/RFC3365, August 2002, <https://www.rfc-editor.org/info/rfc3365>. [RFC3439] Bush, R. and D. Meyer, "Some Internet Architectural Guidelines and Philosophy", RFC 3439, DOI 10.17487/RFC3439, December 2002, <https://www.rfc-editor.org/info/rfc3439>. [RFC3536] Hoffman, P., "Terminology Used in Internationalization in the IETF", RFC 3536, DOI 10.17487/RFC3536, May 2003, <https://www.rfc-editor.org/info/rfc3536>. [RFC3724] Kempf, J., Ed., Austein, R., Ed., and IAB, "The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture", RFC 3724, DOI 10.17487/RFC3724, March 2004, <https://www.rfc-editor.org/info/rfc3724>. [RFC3935] Alvestrand, H., "A Mission Statement for the IETF", BCP 95, RFC 3935, DOI 10.17487/RFC3935, October 2004, <https://www.rfc-editor.org/info/rfc3935>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, DOI 10.17487/RFC4033, March 2005, <https://www.rfc-editor.org/info/rfc4033>. [RFC4084] Klensin, J., "Terminology for Describing Internet Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, May 2005, <https://www.rfc-editor.org/info/rfc4084>. [RFC4101] Rescorla, E. and IAB, "Writing Protocol Models", RFC 4101, DOI 10.17487/RFC4101, June 2005, <https://www.rfc-editor.org/info/rfc4101>. [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, <https://www.rfc-editor.org/info/rfc4941>. [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, <https://www.rfc-editor.org/info/rfc4949>. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <https://www.rfc-editor.org/info/rfc5246>. [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, DOI 10.17487/RFC5321, October 2008, <https://www.rfc-editor.org/info/rfc5321>. [RFC5646] Phillips, A., Ed., and M. Davis, Ed., "Tags for Identifying Languages", BCP 47, RFC 5646, DOI 10.17487/RFC5646, September 2009, <https://www.rfc-editor.org/info/rfc5646>. [RFC5694] Camarillo, G., Ed., and IAB, "Peer-to-Peer (P2P) Architecture: Definition, Taxonomies, Examples, and Applicability", RFC 5694, DOI 10.17487/RFC5694, November 2009, <https://www.rfc-editor.org/info/rfc5694>. [RFC5944] Perkins, C., Ed., "IP Mobility Support for IPv4, Revised", RFC 5944, DOI 10.17487/RFC5944, November 2010, <https://www.rfc-editor.org/info/rfc5944>.
[RFC6101] Freier, A., Karlton, P., and P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", RFC 6101, DOI 10.17487/RFC6101, August 2011, <https://www.rfc-editor.org/info/rfc6101>. [RFC6108] Chung, C., Kasyanov, A., Livingood, J., Mody, N., and B. Van Lieu, "Comcast's Web Notification System Design", RFC 6108, DOI 10.17487/RFC6108, February 2011, <https://www.rfc-editor.org/info/rfc6108>. [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 6120, DOI 10.17487/RFC6120, March 2011, <https://www.rfc-editor.org/info/rfc6120>. [RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in Internationalization in the IETF", BCP 166, RFC 6365, DOI 10.17487/RFC6365, September 2011, <https://www.rfc-editor.org/info/rfc6365>. [RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA", RFC 6698, DOI 10.17487/RFC6698, August 2012, <https://www.rfc-editor.org/info/rfc6698>. [RFC6701] Farrel, A. and P. Resnick, "Sanctions Available for Application to Violators of IETF IPR Policy", RFC 6701, DOI 10.17487/RFC6701, August 2012, <https://www.rfc-editor.org/info/rfc6701>. [RFC6797] Hodges, J., Jackson, C., and A. Barth, "HTTP Strict Transport Security (HSTS)", RFC 6797, DOI 10.17487/RFC6797, November 2012, <https://www.rfc-editor.org/info/rfc6797>. [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, <https://www.rfc-editor.org/info/rfc6973>. [RFC7230] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, <https://www.rfc-editor.org/info/rfc7231>. [RFC7232] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI 10.17487/RFC7232, June 2014, <https://www.rfc-editor.org/info/rfc7232>. [RFC7233] Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Range Requests", RFC 7233, DOI 10.17487/RFC7233, June 2014, <https://www.rfc-editor.org/info/rfc7233>. [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", RFC 7234, DOI 10.17487/RFC7234, June 2014, <https://www.rfc-editor.org/info/rfc7234>. [RFC7235] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Authentication", RFC 7235, DOI 10.17487/RFC7235, June 2014, <https://www.rfc-editor.org/info/rfc7235>. [RFC7236] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations", RFC 7236, DOI 10.17487/RFC7236, June 2014, <https://www.rfc-editor.org/info/rfc7236>. [RFC7237] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP) Method Registrations", RFC 7237, DOI 10.17487/RFC7237, June 2014, <https://www.rfc-editor.org/info/rfc7237>. [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014, <https://www.rfc-editor.org/info/rfc7258>. [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 2015, <https://www.rfc-editor.org/info/rfc7469>. [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015, <https://www.rfc-editor.org/info/rfc7540>.
