# IABOpen Minutes IETF114 {#iabopen-minutes-ietf114} ## Chairs: Mirja Kühlewind, David Schinazi {#chairs-mirja-kühlewind-david-schinazi} ## Topics {#topics} ### Welcome and Status Update (10 mins) - Mirja/David {#welcome-and-status-update-10-mins---mirjadavid} [Slides: Welcome and Status Update][1] #### Document Updates {#document-updates} * Published: RFC 9280 (was draft-iab-rfcefdp-rfced-model) RFC Editor Model (Version 3) * draft-iab-aid-workshop-01: Report from the IAB Workshop on Analyzing IETF Data (AID), 2021 -> In RFC editor queue * draft-iab-mnqeu-report: IAB workshop report: Measuring Network Quality for End-Users -> In community feedback call * draft-iab-path-signals-collaboration: Considerations on Application - Network Collaboration Using Path Signals -> Ready for community feedback call * draft-iab-protocol-maintenance: The Harmful Consequences of the Robustness Principle -> under discussion #### Program Updates {#program-updates} * Evolvability, Deployability, & Maintainability (EDM) Program * Interim meeting on Thursday morning 9-10am (IAB office - Independence D) * Capacity limited to 20 people * Topics for discussion: * Community feedback on draft-iab-protocol-maintenance, and plan for publishing the document * Status of implementation tracking and next steps * Scrubbing of issues list: https://github.com/intarchboard/program-edm/issues * Internet Threat Model (model-t) Program * Had an interim meeting on April 5th * Some recent document updates (one on today’s agenda), but not much other activity * The IAB is considering closing the program, potentially adopting some related documents as IAB documents, and continuing the discussion on this and other topics in architecture-discuss * See further: https://www.ietf.org/mailman/listinfo/Model-t and https://datatracker.ietf.org/group/model-t/documents/ Mark McFadden: I hope you don't close Model-T and instead inject some energy into it. There are 5 drafts. What the IAB sees as a symptom is something I think the IAB could solve by providing some of the energy. One interim meeting doesn't seem like enough to me. My input is, don't close it, and if you do, make sure you have a place to go with those documents and contributions. Mirja Kühelwind: I well understand that desire and that it's not satisfying to just close the program. But the purpose is to trigger a conversation in the community, and we don't see the goal acheived. There are documents that have contributed to the discussion, but a lot of these were not considered for publication on the IAB stream. We discussed today that we need a venue for these documents, and I know that it is frustrating, but I don't think it will be in the IAB. I think it will be on you to bring the docs to the right place. There are research groups like PEARG or HRPC, or maybe go to the SEC Area and keep the discussion there. Dominque Lazanski: I am the author of 2 of these drafts on threat models. I support what Mark said, but I think it's not on us individually, but on us collectively. There is quite a lot going on in this area. I think this needs some zest and energy from the IAB. I would support seeing this get another chance so we have a place to discuss these threats and threat issues. Mirja Kühelwind: It's important to have a place to discuss with the community, but the program is failing to do that. Jari Arkko: I don't think that I have all the answers; I share the pain that was expressed at the mic. It's not that we will close this and go away, but there is an opportunity to move some docs forward and continue the discussions on the architecture-discuss list and other venues. * RFC Editor Future Development Program was closed * Thanks to all, especially the chairs Eliot & Brian and Peter as document editor! #### Administrative Support Groups {#administrative-support-groups} * New [IETF-IEEE Coordination group][2] * New [IETF-ISOC Coordination group][3] #### Workshops {#workshops} * Open Call for [IAB Workshop on Management Technologies in Encrypted Networks (MTEN)][4] * Planned workshop on Environmental Impact of Internet Applications and Systems ### Liaison Updates: ITU-T (Scott Mansfield) (15 mins) {#liaison-updates-itu-t-scott-mansfield-15-mins} [Slides: ITU-T Liaison Summary of work related to IETF - Scott Mansfield][5] ### Data minimization: draft-arkko-iab-data-minimization-principle (Jari Arrko) (10 mins) {#data-minimization-draft-arkko-iab-data-minimization-principle-jari-arrko-10-mins} [Slides: Data Minimization][6] * Discussion to take place on architecture-discuss@iab.org or send feedback directly to the authors/IAB! ### Invited Talk: EU Digital Markets Act (Luís Cabral, Professor of Economics and International Business, Department of Economics, Stern School of Business, New York University) (20mins) {#invited-talk-eu-digital-markets-act-luís-cabral-professor-of-economics-and-international-business-department-of-economics-stern-school-of-business-new-york-university-20mins} [Slides: