IETF Logo Mail Archive

Re: [Ohttp] Discovery (no)

Andrew Campling <andrew.campling@419.consulting> Tue, 27 July 2021 18:32 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 151F73A08BE for <ohttp@ietfa.amsl.com>; Tue, 27 Jul 2021 11:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SG2ZICxGSOc6 for <ohttp@ietfa.amsl.com>; Tue, 27 Jul 2021 11:32:31 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100052.outbound.protection.outlook.com [40.107.10.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FF4A3A08AA for <ohttp@ietf.org>; Tue, 27 Jul 2021 11:32:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dY7yVrARflMEOoYbGvof8leHQyzRo96xOtr8PLFeCzdq3SyZDJNW0gt41SNjAfl9ac0/IsUsqirCn82a5qHAlfErGWAcLzqcXEFFvZ2EHIwOH+epMA+Ou8Prr0fGbUQnpZjAylnUqV49u463S3SduEQcupxk/w7SxXhrsB6dLdfbUqd6erLfrOe5FirQ9Gh50+iEqrq5QZ44eDMo2StSoTis/ZOuKYgrFXkPfwCWXQ1oOfG7qLfuTMsHLAVvANh0HaRimtTzmvRjhGPft2LnXluh9RMySwmg4yFuW0rELzAgoCYggeCLJyL5ki0YSM761odvuo0OEzrCeFNdRHOkPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vlDmG4tDcETIxLD2aHF4M6sd+0wM4iMo7+NpkMLfSpA=; b=cer78cJbDtUueN4VyEJQIO4nZbtHvRYm46iGI03ZMkr4kJUY01VJnlzHiqoE8543/OLri+WQ6NLzj1L5pdcMXOnOkF+fw+OUbmchbhDoZWmK8iaJnbXam6F2MkMZS2CU8++85hEa+GdBtBLOFEtw0CVHkqf+UnyCiOrpOpOf5RKxH1AELMCITIIl0hiBqVh5dQ12tEK1z425LrzvK5q+zrxscyCqWK+krvbe/b/jQzZ9o6/ufePwWaTeARaqn1nEdezkIy11ngz/bvXDIZ3lTr5puBHCOoRTw+jhajeLhHm007WEj+kSrojdQbhRmUgZfWcI8w9pNGzju/S0B+9sCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vlDmG4tDcETIxLD2aHF4M6sd+0wM4iMo7+NpkMLfSpA=; b=r4CEOTo9/UWYAIlKEcbe9A35MWKzrM+K7KVZL1oKUgRUADxRXjzqUvFjafqIWlNOMAZs+eUZU5OfBaZgqS9NjhfApyMFrBZh7SQElBMOokZxZaIcmFXF5Fv10fRx/QnKr/CPInVEnXq8C+8PC7+5Z+pJYHOCOfF781f+DrCUYaQ=
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:67::18) by LO3P265MB2009.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:109::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.29; Tue, 27 Jul 2021 18:32:29 +0000
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::cc51:70f0:c6ab:c8f7]) by LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::cc51:70f0:c6ab:c8f7%3]) with mapi id 15.20.4352.032; Tue, 27 Jul 2021 18:32:29 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Alissa Cooper <alissa@cooperw.in>
CC: Thomas Mangin <thomas.mangin@exa.net.uk>, Eric Rescorla <ekr@rtfm.com>, "ohttp@ietf.org" <ohttp@ietf.org>, Christopher Wood <caw@heapingbits.net>
Thread-Topic: [Ohttp] Discovery (no)
Thread-Index: AQHXgt4iQ8gidHZ0G0C8vJ35G54No6tW6q2wgAAprICAAA6FMA==
Date: Tue, 27 Jul 2021 18:32:28 +0000
Message-ID: <LO2P265MB03993E72EB4A45462CA158D8C2E99@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM>
