IETF Logo Mail Archive

Re: [Ohttp] Zaheduzzaman Sarker's Block on charter-ietf-ohttp-00-00: (with BLOCK)

Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com> Fri, 18 June 2021 09:06 UTC

Return-Path: <zaheduzzaman.sarker@ericsson.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE8E83A0771; Fri, 18 Jun 2021 02:06:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DN56jvP8pqM9; Fri, 18 Jun 2021 02:06:11 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130078.outbound.protection.outlook.com [40.107.13.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B20103A0770; Fri, 18 Jun 2021 02:06:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Uzzvh19KOwQTtUr05QOejBO89hFQuuoV1tgrwKKG4k0nb8ITUmBwVKrQlC7HivLDvmTP/43SUdAfJ/A3zxz+DDN3Q0yhiN3aR3I3kJ2ZpW8DuDDdMpz61n/Zf94CrfstV1YS9xBGcgbT/sZK+mdB8NoFSpkHd5oy1NH2va58ZAp3/onki3LB45fmsf0lk8JPdmoRl9CHdxcRDiQFWDYzBUoBC6RDwxACP5VJCe/0Q67VZd4T9KsW2jIoUq1EW6kjinQHrPslaE7xsvAQz2DjgIvfKGP7q4qNym3kC+xnu0E10j069FOEZ+5CwQ7GmtIZMsx80I0BYVUpbNYyLbPJlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qb37UF7fLUiiZiuOJ1ajTLVWIenyTdSQ6hrrBXjCe2Q=; b=NcUD1vLvnmapT4dVsQ6MVgA3ybLeSITacnDozB76JKNx210dTsfKyBHSQ9vd28EpOSUpoduCisXrZ6idy3NDld2KdYu7q+2ATiCAbD/YvtqF2B+TmLJLRWb1JPUcwkOphbzBKv88Kcn9JdEt3zb5jDQmJhKYXMpIF+HTl46gA/TMyCULUn6gqBs2rH0ZF4L/iejDdwA6oZcwPGBIm/j52+IUry/ZdF64+iTvCjFbCMuCh9vJqeKAmAkjTB/le8t1s+a6n9pKFslBs8CjojHJklTYDAa6yYlIoQxy5Ah6KOfSt1JvTZOHHozqH2EjT9IQyN103E6GQ9zGcuOxu6MXkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qb37UF7fLUiiZiuOJ1ajTLVWIenyTdSQ6hrrBXjCe2Q=; b=TVSRFvLHUn8ESirL/m4AeXpIS6QIr1C+fbFQcM+Qz0gqFcSDS0vVeDBfppXsoz5Fo0LIqyD+d3wxuONmzYcW2yG5YGHHwFL9Gsf++ZTRNc5GbOMQwiUjWOUMDzvG66N3uPjF0b2W/Z6EYsP/piHAiubmSAbJBj1mZoK+Ctyvp9U=
Received: from HE1PR07MB4187.eurprd07.prod.outlook.com (2603:10a6:7:98::23) by HE1PR07MB4188.eurprd07.prod.outlook.com (2603:10a6:7:9e::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.7; Fri, 18 Jun 2021 09:05:53 +0000
Received: from HE1PR07MB4187.eurprd07.prod.outlook.com ([fe80::9009:1473:2b0:160d]) by HE1PR07MB4187.eurprd07.prod.outlook.com ([fe80::9009:1473:2b0:160d%7]) with mapi id 15.20.4264.010; Fri, 18 Jun 2021 09:05:53 +0000
From: Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
To: Martin Thomson <mt@lowentropy.net>, The IESG <iesg@ietf.org>
CC: "ohttp@ietf.org" <ohttp@ietf.org>, "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org>
Thread-Topic: [Ohttp] Zaheduzzaman Sarker's Block on charter-ietf-ohttp-00-00: (with BLOCK)
Thread-Index: AQHXY2Y+3SCqwdOFNUGbiGermmWgv6sY1bgAgADHSQA=
Date: Fri, 18 Jun 2021 09:05:53 +0000
Message-ID: <58D1243B-D7E0-431B-A124-22F1D3F581ED@ericsson.com>
References: <162392685980.9639.17048456192736231833@ietfa.amsl.com> <2335b22b-b98d-4e7f-8481-62c8b146c70f@www.fastmail.com>
In-Reply-To: <2335b22b-b98d-4e7f-8481-62c8b146c70f@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: lowentropy.net; dkim=none (message not signed) header.d=none;lowentropy.net; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9321c688-c22c-497c-429f-08d932384681
x-ms-traffictypediagnostic: HE1PR07MB4188:
