Re: FYI: Oblivious HTTP
"Roy T. Fielding" <fielding@gbiv.com> Thu, 28 January 2021 20:18 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8E43A16EC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 28 Jan 2021 12:18:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.771
X-Spam-Level:
X-Spam-Status: No, score=-2.771 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gbiv.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9lUN_g4bCEUy for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 28 Jan 2021 12:18:15 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75A363A164A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 28 Jan 2021 12:18:15 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1l5DhZ-0004R7-NX for ietf-http-wg-dist@listhub.w3.org; Thu, 28 Jan 2021 20:15:37 +0000
Resent-Date: Thu, 28 Jan 2021 20:15:37 +0000
Resent-Message-Id: <E1l5DhZ-0004R7-NX@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <fielding@gbiv.com>) id 1l5DhY-0004QH-Of for ietf-http-wg@listhub.w3.org; Thu, 28 Jan 2021 20:15:36 +0000
Received: from insect.birch.relay.mailchannels.net ([23.83.209.93]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <fielding@gbiv.com>) id 1l5DhW-0007aa-N6 for ietf-http-wg@w3.org; Thu, 28 Jan 2021 20:15:36 +0000
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 297689226B2; Thu, 28 Jan 2021 20:15:22 +0000 (UTC)
Received: from pdx1-sub0-mail-a93.g.dreamhost.com (100-96-10-13.trex.outbound.svc.cluster.local [100.96.10.13]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 96BB59225C9; Thu, 28 Jan 2021 20:15:21 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from pdx1-sub0-mail-a93.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.10.13 (trex/6.0.2); Thu, 28 Jan 2021 20:15:22 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|fielding@gbiv.com
X-MailChannels-Auth-Id: dreamhost
X-Whistle-Macabre: 2945e18a32c22bfc_1611864921941_1670734910
X-MC-Loop-Signature: 1611864921941:3182998754
X-MC-Ingress-Time: 1611864921940
Received: from pdx1-sub0-mail-a93.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a93.g.dreamhost.com (Postfix) with ESMTP id 45C9180133; Thu, 28 Jan 2021 12:15:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=5G5VOmnsFckHbYx8gV34oK6NYXM=; b=t/WgCv2fFF1Ckw1vpOBm0wIOsE31 CPEiwQG75EFNDHdmfLrdC8GNg+ezJPYbas0KWtC7SWHvK9L+DBH5JHqWFgQ161Zd eCEINB6UNwt+FRjtiZR6kTbFUZg8UIsZzKeE4VOAl+XIJcuIaRLos1ZYQff+q+Ao hdOBPTnnfL8Sz60=
Received: from [192.168.1.10] (ip68-101-102-139.oc.oc.cox.net [68.101.102.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by pdx1-sub0-mail-a93.g.dreamhost.com (Postfix) with ESMTPSA id 0C5057F179; Thu, 28 Jan 2021 12:15:19 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
X-DH-BACKEND: pdx1-sub0-mail-a93
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <ef91fafb-1586-4076-baa9-033326162eb1@www.fastmail.com>
Date: Thu, 28 Jan 2021 12:15:18 -0800
Cc: ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <776DC690-336A-4843-8EA1-DD5D426A0DD6@gbiv.com>
References: <ef91fafb-1586-4076-baa9-033326162eb1@www.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3445.104.17)
Received-SPF: pass client-ip=23.83.209.93; envelope-from=fielding@gbiv.com; helo=insect.birch.relay.mailchannels.net
X-W3C-Hub-DKIM-Status: validation passed: (address=fielding@gbiv.com domain=gbiv.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1l5DhW-0007aa-N6 aab4961b7344b7cd8bda4c8a7404306b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: FYI: Oblivious HTTP
Archived-At: <https://www.w3.org/mid/776DC690-336A-4843-8EA1-DD5D426A0DD6@gbiv.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38412
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> On Jan 27, 2021, at 5:27 PM, Martin Thomson <mt@lowentropy.net> wrote: > > Just an announcement for a new draft that proposes a use of HTTP that this group might be interested in. I've started a discussion on the SECDISPATCH list about it [1]. Please, if you are interested in this topic, join that conversation. > > The draft: > > https://www.ietf.org/archive/id/draft-thomson-http-oblivious-00.html > > What this group might be more interested in is whether the ecosystem is well-served by a binary message format. That work currently has a dependency on another proposal: > > https://www.ietf.org/archive/id/draft-thomson-http-binary-message-00.html > > It doesn't strictly need to take this dependency, as message/http is in some ways adequate. However, I think that it might be beneficial to have a discussion about this idea here. > > Cheers, > Martin > > [1] https://mailarchive.ietf.org/arch/msg/secdispatch/VmFQCZGKlukgfnmgPh8ufQt_5Fo/ Personally, I think we have passed the inflection point where anonymous use of the Internet is an ideal, and we are quickly heading back to a world where accountability for its misuse is just as important. But that's a digression. Technically, I don't feel that wrapping base HTTP semantics as an encrypted package containing a binary encoding of HTTP/1, and then using POST to fling it around the world, is the right approach. I could understand that if the primary motivation was to pass through client-selected proxies without using TLS, or if the client engine was limited to javascript on a page, but not if we assume the client is deliberately coding for this protocol and servers are deliberately willing to accept such requests. POST is significantly harder to process than it looks. I suggest that it would be better to design a protocol that accomplishes exactly what you want in the most efficient way possible and find ways to blend that with the existing HTTPs. For example, using non-https link alternatives and Alt-Svc to identify oblivious resources. Using QUIC datagrams for sending opaque requests (I don't see a need to send these as HTTP/3) and receiving opaque responses. Mapping to other protocols only as a way of supporting backwards deployment over those old protocols. OTOH, oblivious connections will mislead if there are no equivalent constraints on what the client can do/enable with the content received. Almost all tracking today is done based on client behavior after receipt of the primary resource, including what is executed within the page, how the page components are ordered, what needs to be refreshed, links to other pages, what servers might share the same TLS certificate, etc. Relying on clients to restrain themselves doesn't work in practice, even though it should work in theory. As such, I think systems like TOR that are built on trust and actively mediate and adapt to changing malpractice is a better solution. But don't let that stop you from designing something better. ....Roy
- FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Amos Jeffries
- Re: FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Toerless Eckert
- Re: FYI: Oblivious HTTP Roy T. Fielding
- Re: FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Poul-Henning Kamp
- Re: FYI: Oblivious HTTP Greg Wilkins
- Re: FYI: Oblivious HTTP Toerless Eckert
- Re: FYI: Oblivious HTTP Roy T. Fielding
- Re: FYI: Oblivious HTTP David Benjamin
- Re: FYI: Oblivious HTTP Soni L.
- Re: FYI: Oblivious HTTP Eric Rescorla
- Re: FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Martin Thomson
- Re: FYI: Oblivious HTTP Ben Schwartz
- Re: FYI: Oblivious HTTP Martin Thomson