Re: 2nd Working Group Last Call: draft-ietf-httpbis-encryption-encoding-03.txt

Martin Thomson <martin.thomson@gmail.com> Thu, 20 October 2016 02:19 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD8BF129481 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2016 19:19:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.932
X-Spam-Level:
X-Spam-Status: No, score=-6.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbMQ_BLe8xD1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2016 19:19:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81425129401 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 19 Oct 2016 19:19:30 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bx2si-0003t9-6L for ietf-http-wg-dist@listhub.w3.org; Thu, 20 Oct 2016 02:14:56 +0000
Resent-Date: Thu, 20 Oct 2016 02:14:56 +0000
Resent-Message-Id: <E1bx2si-0003t9-6L@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1bx2sb-0003sO-Kw for ietf-http-wg@listhub.w3.org; Thu, 20 Oct 2016 02:14:49 +0000
Received: from mail-qk0-f174.google.com ([209.85.220.174]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1bx2sY-0004fK-Ip for ietf-http-wg@w3.org; Thu, 20 Oct 2016 02:14:47 +0000
Received: by mail-qk0-f174.google.com with SMTP id z190so68402172qkc.2 for <ietf-http-wg@w3.org>; Wed, 19 Oct 2016 19:14:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Zd21wbfdoHDZaxs+kNrXqqbh8MCOSwf2ZqpOzB8+ENM=; b=WIlqbjfEeV7Rrhf4QkBD8VB/aqlFYHFodM5axCrZ+M8lUCoSDs+A0/awg+HpqCu9Rb ZHCMYw+j7yAD+F/9bspevelI4cONRw2ELW9q7XV9OxA796ZBml1u/Vhi4FgUXkolYGSR lKJWimBRw/UV/tSWxTDT7StBoA2vJ8FSiO0YO/siuyys6jyPA9CJ0AfDVkWWb6gb2XzZ PyOC+3hhKAs/41X+Wuwdhz2sMNSs0L+7/BJK6GEjabbXKAuA3o1J5eHRJ0IE5sjzU/VU BXge4BgY0BwQA1UuYhBBu7X72W+A7gkkbjNozOIo3vDaK/bxmzlAcB3+v6mComPZ1MAw Pifg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Zd21wbfdoHDZaxs+kNrXqqbh8MCOSwf2ZqpOzB8+ENM=; b=NfjupsVOcLA8gVpA+7i7r4Csor/yCOdLdeOXnfa0KHogqFykUeZrTVlgA+gLJC6xra pngDR6WnYKd7Gk7HY9HLJ/uqEi+j9MY5NuID9gRWCVmDopVaV7jduP+pGRhuMfW26ghd tDf9bHDQ1w2gIxUWlopLsuCe1Urb9BQjsYE7XVU6ggOFMBTixV6iaRg5BZDzg2uNMUeo MM7EKdkqxYup7JVoDaP1yyfeABUoTHEVUWdySlT/MgbdHkXI6GaFuNdjQTbvYPvhJfXZ Hs2TypzqMJSeJt4fDoD3y58nSm/7vZBup3uRshJvxQ+joNcpNsDzQGFVmrOEKryKkeSE J6tw==
X-Gm-Message-State: AA6/9RnR8eHaDlS2UGputMHjp7lJPKaU3XqUpUy56+cY85c4CtpdFHNMOn00kAOFES5alzXITCumIx7BQeV/Ag==
X-Received: by 10.55.155.15 with SMTP id d15mr8860042qke.115.1476929659976; Wed, 19 Oct 2016 19:14:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Wed, 19 Oct 2016 19:14:19 -0700 (PDT)
In-Reply-To: <18d7f584-a303-f218-24ec-abf0c341f436@gmx.de>
References: <147607568231.30483.6721771001967558206.idtracker@ietfa.amsl.com> <06660B0E-6F8D-42DF-A909-C216B49FB590@mnot.net> <03fb16fd-35d4-e5d3-86d4-317b1016829e@gmx.de> <CABkgnnWKOTheZ9Gf9WLfVWAsQwNWi=EM6LhX=Za+UXnXQkf6AQ@mail.gmail.com> <90ee7958-5697-23ad-6f52-060f58800067@gmx.de> <7720.1476858421@critter.freebsd.dk> <7c879010-2145-fabc-9f97-d05de90e5147@gmx.de> <30011.1476886408@critter.freebsd.dk> <18d7f584-a303-f218-24ec-abf0c341f436@gmx.de>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 20 Oct 2016 13:14:19 +1100
Message-ID: <CABkgnnWasq4=Y3uuw-Sccch8DMW9jTB474JnrJEuJa_gzDrKaA@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=209.85.220.174; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f174.google.com
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=0.082, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bx2sY-0004fK-Ip f9c5a70334c4af75f63218610536acc8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 2nd Working Group Last Call: draft-ietf-httpbis-encryption-encoding-03.txt
Archived-At: <http://www.w3.org/mid/CABkgnnWasq4=Y3uuw-Sccch8DMW9jTB474JnrJEuJa_gzDrKaA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32647
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 20 October 2016 at 01:46, Julian Reschke <julian.reschke@gmx.de> wrote:
> But how would you handle the case describes above -- where the metadata
> (content type, encryption material) is served from a server different from
> the one having the (encrypted) payload?

You know, I had the same thought as PHK after making that statement
and I can't think of a reason he is wrong. What was relevant is that
you need to *know* more stuff to get crypto right, but that's just the
key.  You don't need to parameterize the content coding otherwise.

If rs, salt and keyid were in the payload, I can't see how that would
be a real problem.  They are public information and inline avoids a
whole mess of issues.  Every secondary server would be serving the
values, but that's not fatal.  You wouldn't be able to "compress" them
by including one value across all potential secondaries (again, not a
real problem, and potentially a feature if you wanted different
encryptions across secondaries to avoid correlation).

The best I could come up with is that random access always requires
the first few octets.  But that's weak: it's either metadata or some
of the payload.  And we already take on that burden in other places:
it's actually a common restriction on resources that are acquired
piecemeal.  Some media container formats require the end to make sense
of the middle, which is much more tiresome.  Zip archives are also
like that.

Now, I don't know what to do about webpush, but if we are going to
make breaking changes, I can maybe get some efficiency gains from them
which should help there.  A new name should help avoid the worst parts
of the churn.