IETF Logo Mail Archive

Re: [Ohttp] Discovery

Martin Thomson <mt@lowentropy.net> Fri, 25 June 2021 00:29 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3116A3A3122 for <ohttp@ietfa.amsl.com>; Thu, 24 Jun 2021 17:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=I/mPgAZ1; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=NfV8u0UU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBCZpODo0PQP for <ohttp@ietfa.amsl.com>; Thu, 24 Jun 2021 17:29:41 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 521803A3120 for <ohttp@ietf.org>; Thu, 24 Jun 2021 17:29:41 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id AF4273200911; Thu, 24 Jun 2021 20:29:37 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Thu, 24 Jun 2021 20:29:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=uDtj32SQX1hZ2I2XVXfk3n7zlrGYlCy 7TJW30KkU34c=; b=I/mPgAZ1D6IKRzNYD2BAwxZnXVC5pBUYl1pKCXewMQSO9aB zu9sHZ8ZqEyMhzW7EjsjcZ7//tyxmO7yRZ3/2BKE9obqeCIrf0Z/YN1QQIDmRnx0 YKlcLrA7G7Zweu/GVW2NtNN30ZofqdGlSJDaqmFBYOG44az3pT6fccepge5QWW9F bSt1Y4V7ae6/tycHpsypVMaIj/J+vjHUJMdo5kzMSKTBq9UrRVrE73YoN+SeVbbv ejAh6atKJcZuG0eGpE3xbCYZT9qvMp6AfplszdFDsnultwP/Qb1stLFJYb3epZq8 LyHuP7mq2n5nJ28MyMlNnrF3cc9jds0MUsf0Anw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=uDtj32 SQX1hZ2I2XVXfk3n7zlrGYlCy7TJW30KkU34c=; b=NfV8u0UUdZ7nf8QKq1pGBh 27uiuPWnuSb2659xYkm7OkInWHVU1VpNWPmcwOEfsuVFrK5bQ3bO+2tE5zc3dcqj kfuVWc0SBhDH99Kr++QIJ3dC9Lu5HJBUTaHssBJ6fY0AH+qk183mnGt/DUFiE51L AwiUhiTSGsKLmQ5pANC0F0hSSC001cB4V2wihWREXZ0iyrkiFCDxVifhgyryXa6r 7tDg8kEbsWszbP99AtsM5ZaHlzqfQVUK6UfjN5RLUVsqr4eb9FLjVucLsrTUJgXl 153RsvtN6gUOpq6fFA+XAt8GCtTu9HyOL68Yf32Tkoli+1D1YLvbwOjQj8Qf5Qiw ==
X-ME-Sender: <xms:cCPVYIBCDD-3PCX9vL-hcmzJCuIxNS7NB4j9O5RpSYhnARCu9cRd7g> <xme:cCPVYKhs7XFDY7WmP6IEBe9t-auyjPNWwZZcdXKwgzmeU92U7E5n45lJI6KiuCd7r wBNnMlJUvP7XMLq_Yo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeegiedgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnheptdeghfekgeffhfetfeejkeevfeetheehleegheehveelfeetfeei keefgfejvdegnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophih rdhnvght
X-ME-Proxy: <xmx:cCPVYLmL9qMGQKNM3vxBNg-XJBflqXIVrcbfyv68Od4Tu2xHwYlQnQ> <xmx:cCPVYOwf8dKYeWiDrCMGoydIiLQLhYcD0rkhDHAdmOg6r31xgVdEEg> <xmx:cCPVYNRjLMXUqCuGGmI-zbFI5GZcgzhlZNskenFY05xh3vOAH-NraQ> <xmx:cSPVYIOMI6JbWAlvJHJ89sjTDP4C2GVfvevUP5iWD0rBV2jRPW3qyw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C0AD24E0095; Thu, 24 Jun 2021 20:29:36 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-530-gd0c265785f-fm-20210616.002-gd0c26578
Mime-Version: 1.0
Message-Id: <530ff450-6e8e-432f-8ba4-c8b2503d31a9@www.fastmail.com>
In-Reply-To: <CABcZeBOjF4sdk_zO5xaPjN3DxCpQcna4hVaUTXzVoJB5HsPUWQ@mail.gmail.com>
References: <D8268CF8-94DA-4E91-9286-4E45B8E26CB6@mnot.net> <c57ed5b0-c17a-0bca-f42a-dafaa1725792@lear.ch> <1F7246CE-589A-4B34-B514-AFA0F640A384@mnot.net> <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com> <f1308d19-085d-dadf-df69-da6f8b1b5171@lear.ch> <276764677.18198.1624458666099@appsuite-gw2.open-xchange.com> <CABcZeBOjF4sdk_zO5xaPjN3DxCpQcna4hVaUTXzVoJB5HsPUWQ@mail.gmail.com>
Date: Fri, 25 Jun 2021 10:29:06 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ohttp@ietf.org, Eliot Lear <lear@lear.ch>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/5WIVFs_8SlypHScB8199JSwkvGU>
Subject: Re: [Ohttp] Discovery
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 00:29:46 -0000

On Thu, Jun 24, 2021, at 00:40, Eric Rescorla wrote:
> > "The working group will also consider and address the possible effects of a generalized deployment of the protocol outside of the applicability statement, in terms of possible impacts on Internet security and privacy, centralisation trends and issues around jurisdiction and law enforcement."
> 
> I do not believe we should do this work. It is not necessary for 
> defining the protocol and seems to mostly an opportunity for argument.

This I agree with.  I think that Eliot was asking for something more targeted in his request, which was to consider the implications to operational practices.  His suggest was specifically:

> The working group will consider and address operational matters, so that the output does not introduce any substantial negative impact to existing deployments.

The first clause "will consider and address operational matters" is almost motherhood and apple pie.  I would hope that this is something every protocol design effort includes.  The latter requires a commitment that we not break existing deployments.  I have to push back on that.

I understand that there are important use cases that might be affected by the widespread deployment of new security protocols.  That's commonplace.  But we don't agree not to design a protocol solely on the basis that it affects practices.  We do things like consider whether there are alternative ways in which the same goals might be met, or whether the practices are worth protecting.  If a use case is important and there are no good alternatives as a result of the new design, that is grounds for rejecting a protocol.

My counter-proposal:

> The working group will consider the operational impact as part of the protocol design and document operational considerations.
-- https://github.com/unicorn-wg/ohttp-charter/pull/2

That's a bit broader, as it also relates to how clients and servers might operate (and the client piece might be related to Zahed's ask).  I think that does partially cover Vittorio's ask as well, at least from the angles that are in scope for IETF work.

v2.23.0 | Report a Bug | By Email