Re: HTTP/2 and Pervasive Monitoring

Mark Nottingham <mnot@mnot.net> Fri, 15 August 2014 09:00 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2503B1A0964 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 02:00:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.57
X-Spam-Level:
X-Spam-Status: No, score=-7.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMab1KDuI8T5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 02:00:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4998B1A0947 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 02:00:30 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIDKK-0002SZ-WB for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 08:57:37 +0000
Resent-Date: Fri, 15 Aug 2014 08:57:36 +0000
Resent-Message-Id: <E1XIDKK-0002SZ-WB@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XIDJu-0002Pr-7z for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 08:57:10 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XIDJt-00005h-2u for ietf-http-wg@w3.org; Fri, 15 Aug 2014 08:57:10 +0000
Received: from [192.168.1.68] (unknown [118.209.12.212]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 6250B50A73; Fri, 15 Aug 2014 04:56:44 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAH_y2NFr16YJEsN-=zUWjEdywuLpuOVijFmybjbXZtAE4LTMdg@mail.gmail.com>
Date: Fri, 15 Aug 2014 18:56:40 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE8B5174-864A-4514-B2DC-6F1742535A8C@mnot.net>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <CAH_y2NFr16YJEsN-=zUWjEdywuLpuOVijFmybjbXZtAE4LTMdg@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
X-Mailer: Apple Mail (2.1878.6)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.074, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XIDJt-00005h-2u 4fd3528c7645e7d0c03acfd424cccc25
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/DE8B5174-864A-4514-B2DC-6F1742535A8C@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26608
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Greg - please have a read of the BCP, which says some things that are very similar to your statements.

No protocol effort can claim to “solve” it — it would be ludicrous to say we could — but by the same token, we can’t (as per the BCP) bury our heads in the sand and not consider the PM-related consequences of our protocol design.

 (I think we’re in violent agreement here)

Cheers,


On 15 Aug 2014, at 4:00 pm, Greg Wilkins <gregw@intalio.com> wrote:

> 
> On 15 August 2014 12:58, Mark Nottingham <mnot@mnot.net> wrote:
> It's safe to say that pervasive monitoring is very relevant to HTTP.
> 
> I'm not so sure about this.
> 
> The vast bulk of PM issues, at least as they are discussed in Australia are related to the collection and retention of meta data.  Who you talked to, when you connected, how much data, who you connected to next, etc.      While I'm sure inspection of content is also an issue, it is secondary to the meta data issues.  Also many of the players involved in PM attacks have access to the unencrypted end points, so transport encryption is a long way off being a silver bullet for protection from PM
> 
> There is very little that we can do within a protocol like HTTP to address the such meta data collection.     More over, the problems that we face are similar to PM issues that other application protocols face.  SMTP, POP, IMAP, Websocket, IRC, SIP etc. all need similar protection as HTTP.            Solving PM is not something that I think that any of these protocols can do on their own.  Essentially PM is something that needs to be addressed at the TCP/IP level as I would suggest that any protocol using TCP/IP is subject to significant PM attack regardless of encryption.
> 
> Note that I'm not necessarily arguing against https only.... I'm really just saying that to pretend that this gives any significant defence against PM is to over sell what it achieves or what can be achieved by any application protocol stand alone.
> 
> It is indeed a problem, I just don't think we can put our hand up as being able to solve it.
> 
> regards
> 
> 
> 
> 
> -- 
> Greg Wilkins <gregw@intalio.com> 
> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
> http://www.webtide.com  advice and support for jetty and cometd.

--
Mark Nottingham   http://www.mnot.net/