IETF Logo Mail Archive

Re: Privacy difficulties in Blind Caching and OOB encoding

Martin Thomson <martin.thomson@gmail.com> Thu, 03 August 2017 23:42 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA2E6131EBC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Aug 2017 16:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.502
X-Spam-Level:
X-Spam-Status: No, score=-6.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRsBISbf3dI4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Aug 2017 16:42:27 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FA10131C2C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 3 Aug 2017 16:42:26 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ddPiA-00074u-0z for ietf-http-wg-dist@listhub.w3.org; Thu, 03 Aug 2017 23:39:26 +0000
Resent-Date: Thu, 03 Aug 2017 23:39:26 +0000
Resent-Message-Id: <E1ddPiA-00074u-0z@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1ddPhz-00073a-0L for ietf-http-wg@listhub.w3.org; Thu, 03 Aug 2017 23:39:15 +0000
Received: from mail-io0-f170.google.com ([209.85.223.170]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1ddPhS-00011I-2e for ietf-http-wg@w3.org; Thu, 03 Aug 2017 23:39:14 +0000
Received: by mail-io0-f170.google.com with SMTP id c74so522491iod.4 for <ietf-http-wg@w3.org>; Thu, 03 Aug 2017 16:38:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hQBW1b4v7l8eqEyxAVeN/Qu2uDN8gql+Jh1RTyjA7E8=; b=ksmQsXtsVc76eHVT0J3vqaaAYsoW0lWH6zGyVM9LeEaqszW9VSGnbTcXsTXGbvbMon 6x59YIa0ZaqwzM9e+XnZSONekZvgSxx8jLmrCR0kwjTTLom0qtRd7Z4FkEb7EjKcag53 uACLkNMNyQ6YeRLRs62biB15Jkt8Gd8xPcDcJAnL7ECZGfyuwXTT1NTSKFGj5M4GM7Eq Lv3Txp/WtG1EdnooHtTZqpQszBroXdhlBhUfwGZCWnsETBsxGK4WlZKSm+U6FGr5/WfM ns4PY34zhmCGjpE30nHpvJ9HEvFj0x3psyN8DVm4G+drsLyGpX3FUDk2qbBE9vT77hI/ ZsFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hQBW1b4v7l8eqEyxAVeN/Qu2uDN8gql+Jh1RTyjA7E8=; b=LiN6FPo67wOyjM2CGR+0HSSrrGLPvVE9CPGDhXoV3CTEwoUt++/2Spqr5EI2MGFXpw 1ql7dGSTRfGq7rvXyKPk35vgzIiRrQ4nKbCTQ1YLcfBRSRuYLFoXWJOuVMa0aWsWRMcp 3O94KNEs/UU+wDrdJ9bCxegHCh4CJ/z5vgzCaZrfnEEHnzvNLUkHZY7oIHMSaq+zjw41 1519EPiwtzSe1DyhDCIVlC4cWenY2bdGo0bM8To2FffR7A4PRXaPRQWpU50knkOXzL+S IKd79RtGNrOCtcFLMerGvNix9w+tOnmCXT2kzELcFwDhvUvP5Cb1sjaBrhWPnE3dvNzB I3/w==
X-Gm-Message-State: AHYfb5jmbVLjkgsEtxElq6tx60mMRL2zsOLfToo9XgvCWpS0oqzIXE0N NpAnDTcsPuNNBWsoa7ZnQ5oV2lngtJ3k
X-Received: by 10.107.201.65 with SMTP id z62mr707794iof.74.1501803500906; Thu, 03 Aug 2017 16:38:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.164.42 with HTTP; Thu, 3 Aug 2017 16:38:20 -0700 (PDT)
In-Reply-To: <CANh-dXmCDMSpzoUzxZudaTG_MTcR9vwSv4qPknjeRfD01J=Zeg@mail.gmail.com>
References: <CANh-dXmCDMSpzoUzxZudaTG_MTcR9vwSv4qPknjeRfD01J=Zeg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 04 Aug 2017 09:38:20 +1000
Message-ID: <CABkgnnXKD0nG5+09u10AOy0X+sc-+egu1Cgq_U1d0r4VCN560A@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.223.170; envelope-from=martin.thomson@gmail.com; helo=mail-io0-f170.google.com
X-W3C-Hub-Spam-Status: No, score=-7.1
X-W3C-Hub-Spam-Report: AWL=1.190, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1ddPhS-00011I-2e a92f1c35f99d00e7cb1d1f67709fe974
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Privacy difficulties in Blind Caching and OOB encoding
Archived-At: <http://www.w3.org/mid/CABkgnnXKD0nG5+09u10AOy0X+sc-+egu1Cgq_U1d0r4VCN560A@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34230
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Jeffrey,

You have summarized the issues that caused us to largely abandon this
work.  In terms of privacy, it's an increase from what traffic
analysis would expose.  The hope was that this could be valuable in
cases where you were prepared to expose resource identity to a cache,
but not give it the ability to modify it, or give it control over
meta-information.

On 4 August 2017 at 04:55, Jeffrey Yasskin <jyasskin@google.com> wrote:
> I was reading draft-thomson-http-bc-01,
> draft-reschke-http-oob-encoding-12, and some of their dependencies,
> and I'm having trouble finding the plan for getting caches to actually
> speed things up while at the same time preventing caches from learning
> important information about the content their clients are
> transferring.
>
> The core idea of the out-of-band encoding, as described in the drafts
> and [ERICSSON], is that the origin server can delegate content
> transmission to an edge cache to which the client has a faster
> connection than it has to the origin.
>
> When we account for the origin->cache transmission, this should be
> slower for the first client and significantly faster for all
> subsequent clients. That is, more than one client MUST be able to use
> the same resource bytes, which means, if they're encrypted
> ([RFC8188]), that all clients must get the same key to decrypt them.
> That has several implications:
>
> 1) For public resources, the cache can trivially figure out what
> content clients are retrieving, by pretending to be a client itself to
> get the decryption keys. This is an important decrease in privacy
> compared to TLS, but I don't see it mentioned in [BC]. It seems to
> conflict with calling the caching "blind".
>
> 2) For secret resources, the cache may not be able to authenticate
> sufficiently to retrieve decryption keys, but it can still trivially
> figure out that multiple clients are retrieving the same resource.
> This metadata is another decrease in privacy compared to TLS.
>
> 3) [OOB] and [SCD] both mention a forgery risk and sketch some
> mitigations around [SIG] and [MICE], but that's less relevant for this
> email.
>
> Have I missed anything in the documents or the design that hides more
> information from the caches?
>
> Thanks,
> Jeffrey
>
> [BC] https://tools.ietf.org/html/draft-thomson-http-bc-01
> [OOB] https://tools.ietf.org/html/draft-reschke-http-oob-encoding-12
> [SCD] https://tools.ietf.org/html/draft-thomson-http-scd-02
> [ERICSSON] https://www.ericsson.com/en/publications/ericsson-technology-review/archive/2016/blind-cache-a-solution-to-content-delivery-challenges-in-an-all-encrypted-web
> [RFC8188] https://tools.ietf.org/html/rfc8188
> [SIG] https://tools.ietf.org/html/draft-thomson-http-content-signature-00
> [MICE] https://tools.ietf.org/html/draft-thomson-http-mice-02
>

v2.23.0 | Report a Bug | By Email