Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
Eric Rescorla <ekr@rtfm.com> Wed, 16 June 2021 14:35 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD793A1ABC for <ohttp@ietfa.amsl.com>; Wed, 16 Jun 2021 07:35:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LXnubPrACuo for <ohttp@ietfa.amsl.com>; Wed, 16 Jun 2021 07:35:07 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F41203A1ABD for <ohttp@ietf.org>; Wed, 16 Jun 2021 07:35:06 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id l64so3240833ioa.7 for <ohttp@ietf.org>; Wed, 16 Jun 2021 07:35:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eL56VvsyWFpQygBMcbAyXXJTrixYTfba9aL6pk6x2Qs=; b=nf7B25TiZItkjfWPG06Stpq0LNZD9YOZG5LgxPxSsLItTCD5YYRVPtsDwKp9RNkIv1 e1omt0JJRszyaUYATrVtWv4W7qsIyHLBOGRqydayigkl1wCx/wmUBasWXuMAKBHSmpI6 gmqbg8JQjFSKQ4rNBuTOiOApp9by2di7SsCNPDlg4ng07UrWUPZ1OT0VCSf07KdGFifB RwgTWmIveAZaMB28rewCrfUB7wYVIeGYVz0PlmOOrQ835G4Bfkt4Mt+AKfsYt6YOoMiL 972K62J0Lds2F7QmLGlgmNhiSa/9dmldpJjJkZw8hlhL/2DJTDUqf15/UB+Nf3WEVpuK FkPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eL56VvsyWFpQygBMcbAyXXJTrixYTfba9aL6pk6x2Qs=; b=mCu+AL8Y6gusqQMQ7PdzmyvmrTXkf1XHuNBC4PfMPJtu8fSMJdwJozXzn6zdciLT2f Qe4PxNYZxvmnfdotASzbEp/5xa9W0Z73UInDdihQkwtAoPiJiZ1e6IsjKZdW8VJj7xsC qEBoixhF7G9/ALQZZ33mAYHxlfhDiMMbLmmqpTpLnOeeadF+hIQYjrgUq/k1gN/oqyJJ CRN4cmxS0GXGEQb+ka4c+ekfpDKUXrLZ4Qp+COk1cHOTcEoJST/kJzUfNe87B43Q2CtT okj6mA/OsniK8y7/5fmkKrZ7WTfJSWA4ztvJ8xY8URcXB0LkSgzngyrCcnt1G5kZPUH7 oUdA==
X-Gm-Message-State: AOAM531eI1XLia26Z4QhGG8SbV+rWtUb6xazZuNCs0qj79z11MjaNeIX 1VdWIQ9d9AeC2UeRhtJI+pxThMxiw1MNPfvJjbC8ew==
X-Google-Smtp-Source: ABdhPJzngEwVtdgQIl1zcbGa6zM68+24fTzf1ljYgJCQC3IKrF3vc8/zU/07AFxJkTtigi7KSfMK8DnV9IFLQ83BHIM=
X-Received: by 2002:a05:6638:3b5:: with SMTP id z21mr4509268jap.17.1623854104845; Wed, 16 Jun 2021 07:35:04 -0700 (PDT)
MIME-Version: 1.0
References: <162383653561.1023.5027949292786523303@ietfa.amsl.com>
In-Reply-To: <162383653561.1023.5027949292786523303@ietfa.amsl.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 16 Jun 2021 07:34:28 -0700
Message-ID: <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, ohttp@ietf.org, ohttp-chairs@ietf.org
Content-Type: multipart/alternative; boundary="00000000000016356905c4e2ff61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/81WpbCQ0b-WflgY2QV1XnLSeeRQ>
Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 14:35:12 -0000
> I have many concerns about OHTTP (see below), which may be shared by the > community. Therefore, a BoF is required before creating the WG hence my BLOCK. > We may also wonder why creating a working group for a single document and > whether ART is the right area but those points are details. Perhaps, as Mark Nottingham suggests, it would simply be easier to have this work done in HTTP, thus addressing the "why create a new WG question", and making this proposed charter moot. With that said, I think perhaps you misunderstand the setting in which O-HTTP is intended to be deployed. I.e., it is not a generic proxying system like Tor but rather one which is designed to allow the client, server, and proxy to work together to conceal the client's IP address from the server. Indeed, the most natural deployment scenarios are ones in which the client, origin server, and proxy are all coordinated by a single entity. For instance: 1. A browser who wants to send telemetry back to the manufacturer while concealing the IP address. In this case, the browser and manufacturer are controlled by the same entity, who also arranges for the proxy, which is preconfigured into the browser. 2. Oblivious DoH (in a TRR configuration). In this case, the client and proxy might be operated by the same entity who then has an arrangement with the DoH server. Note that these cases are largely maintaining existing topologies, but merely inserting a proxy. Moreover, as noted above, these relationships are largely static. > My concerns are not all technical ones but include: > > 1/ What is the incentive for the proxy/request intermediaries ? I don't really think this question is in scope for WG review. We don't typically ask why organizations want to do things, but merely whether there is interest. I think it's clear from the discussion leading to this that there is interest and I can tell you that Mozilla is looking at running such a proxy, as are others who may want to speak for themselves. > 2/ Depending