Re: [Ohttp] Is the use of this work likely to help miscreants more than those in need of privacy?
Martin Thomson <mt@lowentropy.net> Wed, 16 June 2021 00:01 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D83A3A4309 for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 17:01:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=SJ8GTCyo; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=kI5yD5HQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3HP46kCMGn0I for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 17:01:26 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECB7D3A4308 for <ohttp@ietf.org>; Tue, 15 Jun 2021 17:01:25 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 647BBB59; Tue, 15 Jun 2021 20:01:24 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Tue, 15 Jun 2021 20:01:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=NFM1+ 3AY1YwzCdfvgwEiy16ZrSkaBKydz9g8emiudI0=; b=SJ8GTCyoai/oRJWHBi08d MZJl4jO5FROCWKoQ+skibfHJdvr2vmmGXnZNfoGKThe981GOxUYLRUX6C0BBYdyd 7GVaySDfGz8BdltVESbBLRu6SRb6okW035uLtJ2IEZ85FeOGKLw5ekhfzn/s92t+ LEcYmmPiAzD021a/KR800p9hiHmXL12niz3wDCYCraYSF2v9dC5kk0+HrS3WGlCm mZuN0O6b4Yc7Obh1nnHb1DsJLPQdU3H5/jDPMVe1GpnGQW/rYugKrffy9IFEJG/E KVQj0gbkKp3f6DGjZzd7MZmE2pc4C96kSf7UhqTxVNa+rwWXNzEIKXyIFFA7pjyk A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=NFM1+3AY1YwzCdfvgwEiy16ZrSkaBKydz9g8emiud I0=; b=kI5yD5HQ7UgOidThHhSQiIGg3NJ3AzP1UqLCIMGPM5jQZsux0Ti5qnXas 4SCBTzivJDVG0nizs13DzyvwAVEVe6y7ZWDfLIPtKJsav+VGpOPIs84C3Sdr6PUF qb/EVsh/QRmPTCbU2G/puMy0ddMTiiHXFE1xmJCgeDXpSaxvhQR1WHSmJxsCiFeI NfNx8ODxwqA5uJ23utRuPdIcmyKGIpDK1Cb9/NTuwYYqSSK4qCGk72tmASsq5tba ks94Lyr1wgWi8FfGrlmklpO7TGN5BVtylV/Y3etLbMRbVs3nmuK+Jsg4FBG7O2OW yT3Fiys5/AxDyhhC70Bsx41NcFU5w==
X-ME-Sender: <xms:Uz_JYOXoluVaZwNsNlv6VC4YnFCR1aVqnSh82bC1gx_4H8-fFUpQaw> <xme:Uz_JYKkDkedhEMAMPqQvu8utc7hjy1jCBK69lcYgvH-h0zKL9ZaVEJwMKL5j2rhT2 PNv8LmpTUUEbd5CPxA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedvkedgvdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpefgjeeuudeiffeltdegleehjedvtedtjeduudehgfegfefgkefg ueeiteegffdttdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:Uz_JYCa9NMebxmk904eyWt1pB7T-xhEG-QLNeEWRhBCs2Wu7AfbQBg> <xmx:Uz_JYFUZUMuk5bO_8H7-Slze-mv5N_QS-tFFVd1V8H9oqX8EjbUMcQ> <xmx:Uz_JYInrfNT4f21O9AvjbjlMWoHW8dYEzmrdofApb5f5hhBKYs8GGg> <xmx:VD_JYKSiKNmTh5cfz--SToMTYo5NJd4CR2dBYE-Swx3HdMoC4SaHJA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 498B74E00FD; Tue, 15 Jun 2021 20:01:23 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-519-g27a961944e-fm-20210531.001-g27a96194
Mime-Version: 1.0
Message-Id: <0c08b181-1342-47a5-b4d2-baf958473082@www.fastmail.com>
In-Reply-To: <37501bba-fc1e-7fa5-fadc-3e00e16af3fa@lear.ch>
References: <25f05f9a-ca84-50e1-0d36-7b4dd03ddf65@lear.ch> <0082f492-aed1-49ed-898d-dbf313fb8600@www.fastmail.com> <37501bba-fc1e-7fa5-fadc-3e00e16af3fa@lear.ch>
Date: Wed, 16 Jun 2021 10:00:55 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Eliot Lear <lear@lear.ch>, ohttp@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/_WBv0D7qtiGomVw23AAwSWku5oE>
Subject: Re: [Ohttp] Is the use of this work likely to help miscreants more than those in need of privacy?
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 00:01:31 -0000
On Wed, Jun 16, 2021, at 06:21, Eliot Lear wrote: > Harumph. I think who the proxy is supposed to be working for is pretty > fundamental. OK, let's talk about that some more. The draft goes into a bit of detail on this point, but it is probably worth rehashing. The proxy is mutually chosen by client and server. Both trust the proxy a tiny bit. The client trusts that the proxy won't reveal links between its requests. The server trusts that that proxy will not overload it. That's just about it. There's a little more to the client trust in that the proxy might need to do something more about traffic analysis, but that's somewhat less concrete as that remains an open-ended problem. Relying on trust is a point of difference from systems like Tor, which assume very little mutual trust. Take a concrete deployment example. Mozilla has identified several classes of telemetry that we would like to collect. We split that into stuff that is safe to attribute to users, stuff that might be a privacy risk but only if it is aggregated, and more sensitive stuff (and of course there might be stuff we decide is too dangerous to gather under any circumstances). We use direct submission for the first, ohttp for the second, and MPC-based designs like Prio for the last category. To deploy ohttp for this, we contract with an independent third party who we hope our users find trustworthy. For the server, they agree not to allow spamming; for the client, they agree not to pass on IP addresses and the like. Yes, in this, the proxy would formally be deriving support from Mozilla, but as vendor of both client and server, that's the only option. As far as it goes, that is what our Prio deployments look like as well, to my knowledge.
- [Ohttp] Is the use of this work likely to help mi… Eliot Lear
- Re: [Ohttp] Is the use of this work likely to hel… Martin Thomson
- Re: [Ohttp] Is the use of this work likely to hel… Eliot Lear
- Re: [Ohttp] Is the use of this work likely to hel… Martin Thomson