Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

Arnaud Taddei <> Tue, 19 December 2023 09:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 09334C14F5EB for <>; Tue, 19 Dec 2023 01:36:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OC6ELAYOf8_j for <>; Tue, 19 Dec 2023 01:36:15 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 28D5EC14F5FF for <>; Tue, 19 Dec 2023 01:36:14 -0800 (PST)
Received: by with SMTP id 5b1f17b1804b1-40d05ebe642so14082485e9.0 for <>; Tue, 19 Dec 2023 01:36:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; t=1702978572; x=1703583372;; h=mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=+n0iUxYTNY/M6C5jaS8dv0XgrZfiaK1ICDVKA5gJX7k=; b=Y6piyfYI3mA/difiKWXC4OEsEjgfj64B0wFKYWWlBB20O17VIgIfWI2SH4so2uGhJV boy05UYurP7gNA6LFJxvXLxJV7mwHMFyMetlOZfazbHVjRodXDNcm6Eqxhj5Hep3CPY8 L/APa16zCrmeVfW1W7VbcgfbSBtHlvq7sy/io=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1702978572; x=1703583372; h=mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=+n0iUxYTNY/M6C5jaS8dv0XgrZfiaK1ICDVKA5gJX7k=; b=WVJx70WQit7/Sde84YhyYIHqTB/b6vykffPsOCzFFbLTRZ6GN9aywteJHi1YdD0W2c L2DiZzod9iigPH3DYKd4u0xY5AUaIPC1Gtic2hDD4R2t2pw4pFVAlacC9kvwDgo+MEwu r8IemaUHYWRX+5vf/HznTUOwVwEcdGQYoc+9nAtVqdwJJCKrY5VaMyOouTPOqNq3Hbie QVGJsZPehHh4M4Q6LpH9L9sRHXDHeY9jAxlmg2QTabauF5+nSn78sGJjX6KgP5AtYoR3 8LInkJPnUhqtlFIn5fCetn9CGd4W3pLcj/kPYAd9t8XuKAIUR5Ihot582YlExPowVO2/ 9WWQ==
X-Gm-Message-State: AOJu0Yz4QYx+CWiTIwmSb7Nv8Ib9+bFO0OnXz5KRycpcdy8eNxx1PYkN X0fUoX+upRpxuu8UX+me6RR+R+uenFIfCw3HnHg8mojs4pWKhOsAsQ0xbh1f7JVHm8ray5MGMf4 JE/TN07DGcp163E3nrByBXUG5KHMEJg==
X-Google-Smtp-Source: AGHT+IEFG2sqxNqN7HNHz532QZH1xjtZ1UY0n6ufNDpMhVx9quFl4cVQx11XpC3NA28mLTvTqcP/Qg==
X-Received: by 2002:a05:600c:46d4:b0:40b:5e26:2382 with SMTP id q20-20020a05600c46d400b0040b5e262382mr396784wmo.51.1702978572292; Tue, 19 Dec 2023 01:36:12 -0800 (PST)
Received: from CWLP123MB4435.GBRP123.PROD.OUTLOOK.COM ([2603:1026:c08:b4::5]) by with ESMTPSA id ay10-20020a05600c1e0a00b0040d1bd0e716sm1985733wmb.9.2023. (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 01:36:11 -0800 (PST)
From: Arnaud Taddei <>
To: Eliot Lear <>, Eric Rescorla <>
CC: S Moonesamy <>, "" <>, "" <>
Thread-Topic: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
Thread-Index: ATE2MDc2xwLrR13JpH/u2EsEnrfqRDA4MDEy0HR0yYCAACktgIAAfkgAgACQyoCAAA91gIAAINQAgAC4ugCAAATxmw==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Tue, 19 Dec 2023 09:36:10 +0000
References: <> <> <CWXP265MB5153610FBB98A7B06AF81040C290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <CWXP265MB515381523714FF99524410CFC290A@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-RecordReviewCfmType: 0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000e264f0060cd998ae"
Archived-At: <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Dec 2023 09:36:19 -0000

I can only agree with your last clause Eliot which allows me to not make a long email why I am in the unsatisfied camp.

Have all a very good festive season and jump in the new year.

From: Architecture-discuss <> on behalf of Eliot Lear <>
Date: Tuesday, 19 December 2023 at 10:20
To: Eric Rescorla <>
Cc: S Moonesamy <>, <>, <>
Subject: Re: [arch-d] IAB Statement on Encryption and Mandatory Client-side Scanning of Content

On 18.12.2023 23:14, Eric Rescorla wrote:

ISTM that this is an example of a setting in which we have a term of art which is used in a way somewhat different from its literal meaning.

Specifically, it is very common right now to have clients of various kinds scan for material that the recipient doesn't want to receive, such as in the case of spam filtering, virus scanning, or Apple's sensitive content warning [0]. In many if not most of those cases, the operator of the device opted into or at least actively wants that kind of scanning. I think we can agree that this type of scanning works to some extent and isn't incompatible with open source or open protocols. This is, of course, scanning that happens on the client, and I believe it's what Brian is referring to.

What the IAB statement is referring to is something different, which is to say scanning which is imposed upon the operator of the device whether they want it or not, and is designed to stop the operator from sending and receiving certain classes of content. As you note, it's common practice to refer to this and not the type of scanning in the previous paragraph as "client-side scanning" (in contract to "server-side scanning"), but it's really the mandatory part of it that makes it distinct from other cases in which scanning happens on the client.

IAB statements are necessarily brief.  When they become lengthy, they have another vehicle: RFC.  With that in mind, there are clearly challenges in delineating in code the two cases you describe, as the interfaces that are used for one case could possibly be used for another; and that does strike me as intersecting the Internet Architecture.  I'm also confident that you have already blogged on this in detail ;-)

Also, this discussion seems to indicate that at least some people are unsatisfied with the statement.  I think we should view that as an opportunity.  What needs to be further teased out and what should the venue for that teasing be?  Here?  A separate mailing list?  PEARG?  HRPC?  And how could the conversation best be facilitated?


This electronic communication and the information and any files transmitted 
with it, or attached to it, are confidential and are intended solely for 
the use of the individual or entity to whom it is addressed and may contain 
information that is confidential, legally privileged, protected by privacy 
laws, or otherwise restricted from disclosure to anyone else. If you are 
not the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, you are hereby notified that any use, 
copying, distributing, dissemination, forwarding, printing, or copying of 
this e-mail is strictly prohibited. If you received this e-mail in error, 
please return the e-mail to the sender, delete it from your computer, and 
destroy any printed copy of it.