IETF Logo Mail Archive

Re: [Ohttp] Discovery

Eliot Lear <lear@lear.ch> Mon, 05 July 2021 14:01 UTC

Return-Path: <lear@lear.ch>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCAA93A18C9 for <ohttp@ietfa.amsl.com>; Mon, 5 Jul 2021 07:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.427
X-Spam-Level:
X-Spam-Status: No, score=-2.427 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.338, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHrqp58cKGdT for <ohttp@ietfa.amsl.com>; Mon, 5 Jul 2021 07:01:10 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBF5B3A18C4 for <ohttp@ietf.org>; Mon, 5 Jul 2021 07:01:09 -0700 (PDT)
Received: from [IPv6:2001:420:c0c0:1002::5c6] ([IPv6:2001:420:c0c0:1002:0:0:0:5c6]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 165E12Vp067529 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 5 Jul 2021 16:01:05 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1625493667; bh=xNiRSqhtvUDrYBQo2nQftqf9SIJYn3rgp7lmp4mKdh8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=xaQID8PxkpMF+sVajbXfm9+t2z2Xv9sib+f1Ankv/Lk0vcebaxv59pvjY2ICW5wB9 vwRay0vQCtXeFwpIe5jS3fB/G4crmtnJvuHkHTWTKZ4GY9N4dELhk2MzOyE+B1oRbg GkrYE21R6pIGmJ01ozEip3g20TJTpS3PJBDDpq1o=
To: Eric Rescorla <ekr@rtfm.com>
Cc: "ohttp@ietf.org" <ohttp@ietf.org>, Martin Thomson <mt@lowentropy.net>
References: <D8268CF8-94DA-4E91-9286-4E45B8E26CB6@mnot.net> <c57ed5b0-c17a-0bca-f42a-dafaa1725792@lear.ch> <1F7246CE-589A-4B34-B514-AFA0F640A384@mnot.net> <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com> <f1308d19-085d-dadf-df69-da6f8b1b5171@lear.ch> <85F35B48-DAB9-4429-9538-625E03262CDE@mnot.net> <LO2P265MB0399E24FF16C8A459E70EC0BC2069@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM> <434C5683-4292-4354-B000-42C1EFFB026D@mnot.net> <LO2P265MB03993DA815DFE00C2A4DCC4AC2069@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM> <CABcZeBOqas=GxSTWrMXWkrCroUp8dSUrnz0P4S3LFuBJ4BeHiw@mail.gmail.com> <3C3FE468-4447-47B0-8F07-0DE7602DE134@cable.comcast.com> <CABcZeBOKvWxC=PrZ8CdChKXKHeZUJoU2=Gokqgp5g3a1m8PJ=g@mail.gmail.com> <A6A229B4-163C-446B-8CBE-C696E19902A7@cable.comcast.com> <acea0962-cac6-4566-bd36-14d033320035@www.fastmail.com> <168223d6-9199-9cfe-1eac-1653a22df4cd@lear.ch> <CABcZeBN1hq=dCXnRbCp5zBYMQse1Y===9Jv2cVv2MdW=iUjxeg@mail.gmail.com>
From: Eliot Lear <lear@lear.ch>
Message-ID: <8608f72f-7e6b-c9ac-a4d3-94348b2ddf17@lear.ch>
Date: Mon, 05 Jul 2021 16:01:00 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBN1hq=dCXnRbCp5zBYMQse1Y===9Jv2cVv2MdW=iUjxeg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="U97i9J5qlQLrKlb6lsc1BKrNgVHGcL22J"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/IhpLbawB7nx2ZRkxcRTK8yioTPs>
Subject: Re: [Ohttp] Discovery
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2021 14:01:15 -0000

Hi Eric

On 05.07.21 15:54, Eric Rescorla wrote:
>
>
> On Mon, Jul 5, 2021 at 1:32 AM Eliot Lear <lear@lear.ch 
> <mailto:lear@lear.ch>> wrote:
>
>     Hi Martin,
>
>     This is close enough for me so long as it is understood that we
>     address the two issues I mentioned:
>
>>       * Enterprise controls should not be subverted, especially when
>>         it's unnecessary to do so in this particular case.  Mark
>>         accurately described what I was referring to.
>>
>
> I don't agree with this, at least not as written. As evidenced by the 
> long discussion around DoH, there are two kinds of enterprise controls:
>
> 1. Those which involve control of the network the device is on.
> 2. Those which involve control of the device, as with MDM.
>
> I agree that in general O-HTTP (and DoX) should not bypass the latter 
> type of controls [the difficulty here being in determining if those 
> controls are in place].

Good.


> I do not agree that they should not bypass the former, for the 
> practical reason that from the perspective of the device those 
> controls are indistinguishable from any other network level 
> (3552-type) attacker.

This is something that we can discuss in the working group, but I think 
we are wordsmithing aruond the latter, not the former.

Eliot

v2.23.0 | Report a Bug | By Email