Re: [Ohttp] OHTTP applications I've seen
Eliot Lear <lear@lear.ch> Wed, 28 July 2021 11:58 UTC
Return-Path: <lear@lear.ch>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8923A0B13 for <ohttp@ietfa.amsl.com>; Wed, 28 Jul 2021 04:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.891
X-Spam-Level:
X-Spam-Status: No, score=-0.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wCPB6WLgH-jB for <ohttp@ietfa.amsl.com>; Wed, 28 Jul 2021 04:58:05 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 752313A0B18 for <ohttp@ietf.org>; Wed, 28 Jul 2021 04:58:05 -0700 (PDT)
Received: from [IPv6:2a02:aa15:4101:2a80:cc8a:6ce0:76e7:c1a7] ([IPv6:2a02:aa15:4101:2a80:cc8a:6ce0:76e7:c1a7]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 16SBvxLk071021 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 28 Jul 2021 13:58:00 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1627473480; bh=/XtZ2F4I1IYulveevGS/+jmDYnrmN+LnIsdI/guCcAQ=; h=To:References:From:Subject:Date:In-Reply-To:From; b=YEuhHttlUA6In54V2fHHn6qabgz8RtxclSuhf04cAxqMK0TlSHz3/sav69s4K0PQg uLy0LsNjPE53oohQFOkkrEtdauo0ReNGP0tM9uA6sgajVRBkGqv3XoBS1WLIEIsg5m 1+cIrxPFtadgd6CFMBsXSYVdDe3v31pwsnYjG5P0=
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, Watson Ladd <watsonbladd@gmail.com>, ohttp@ietf.org
References: <CACsn0ckC9trR_HsFfn37=+rTTBhe-Z_hGiZJZ6GWPXiS_eanZw@mail.gmail.com> <2111623045.1384.1627468504245@appsuite-gw1.open-xchange.com>
From: Eliot Lear <lear@lear.ch>
Message-ID: <acecb9f1-d8c9-959d-0334-e0533bfa3572@lear.ch>
Date: Wed, 28 Jul 2021 13:57:54 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <2111623045.1384.1627468504245@appsuite-gw1.open-xchange.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="UT0mT0g4PXEbT5ScU1NQYqGUzD2GgnkKr"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/ElGTupeIE8kYBAodyLRfjanQ6WE>
Subject: Re: [Ohttp] OHTTP applications I've seen
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 11:58:10 -0000
Hi Vittorio On 28.07.21 12:35, Vittorio Bertola wrote: > > In other words, we have a service, and a server, that voluntarily wants to interpose an intermediate proxy to learn less information about the user, or, more precisely, not to learn their IP address. At the same time, this intermediate proxy needs to have an established trust relationship with the server operator, because the service needs to trust that all the requests it gets from the proxy are real and, for example, are already screened for bots and DoS attacks; it can't just accept requests from any proxy the user might want to use. I would call the concept "server-controlled HTTP indirection" (SCHI). Yesterday we unfortunately focused so much time on discovery that I fear we largely lost track of other issues. ohttp isn't much more than a packet format and media type and some crypto goo. The issue is really in the applications above it. How we handle those applications becomes, I think, a question. I have no particular concern with telemetry and even safe browsing. I remain concerned about DNS, in that it will become a nightmare to shutdown C&C networks and defend against other forms of attack. I think this opens up a question, tho, and maybe an issue: Should there be media subtypes to define the applications? I see that as a good question for a WG to consider. Eliot
- [Ohttp] OHTTP applications I've seen Watson Ladd
- Re: [Ohttp] OHTTP applications I've seen Vittorio Bertola
- [Ohttp] renaming the WG-to-be? Jim Reid
- Re: [Ohttp] OHTTP applications I've seen Eliot Lear
- Re: [Ohttp] renaming the WG-to-be? Martin Thomson
- Re: [Ohttp] OHTTP applications I've seen Martin Thomson