Re: [Ohttp] Benjamin Kaduk's No Objection on charter-ietf-ohttp-00-02: (with COMMENT)
Martin Thomson <mt@lowentropy.net> Wed, 25 August 2021 22:48 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C88A03A0B09 for <ohttp@ietfa.amsl.com>; Wed, 25 Aug 2021 15:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=nXfhH/Uz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=GrS+s0GQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnncFiAyayqW for <ohttp@ietfa.amsl.com>; Wed, 25 Aug 2021 15:48:03 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E06A83A0AD0 for <ohttp@ietf.org>; Wed, 25 Aug 2021 15:48:02 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B2EE85C022B for <ohttp@ietf.org>; Wed, 25 Aug 2021 18:48:00 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Wed, 25 Aug 2021 18:48:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=yXGAhGxvjcrko0V0F1vLTP8eEPtImol 4HCBDxlxYN8I=; b=nXfhH/UzaGhWvTdZNDHcZv1I5wW7vO1gdhPwJqZz+j5KKjX fTwU+oKB7ojE6kOJNZfUMgdjWhcmq6TI+lG11onpyGzFZZ6VP3RQLc/U8zLI2HIA ATcuRoL+CoJnXgut3hyD/u+yo1ep9x78RObeJUqodqnGa5mvrCp9I3RDawmA3jUr bHh5K0zQMquwzWYrm0EvH7lAJCX8vVyW/AZ/68lhz82B6QTui97e9xh3zHHr1EFw l/kur5HVYlhgi3KYmS1m4QHi9CGENNUCJHgj9JcLyAJB0Omlywqy3F0TJ1mqHyJk NYWTwSp0YF0WZJFV/EXpzp9Imk3IT1Ba4HRR42w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=yXGAhG xvjcrko0V0F1vLTP8eEPtImol4HCBDxlxYN8I=; b=GrS+s0GQJkbq0/GHOMw7B8 tmt4GGTCRO+c3ZRq748dgTccOGN9vyQVOPlUrO2fpI8xIyEmcVm7P35VgxR9uTCV VaDDMlgh8ffdxGguR7uUHV9UFLppVjdPTIcfwO8eV54OD5NhYHa2Qg9TN4J1gdmx 7AK1jU75ULOB3bOkUD8fCcT20hisjfAZklk1fPjALT37seC53U2ePPAAON9TwUBw h6fhCF9w9kL2kGbtXBJAXmxrx1CPJanJEbr/Lu/lQj8cgNn0suQ4PL2PWvVFNSUY 0K7oYvE2ktbLD30quzero4na8h5ltSMYFgL5bE5LmXdeXL6B1FRGOIDAyRJ2/JCA ==
X-ME-Sender: <xms:oMgmYf2CDLJcGFq-eWsc5ZjUltRTLfDDZPCOKOuKXibCKgZiYDPSsA> <xme:oMgmYeEvNXyQZtq54qczjx96SQNG897So67JGA0g4WWXpeJPilIt3rZrIT8X3u9qD 65Nc_5O79U6YwtKkHo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddruddutddgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeeiudegffegveekgeffhf duieffhefhvdegfeefveetiedvhfdvkeeugeehjeeuheenucffohhmrghinhepghhithhh uhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:oMgmYf7gdeSAAtpqfmOryAxAUBXXU7bUutsMYun8nXiKLrhUYV0Xvw> <xmx:oMgmYU1sYCGLvPmu-15ToUBzIun-GgEZUwuc-woZvAi8ykiK81yFeg> <xmx:oMgmYSEPm7CwdtsUYKJZPriRTu-pmvGhovySlEOY00gnJag3gJDgyw> <xmx:oMgmYWRw2Vb1ZO8QijtuoNKxbga3x3WJTfXVjNLbZB_d5AhlkliBYQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4A2713C0EB8; Wed, 25 Aug 2021 18:48:00 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1125-g685cec594c-fm-20210825.001-g685cec59
Mime-Version: 1.0
Message-Id: <d46d591e-dd7a-4c8d-adf2-51af35a9ab9b@www.fastmail.com>
In-Reply-To: <162992678842.24698.5716795188321150760@ietfa.amsl.com>
References: <162992678842.24698.5716795188321150760@ietfa.amsl.com>
Date: Thu, 26 Aug 2021 08:47:40 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ohttp@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/Slju6rbXcXbAkriPX5mgzcXoCrc>
Subject: Re: [Ohttp] Benjamin Kaduk's No Objection on charter-ietf-ohttp-00-02: (with COMMENT)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2021 22:48:09 -0000
Thanks Ben, I think that the biggest piece here is making it clear that we aren't inventing new crypto. We don't need to, and we aren't, so the charter probably shouldn't allow that interpretation. In line with that, I've reworded the "key configuration" stuff as well. I'm also removing "data submission" (I am aware of concrete plans, but that text is too vague to be useful) and we have enough items already. I hope that https://github.com/unicorn-wg/ohttp-charter/pull/8 does the job. On Thu, Aug 26, 2021, at 07:26, Benjamin Kaduk via Datatracker wrote: > Benjamin Kaduk has entered the following ballot position for > charter-ietf-ohttp-00-02: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-ohttp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > The new introductory paragraphs are really good; thank you for the > rewrite! > > I don't think that just using "encryption scheme" as a shorthand for > "not new cryptographic primitives" is very effective; we should probably > say something else about "encryption <something-else>"s that are > approved by the CFRG/etc. > > However, if the proxy and server collude, then neither of these > privacy properties hold. > > I'd consider saying something about how both client and server have to > have trust in the proxy to behave properly (though exactly what they're > trusting the proxy to (not) do is slightly different for client and > server). It's less clear whether it's useful to say something here > about how a colluding client and proxy can attack the server. > > Examples include DNS queries, data or telemetry submission, [...] > > "data submission" seems pretty vague/broad in a way that "telemetry data > submission" does not. > > the relationship between client, server, and cooperating proxy is > typically configured out-of-band. > > Is "is typically" really appropriate given that OHTTP doesn't really exist > yet? > > The working group will define any encryption scheme necessary and > supporting data formats for carrying encapsulated requests and > responses, plus any key configuration that might be needed to use the > protocol. > > Is "key configuration" meant to encompass (abstract) data structures, > data formats, and/or protocols that convey those data objects? > > > > -- > Ohttp mailing list > Ohttp@ietf.org > https://www.ietf.org/mailman/listinfo/ohttp >
- [Ohttp] Benjamin Kaduk's No Objection on charter-… Benjamin Kaduk via Datatracker
- Re: [Ohttp] Benjamin Kaduk's No Objection on char… Martin Thomson