[Ohttp] Centralization and deployment models
Vittorio Bertola <vittorio.bertola@open-xchange.com> Tue, 15 June 2021 12:35 UTC
Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EEB23A2E0A for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 05:35:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOV19gqqEnM4 for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 05:35:19 -0700 (PDT)
Received: from mx3.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 544AE3A2E0C for <ohttp@ietf.org>; Tue, 15 Jun 2021 05:35:19 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id 645416A0E6; Tue, 15 Jun 2021 14:35:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1623760514; bh=np8PxWTzhmYbAIu/7YF5Mi7F92CI6OuAkiEw9xIQa1c=; h=Date:From:To:In-Reply-To:References:Subject:From; b=6o5A7meJi+3ixYcb79uvuPAArkxTUDEeTibollLjM24XaUf9w58ZE4pgkDiG3Uqmz G2jMUjusBVtI7bOrAQRdI/ttwVNx7G/s7UM7p2lcI0T0cVuLFlvL2p83JRZFMNj4R8 eBdCG8wERo+1PJkQe80HG96L6BkJpnq3fmxqDX41Mt4pURVM+XVkcKdRlNOvYDPwlf 7GnJcxSMx4qo8gqEHo1WhBx0UMJq8YyzjdrI7g2rANrIOpignUVVV7MZtpJoqEpJgX ntxqLpSLAPyOpNHa444AHtiWMlnlO+FmFesX8reljILHN8utPM4k9A0h3qu3K6hT7l urGVFWwZMFbaQ==
Received: from appsuite-gw1.open-xchange.com ([10.20.28.81]) by imap.open-xchange.com with ESMTPSA id abFaGIKeyGD/NAAA3c6Kzw (envelope-from <vittorio.bertola@open-xchange.com>); Tue, 15 Jun 2021 14:35:14 +0200
Date: Tue, 15 Jun 2021 14:35:14 +0200
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Martin Thomson <mt@lowentropy.net>, ohttp@ietf.org
Message-ID: <2009158400.9760.1623760514335@appsuite-gw1.open-xchange.com>
In-Reply-To: <4f21995e-1fa3-4813-bfb4-42d117fe7f2e@www.fastmail.com>
References: <4f21995e-1fa3-4813-bfb4-42d117fe7f2e@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.5-Rev14
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/Ztuf6HsmYj50JtqawUNMm_jM6GE>
Subject: [Ohttp] Centralization and deployment models
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 12:35:25 -0000
Hello Martin, Thanks for responding - I'm also separating my part of the thread. > Il 15/06/2021 04:02 Martin Thomson <mt@lowentropy.net> ha scritto: > > Vittorio asks: > > > If the same entity controls the proxy and the target, what's the actual gain in privacy? > > I don't think that anyone is considering these two resources being operated by the same entity. I was actually responding to someone else who had just made that assumption :-) > Vittorio also speculates: > > > ... we end up with very few global providers managing the proxy layer ... > > I think that sort of speculation falls firmly in the FUD category. Yes, it is fair to consider the implications of what we build, but even those of us building this don't have enough information about how this might turn out. I don't think this is FUD. Indeed, it is speculation - if this work succeeds and gets broadly implemented, it may or may not happen. However, I think that we have all seen sufficient cases of centralization in sibling situations (DNS resolution, CDNs, whatever) to think that such an outcome is at least possible, perhaps likely. So I think that we should consider the possible implications on Internet centralization from the start, exactly like we need to consider security and privacy impacts. > I'm not opposed to saying good things about important issues. If you have specific text changes to provide, that would be helpful. Understood. Let me give a thought at this. > > there are sources that need to be recognized (e.g. bots) and destinations to be blocked permanently (e.g. illegal content) or depending on who the user is (e.g. parental controls) > > You might need to say more about who you believe is acting in each of these cases. > > I get the bot example, but that can be accommodated by not using ohttp if necessary. Or by using something other than IP (which might be better anyway). Why would someone deploy a protocol that prevents them from accessing information they believe to be critical? Again, this depends on deployment models. Would OHTTP proxies be anonymously available to the general public, or would they require user authentication before use, or be restricted to traffic from specific networks, or specific devices, etc? If I get it well, some of these models, as Eliot also pointed out, would allow any botnet author, spammer or whatever to use open OHTTP proxies to hide the origin of their abusive traffic, and even the proxy operator would have a hard time distinguishing that traffic from the legitimate one, as they don't have a way to know what is being requested. As a minimum, I'd think that a new standard should include deployment recommendations to prevent the worst scenarios from happening, or explanations of why those scenarios are unlikely or unattractive for abusers. More generally, I'm not against this idea but I think it could have significant unintended consequences. I think it's fair to ask that, differently from what happened with DoH, all the foreseeable consequences are collectively discussed and understood before finalizing the standards, so that no parts of the Internet community are taken by surprise. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
- [Ohttp] A few responses Martin Thomson
- [Ohttp] Centralization and deployment models Vittorio Bertola
- Re: [Ohttp] Centralization and deployment models Martin Thomson