References: <CAEm8Q12LUx42gYODFVBpLUd0UbwfAvfScDC5Wnm+jsmaB6osQQ@mail.gmail.com> <3cb3ea05-57d8-4db2-9bdb-78cf8d8cf4c5@www.fastmail.com> <CAEm8Q12MegnasLOOEcCVLkZ_gW9E2JXx9hoWF1hFm+4dcwfXyw@mail.gmail.com> <CABcZeBMMh6rOymV9QB7sgCB33PD91im94nNR1h2gBo7fmEriRQ@mail.gmail.com> <CAEm8Q10PnoCEzUZb4mh7XBkz4T4ZeVoeyR_jx7u2VdG9SpUYLg@mail.gmail.com> <CABcZeBN_NZHXTBfRc9tGKArx71_xXogVHC0Any+0Vs9C626iYQ@mail.gmail.com> <CAEm8Q11wzXNBZzgy3eiU88sg15FPVD2br=v8nVH2YkrRynE66A@mail.gmail.com> <LO2P265MB0399D2CBC8855EBB0FA28571C2E99@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM> <ADF568AB-62AD-42B1-821A-EC35B0537A8C@cooperw.in>
In-Reply-To: <ADF568AB-62AD-42B1-821A-EC35B0537A8C@cooperw.in>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cooperw.in; dkim=none (message not signed) header.d=none;cooperw.in; dmarc=none action=none header.from=419.consulting;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b359980f-51ab-4d6b-8a70-08d9512ce3b5
x-ms-traffictypediagnostic: LO3P265MB2009:
x-microsoft-antispam-prvs: <LO3P265MB2009D3841A5EB285556F48C9C2E99@LO3P265MB2009.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KIEKR7B8ko2VQCx81blFrfjjC2JkzQddJRNoJ0VzdAaz1O3Tgw/NZq89kcPsf/xrawCGG/VRYtmRQXb4Ops72AXfQ2jTHKFPI0VgUTU3Os1boDvAnIBwieF8plADJyKNmYBipotase3ORhn/7mZVzjjCW+00UuPH15jywenb5/3xVL8debqcY94hDFVaPIM4Z1rveyso5CHguMn/eeDfo8u2VGlOqJu7Ogv77n64LOGe2sVoAQbBHqciVDhF6zEajlpol3Uq03WMs+gbo9zy8KjJmpbuYe3kHqusa6stEKQj7bNl3RhLJxacYDFCUezOuG476FZUYRSNlzjm40leGtxIGdG+in91NFYJn1DtFAxFlu60cUR8Moge4+1nieOI45iahy0FmIF0aOvDi6X3kQ8O/NTpl2+1jinbePuqV9kUyLOEdGILJ4TAzr5KX7Qe2K4HVM/rVN/jAx9vGUbzGMde2uMDltAi38pM2CQ/BVhD648GATJHYgPuGfe22F0X2UZhp2HsA/bqw8QSfdwwjJijg0ATxwKWa9US8qE/Y9E9Cqhh9SWOFQeXVE8MhOyTDoSyCtMhK6JVvkvwpqHnuuPZix4sYBs1v/NxDAvCfNhXLF8Sx7tk6oYphgxu5MkSP7FA+eOoWH7gGhyFG3+tgUZPhdLcqDqCT7OcBaf9RHE+v3FU8YNOvcHybTFTZjiR7Smwe3/YF8IQ0Zh0QfZ7yVurWeKxujwMxR60Kv6Fsac=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(136003)(366004)(376002)(346002)(396003)(39830400003)(76116006)(26005)(66446008)(64756008)(66556008)(66476007)(186003)(4326008)(66946007)(8936002)(8676002)(122000001)(38100700002)(66574015)(9686003)(6916009)(44832011)(55016002)(52536014)(7696005)(83380400001)(33656002)(86362001)(54906003)(2906002)(478600001)(5660300002)(316002)(71200400001)(6506007)(53546011)(46492011)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: S3UA2tQhlkKMnJ/ThNIhFBqm3MG8DIZucoEon2NWEdXzYJzm9Mtp53TIRcOQS9aidv9C76+p6iCXTTGxfgK5rI21jL6hFvMe/EcRruAeGQ7eeQ81nUmaleEcmbipSr0VpZer6dNJqa0UWCMHbU4patfD86x7bjmvZwL89GVhEnGDZRHmbK9PTh7ndldwM23efcqbKJwpSrnuVeyyeZypC5XOwvmvKaqw+iBE4KqXyXrM6o9unpu9z7xkLdDVtCUTcwv2Cz2uF1mqrxia4712ka70+sTWqN7+S2hlmGs+wP1DW9z/xnTSUzxXumV8k6cNL4tyHTxPfBAdwbtu9sayv0t6kNwNT829i6A+PFSaiJTVa1c/bC1KgS3E3ix3/Ru0CgTQEdEU0UPbkewxhu2tfsAHdIDuDNl+BZCA5gbnBZI792NGzGUpr1s3LwTzThdPuXVx6yjZqE3yKKtd