[RFC7574] Bakker, A., Petrocco, R., and V. Grishchenko, "Peer-to- Peer Streaming Peer Protocol (PPSPP)", RFC 7574, DOI 10.17487/RFC7574, July 2015, <https://www.rfc-editor.org/info/rfc7574>. [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T., Trammell, B., Huitema, C., and D. Borkmann, "Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement", RFC 7624, DOI 10.17487/RFC7624, August 2015, <https://www.rfc-editor.org/info/rfc7624>. [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, DOI 10.17487/RFC7626, August 2015, <https://www.rfc-editor.org/info/rfc7626>. [RFC7725] Bray, T., "An HTTP Status Code to Report Legal Obstacles", RFC 7725, DOI 10.17487/RFC7725, February 2016, <https://www.rfc-editor.org/info/rfc7725>. [RFC7754] Barnes, R., Cooper, A., Kolkman, O., Thaler, D., and E. Nordmark, "Technical Considerations for Internet Service Blocking and Filtering", RFC 7754, DOI 10.17487/RFC7754, March 2016, <https://www.rfc-editor.org/info/rfc7754>. [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., and P. Hoffman, "Specification for DNS over Transport Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 2016, <https://www.rfc-editor.org/info/rfc7858>. [RFC8164] Nottingham, M. and M. Thomson, "Opportunistic Security for HTTP/2", RFC 8164, DOI 10.17487/RFC8164, May 2017, <https://www.rfc-editor.org/info/rfc8164>. [RFC8179] Bradner, S. and J. Contreras, "Intellectual Property Rights in IETF Technology", BCP 79, RFC 8179, DOI 10.17487/RFC8179, May 2017, <https://www.rfc-editor.org/info/rfc8179>. [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, <https://www.rfc-editor.org/info/rfc8200>. [Rideout] Rideout, A., "Making security easier", July 2008, <http://gmailblog.blogspot.de/2008/07/ making-security-easier.html>.
[Ritchie] Ritchie, J. and J. Lewis, "Qualitative Research Practice: A Guide for Social Science Students and Researchers", SAGE Publishing, London, 2003, <http://www.amazon.co.uk/ Qualitative-Research-Practice-Students-Researchers/ dp/0761971106>. [RSF] Reporters Without Borders (RSF), "Syria using 34 Blue Coat servers to spy on Internet users", January 2016, <https://rsf.org/en/news/ syria-using-34-blue-coat-servers-spy-internet-users>. [Saltzer] Saltzer, J., Reed, D., and D. Clark, "End-to-End Arguments in System Design", ACM Transactions on Computer Systems (TOCS), Volume 2, Number 4, pp. 277-288, DOI 10.1145/357401.357402, November 1984. [Sandvine] Sandvine, "Sandvine: Over 70% Of North American Traffic Is Now Streaming Video And Audio", December 2015, <https://www.sandvine.com/pr/2015/12/7/sandvine-over-70- of-north-american-traffic-is-now-streaming-video-and- audio.html>. [Schillace] Schillace, S., "Default https access for Gmail", January 2010, <http://gmailblog.blogspot.de/2010/01/ default-https-access-for-gmail.html>. [Schneier] Schneier, B., "Attacking Tor: how the NSA targets users' online anonymity", October 2013, <http://www.theguardian.com/world/2013/oct/04/ tor-attacks-nsa-users-online-anonymity>. [SPIEGEL] SPIEGEL, "Prying Eyes - Inside the NSA's War on Internet Security", December 2014, <http://www.spiegel.de/international/germany/ inside-the-nsa-s-war-on-internet-security-a-1010361.html>. [sslstrip] Marlinspike, M., "Software >> sslstrip", 2011, <https://moxie.org/software/sslstrip/>. [techyum] Violet, "Official - vb.ly Link Shortener Seized by Libyan Government", October 2010, <http://techyum.com/2010/10/ official-vb-ly-link-shortener-seized-by-libyan- government/>. [TorProject] The Tor Project, "Anonymity Online", 2006, <https://www.torproject.org/>.