on 1/, we may expect that just a couple of intermediaries will > exist, this leads to centralization to a couple of parties but also introduces > a single point of failure, scalability issues, and easier censorship. This is irrelevant for the use cases of interest, as described above. > 3/ While OHTTP would be able to 'hide' the good guys from bad > networks/servers, it would also protect the bad guys who can then easily attack > servers; leaving servers defenseless as they cannot protect against an attack > by blocking a couple of IP addresses without also impacting the normal users. > Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not > have the bandwidth to be a DoS vector. This is an issue to some extent, but because the relationships are to some extent static (i.e., the server does not expect to receive large traffic volumes from arbitrary proxies), it is less than with a generic proxying protocol. In general, servers are going to expect that proxies do anti-DoS. With that said, because the O-HTTP requests are wrapped, it is possible for the proxy to provide anti-DoS meta-information (e.g., IP reputation) that is more difficult with a generic proxying protocol. Moroever, unlike a generic proxying protocol, we don't expect ordinary HTTP servers to run this, so the risk is easier to control. > 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in > democratic countries will become less and less able to achieve their tasks. I don't think this is an appopriate consideration either, for the reasons indicated in RFC 2804. These detailed points aside, these objections seem particularly out of place in light of the fact that the IETF is presently designing a generic proxying protocol that is designed to work with any server, without modification (MASQUE). All of the considerations you list above apply a fortiori there (and, for that matter, to RFC 2817 HTTP CONNECT, TURN over TLS, and any VPN protocol we've designed). Given that O-HTTP is a more limited system than all of those (differing primarily in that it is optimized for single request/response pairs) it's hard to understand what the problem is. -Ekr On Wed, Jun 16, 2021 at 2:42 AM Éric Vyncke via Datatracker < noreply@ietf.org> wrote: > Éric Vyncke has entered the following ballot position for > charter-ietf-ohttp-00-00: Block > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-ohttp/ > > > > ---------------------------------------------------------------------- > BLOCK: > ---------------------------------------------------------------------- > > I have many concerns about OHTTP (see below), which may be shared by the > community. Therefore, a BoF is required before creating the WG hence my > BLOCK. > We may also wonder why creating a working group for a single document and > whether ART is the right area but those points are details. > > My concerns are not all technical ones but include: > > 1/ What is the incentive for the proxy/request intermediaries ? > > 2/ Depending on 1/, we may expect that just a couple of intermediaries will > exist, this leads to centralization to a couple of parties but also > introduces > a single point of failure, scalability issues, and easier censorship. > > 3/ While OHTTP would be able to 'hide' the good guys from bad > networks/servers, it would also protect the bad guys who can then easily > attack > servers; leaving servers defenseless as they cannot protect against an > attack > by blocking a couple of IP addresses without also impacting the normal > users. > Section 8.2.1 of the I-D is a little light on the topic. Tor currently > does not > have the bandwidth to be a DoS vector. > > 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in > democratic countries will become less and less able to achieve their tasks. > > All in all, the points above should be discussed by the community before > creating a WG. > > There should also be an operational consideration part. > > > > > > -- > Ohttp mailing list > Ohttp@ietf.org > https://www.ietf.org/mailman/listinfo/ohttp >
- [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp… Éric Vyncke via Datatracker
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Rescorla
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Vyncke (evyncke)
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Christopher Wood
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Rescorla