2BKzDKa5KWs7T14C7bh2jkwHwvwuPIYnYiq54Pam534ZwLLnvAuIAYBx3sj35pWrYejqXlP9Fsvi+PJCAzuHHIopaFHTMlWNNIX1J33j1XK75F8CDNT4ro6oR0CUqLaNMsRicrnN0bOnId4iGtnRUJduyB7L1+1pQxkv3SilQU7hRibbhARoTqaqXXQp7LuWHjaUOs30uXkItiHS+SOVN5oRjIbODgEzUm/1E8NduJLZs0K/QuQS6gfV3EbaFmWcBDaBRVSzT5NGTbhCyR19fsab1/5acV0GNXKJY0QdckipEKCxebvum2CjFkrGGBzMIco1F4gHeiKYJo2BrMZtyx2ZatlS0IRHFrUQdFJdjvhSfZaBqBYfZXm0DhRbC5fT/1fDJcLF7vwtqWH7nfVwmoRVA6vLi4SVo51El0Phf35TtWCM/t61K3qZ7SSP156aasx2lVUjnsIkUGwWk3Vdo77jJrp5hbfzLH72xObGrzi3ptAT0gf/9FUvJFFlUCHKFd1U7TB+FAUZyPHrEbatzwMgfK9S57y8z8xNa4X8uJsNvVmec4ORqBQe8uKnKMEz6RstHo2MYW/eXww5wRsmucgPNNRCO4kLZLlNAV/4qzFRwgI4RsVvwU0tYd1pUoY54LjF0YK4IszV5Hd2nGpdm7i/rDyY7PmmJ/XVOn+koTlMFT60GMLLFi6pP9HxEZgLbr5dT/j2iurVVMPmzcddF+thgGQrH8fOqGLVLH7L3wg+UF8BosX3XGTS+GpMXgzlquUMjmaNHax94MGyyEOG97ZVGo+hFSse5KOdJkt97eeehQSzEAIAt4B3DjcNkcIQYAdIAdEWpLAxdVPvstECVL9v5Eos1Iwa20zkCWug96Rmjy+2
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO2P265MB03993E72EB4A45462CA158D8C2E99LO2P265MB0399GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b359980f-51ab-4d6b-8a70-08d9512ce3b5
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 18:32:28.9092 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7GnsMH/nFcASaIjpXmh6PtgyqdGg5L1mFtT+yg5bgfgpRF05m60DlJtttb2Nt/FEZtdpdaOlhlt1XLIMcMmAZO48BWJSZbeo2LRpR4v42fA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO3P265MB2009
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/MGvMa67YjDBFRbxMdYZzCyUJ29I>
Subject: Re: [Ohttp] Discovery (no)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 18:32:36 -0000

On Jul 27, 2021, at 18:30, Alissa Cooper <alissa@cooperw.in> wrote:

> Parties can always collude whether or not a discovery mechanism is specified.

True, however lack of a discovery mechanism would make it trivially easy for them to do so.  No doubt the security consideration section will have to address this fully in due course, assuming that the wg is chartered.  In addition, the WG should ensure that use case limitations and the reasons for them are clearly spelt out, either in the protocol RFC or a separate document.

My concern here is that we need to see a discovery mechanism in order to provide the end user with some degree of control over the selection of proxies, otherwise these choices are left to the software developers and revelations about surveillance capitalism over last decade tells us that the latter approach would be unwise.  In addition to privacy concerns, centralisation also comes to the fore - if there isn't a discovery mechanism then it seems likely to me that the bulk of traffic will find its way to a small number of CDNs, further weakening the resilience of the Internet.


Andrew

v2.23.0 | Report a Bug | By Email