EU Digital Markets Act][7] Wes Hardaker: Thank you. I hope it comes true that this promotes intererability at a layer higher than we usually see at the IETF these days. What I am curious about is, does the DMA find a way to avoid some of the legal loopholes, like finding a way to mandate instant messaging? Luís Cabral: There are a lot of potential loopholes. The large corporations have a lot more technical people who can do those kinds of things. For example, Google might say that "if you are going to start regulating us like this, we'll stop offering search on Google", or something like that. I don't think it's a credible threat but tactics like this may work in preventing the regulation from having full effect. Stephen Farrell: Dividing interoperability will take a while. From a regulatory process, how do you see that happening? Luís Cabral: The DMA suggests there will be a dialogue with the gatekeepers and some interested third parties. DMA does not spell out in detail exactly what it means, basically it creates the possibility for it to happen. Stephen Farrell: Is there a mention of IETF in the docs? Luís Cabral: I don't actually know, but it should because a lot of this will amount to technical interoperability details (to which IETF has a lot to contribute). Phillip Hallam-Baker: I don't care about the companies, I care about the users in the walled gardens, that Alice in one walled garden can get up and move to another walled garden of her choice without losing all of her friends and contacts. Luís Cabral: I think this is one of the areas where the DMA is very specific, but whether or not they can deliver it still a question: the devil is in the details. For example, I can think of 100 ways in which Amazon can make life difficult for third-party sellers. Support from people with technical knowledge will be important: laywers and economists will not be able to solve this. Alissa Cooper: There are many ways to acheive interoperabilty, and standards are just one of those. Does the EC have preferences about how this interoperability is acheived? A 1:1 dialogue with each gatekeeper is sub-optimal from our perspective. Can you glean whether they would prefer to see standardized solutions to some of this? And the flipside is, there are other EC pieces of legislation that are much more detailed about this and the need for standards. Is that meaningful, that there is no explicit language about standardization in this, or was that just part of the political process? Luís Cabral: The DMA was created by a bunch of people with little knowledge of the technical details. I don't think there are any preferences regarding technicalities because I don't think they have a clear idea how to do things. I think this is an area where you could make an enormous contribution. I think the goal is to end with closed systems. I think the EC would be thrilled to have IAB contributions on this. There are different problems on the commercial part of the Internet. I don't think there can be a one-size-fits-all type of regulation. Christian Huitema: I am a bit scared by what you mentioned about sharing data. You mentioned competition as a big issue, but there is also surveillance. Companies are acquring data about you to sell products. Anyone can get all the data all the time, and that seems scary. Luís Cabral: I agree. Much of this will probably fall under the digial service act, liability for users' actions. I don't know much about the DSA, but I think your question probably refers more to that. I don't think it's an issue of privacy per se, but of allowing proprietary rights over user-level data. Mallory Knodel: My quesion is, we've seen the GDPR play out for a few years now, and I think some people would say they have notes. What are the mechanisms to revise this, and how long will it take? What kinds of advocacy would be useful here? Luís Cabral: The DMA does have provisions for it to be revised in the next few years. I would guess it will probably be a decade before the dust settles. There are enormous risks. There is some evidence already that GDPR had a negative impact on small start-ups (the information from cookies is what allowed a lot of them to thrive). ### Open Mic (5 mins) {#open-mic-5-mins} Please take further questions to the architecture-discuss mailing list. [1]: https://datatracker.ietf.org/meeting/114/materials/slides-114-iabopen-welcome-and-status-update-mirjadavid-01 [2]: https://datatracker.ietf.org/iabasg/ietfieee/about/ [3]: https://datatracker.ietf.org/iabasg/iabisoc/about/ [4]: https://www.iab.org/activities/workshops/m-ten/ [5]: https://datatracker.ietf.org/meeting/114/materials/slides-114-iabopen-itu-t-liaison-summary-of-work-related-to-ietf-scott-mansfield-02 [6]: https://datatracker.ietf.org/meeting/114/materials/slides-114-iabopen-data-minimization-jari-arrko-00 [7]: https://datatracker.ietf.org/meeting/114/materials/slides-114-iabopen-eu-digital-markets-act-luis-cabral-00