[torrentfreak1] Van der Sar, E., "Is Your ISP Messing With BitTorrent Traffic? Find Out", January 2014, <https://torrentfreak.com/is-your-isp-messing-with- bittorrent-traffic-find-out-140123/>. [torrentfreak2] Andy, "Lawyers Sent 109,000 Piracy Threats in Germany During 2013", March 2014, <https://torrentfreak.com/ lawyers-sent-109000-piracy-threats-in-germany-during- 2013-140304/>. [Tribler] Delft University of Technology, Department EWI/PDS/ Tribler, "About Tribler", 2013, <https://www.tribler.org/about.html>. [UDHR] United Nations General Assembly, "The Universal Declaration of Human Rights", 1948, <http://www.un.org/en/ universal-declaration-human-rights/index.html>. [UNGA2013] United Nations General Assembly, "UN General Assembly Resolution "The right to privacy in the digital age" (A/C.3/68/L.45)", 2013, <https://documents-dds-ny.un.org/doc/UNDOC/LTD/N13/ 576/77/PDF/N1357677.pdf?OpenElement>. [UNHRC2016] United Nations Human Rights Council, "The promotion, protection and enjoyment of human rights on the Internet", Resolution A/HRC/32/L.20, 2016, <http://ap.ohchr.org/documents/alldocs.aspx?doc_id=20340>. [Ververis] Ververis, V., Kargiotakis, G., Filasto, A., Fabian, B., and A. Alexandros, "Understanding Internet Censorship Policy: The Case of Greece", 5th USENIX Workshop on Free and Open Communications on the Internet (FOCI) '15, August 2015, <https://www.usenix.org/system/files/ conference/foci15/foci15-paper-ververis-update.pdf>. [W3CAccessibility] World Wide Web Consortium, "Accessibility", 2016, <https://www.w3.org/standards/webdesign/accessibility>. [W3Ci18nDef] Ishida, R. and S. Miller, "Localization vs. Internationalization", World Wide Web Consortium, April 2015, <http://www.w3.org/International/ questions/qa-i18n.en>.
[wikileaks] Sladek, T. and E. Broese, "Market Survey: Detection & Filtering Solutions to Identify File Transfer of Copyright Protected Content for Warner Bros. and movielabs", 2011, <https://wikileaks.org/sony/docs/05/docs/Anti-Piracy/CDSA/ EANTC-Survey-1.5-unsecured.pdf>. [WP-Tempora] Wikipedia, "Tempora", September 2017, <https://en.wikipedia.org/wiki/Tempora>. [WSJ] Sonne, P. and M. Coker, "Firms Aided Libyan Spies", The Wall Street Journal, August 2011, <http://www.wsj.com/articles/ SB10001424053111904199404576538721260166388>. [WynsbergheMoura] Nguyen, B., Ed., van Wynsberghe, A., van Wynsberghe, A., and G. Moreira Moura, "The concept of embedded values and the example of internet security", June 2013, <http://doc.utwente.nl/87095/>. [XMPP-Manifesto] Saint-Andre, P. and XMPP Operators, "A Public Statement Regarding Ubiquitous Encryption on the XMPP Network", March 2014, <https://raw.githubusercontent.com/ stpeter/manifesto/master/manifesto.txt>. [Zittrain] Zittrain, J., "The Future of the Internet - And How to Stop It", Yale University Press & Penguin UK, 2008, <https://dash.harvard.edu/bitstream/handle/1/4455262/ Zittrain_Future%20of%20the%20Internet.pdf?sequence=1>.
Acknowledgements
A special thanks to all members of the HRPC Research Group who contributed to this document. The following deserve a special mention: - Joana Varon for helping draft the first iteration of the methodology and previous drafts, and for directing the film "Net of Rights" and working on the interviews at IETF 92 in Dallas. - Daniel Kahn Gillmor (dkg) for helping with the first iteration of the glossary (Section 2) as well as a lot of technical guidance, support, and language suggestions. - Claudio Guarnieri for writing the first iterations of the case studies on VPNs, HTTP, and P2P. - Will Scott for writing the first iterations of the case studies on DNS, IP, and XMPP. - Avri Doria for proposing writing a glossary in the first place, help with writing the initial proposals and Internet-Drafts, her reviews, and her contributions to the glossary. Thanks also to Stephane Bortzmeyer, John Curran, Barry Shein, Joe Hall, Joss Wright, Harry Halpin, and Tim Sammut, who made a lot of excellent suggestions, many of which found their way directly into the text. We want to thank Amelia Andersdotter, Stephen Farrell, Stephane Bortzmeyer, Shane Kerr, Giovane Moura, James Gannon, Alissa Cooper, Andrew Sullivan, S. Moonesamy, Roland Bless, and Scott Craig for their reviews and for testing the HRPC guidelines in the wild. We would also like to thank Molly Sauter, Arturo Filasto, Nathalie Marechal, Eleanor Saitta, Richard Hill, and all others who provided input on this document or the conceptualization of the idea. Thanks to Edward Snowden for his comments at IETF 93 in Prague regarding the impact of protocols on the rights of users.
Authors' Addresses
Niels ten Oever ARTICLE 19 Email: mail@nielstenoever.net Corinne Cath Oxford Internet Institute Email: corinnecath@gmail.com