x-microsoft-antispam-prvs: <HE1PR07MB4188CEFB6DDCA0E298FF25489F0D9@HE1PR07MB4188.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sVmM2jkdx8VzY02CjZ2G0fd3LiwHGgI5CZ4uMsublrGOjyXMObdRQXjEAWUyIgx53XTfTggL8GC4L60Exo+Gb0SO3cAiv1gfhHJ6h/LSPDhwchLphkO7BSZGuz77caoqtfPB14TmIWzVPbXmMENhj+diiWtgqLttkC/knUQxgCT84Ya1x9g6o4hjd+CIWO8ONEoqNQ+zA3XdYl0PejnmjgPZa8yfqr1NwydJ+K2o0rZ+LBlBDMfxtEbyp15+3Xuik3ttteizG6nJtMZJyIjTlNeybHPnZSkQVbp4bVh+kFJVyVmyx0D22xm4b9sD3Oj1eqXJYbCRrp3zLdbJkE20NAXhrKRP28dfgvi98bq5jUPizHvd0GrZ3q+LSZRYgRaI+mrTEFmo5zttvrg0T/5KCyXT4oPBDsKuJAsW4Dtj0j57vQdUtPgNJpXrjuc3Muw8IAoUqvZOR2/yKh/1ziLxslBn9T2Ydf5rbw84TarCjg7OehIpmQWFTbtvrbTIX3xfmGYpwPv43uaMpg5rnXFchFGI/eyUCmuNpnAVmqqIpZr1IMuZ5w/Wy/1io9XH9qwcNNWZlWSDJEKzJyDBxkpz4/ihrTuJpNQPFPweMX52ZJtUmFRUeQ8z+V7y6unsTi+bFEKU4HnasWJEQ1JX16qIiAlaERWurRM018VTOffJtVg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4187.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(376002)(346002)(136003)(396003)(8676002)(6512007)(83380400001)(8936002)(6486002)(44832011)(2906002)(71200400001)(2616005)(110136005)(186003)(33656002)(4326008)(26005)(36756003)(6506007)(64756008)(478600001)(316002)(66446008)(66946007)(86362001)(76116006)(66476007)(66556008)(38100700002)(5660300002)(54906003)(122000001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2w71W/O/RhZmK1OlmRPM09K0OU+OZmVT7KuTel1/SxZ+hLM/EPyByBaJTj5gWaG9940GU4fPVVZLTLDS3Gzq9tDxmfTIodiF0wEJrjEFCSXq9lJz+HTfMYyciiOcIleUivaEmZLG8rr6XNuKlhug1dbZzWwLs6nQ6yOk58bq9WxuGVCXejz+NK9v/sRGqMO7U9va9kcBNx5Sho3XK8lzEA4bk5+YZ2EFQElDLDRqS8ft+eUWeuYEAtOQ5ydCba/emCVELtA6Ff9X+APZjqD9ysajrvnhgZbgVnsT0gOQfmc0pIoBTrNG1NMcmBEBisflD518lvnjOJYCKMMM/ul8KJodwE1eKGwAz+lJu1QMibMtQUoNfTNkC3MlKYHrK+t7xz8TwPAjW1+atpxRb7eJmhCz0tO+2IKCcyZOHxRktQb2DL7JqtGo2AnjsN0c8WRVBxrQ4T9D+2an63eLrNav+caTbe1LiiC20q9BJQMarhyLA1yEYilu6MuukxYOiHFTO3CdgYefSpcFqcOTT7/h4FjAHINcvhbfkOD52S2CpBkS0JS8OPq7EEaCWm0CuMQAh/zRU+b2W6zwf475YKv4Fc732kHD9uu9rfxzEpOMKNHHlOLtVV6tQmUadtsckPBSxnfzo/sz5icRsImj94bJcnpOV5R9aGGns1+sg/SIWOpAosP45PAi+bqLcVCKIl1MsRxjeye8lft9MTvGrGcnsnkBwBENiiMmNF8CYKxqdQuXNjuGNQijcyILDup1Bv6YgOVLBGA0Cdag8HpEIRMOq8E7F7WuZ7/+JG2CVOdHVXnhEYaBz3MuOyQ/JRWxC2NWCTAkGkpd/oVvGmkXy0HEuiiUSe9RGgd9I8kB+SQ8E+XSy0+YxfAXdnSr9HLjfV2VYfmeDqgVez4D52PddcMlMHSQpqjDAjOTrCP9UKDxqrQwJd+xm6wo2s5jplpalSA5aVNKL7cFirIMqp+16YtDnJliugwE3VNpB56HtMWCB4hszYky/aEOPFiYxE7samzQL3zHpGIM6RcTTkjuZCMDIB3ZA6mFO8M7mlzwN+B0WDLmYUAujX+C7+Tch2inPH30Bu2k7Lc4xOlkv8qeggWcYr8yXeYd2DUnvbtmAh3nT6I7RSVJ7cAV2cSDCm+wkS2QPomiEUpK0r5d0qYe4qboMi1yIpIDta4Y1T1gdiSVZBf46WKLXR8rGV/13P7agjn9bSZPNnzEWc0B1zLnGwjuBvY1KXFURK/rUJ5ETbgcB11Sf18r98D32lESDr/2V4Hf8FyxQD2cTnG6roKIa6vULUwsFohNvBhuQEjyBgYbw593Sg27v0zGHa5SDV60W4f0
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <6939158103A9CF44BB2D2867CA15D5DF@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4187.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9321c688-c22c-497c-429f-08d932384681
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2021 09:05:53.1120 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YD+dGYoDaF9ule9u0ewcuOH1hB6D/RO+I215LXQSTjI1EJ61e7y7/IPwNf465+NQ2wqhj7el7hFMZRhjPFi4gq52RkG0CR/Wq2QpO0ZyQNVLQPX46/qz4OohH6Q/gfQH
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4188
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/cI4mIhetRD_p8BibCp-WJjlisKE>
Subject: Re: [Ohttp] Zaheduzzaman Sarker's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2021 09:06:16 -0000

Hi Martin,

Responded inline below with prefix [ZS].

On 2021-06-18, 01:13, "Martin Thomson" <mt@lowentropy.net> wrote:

    Hi Zahed,

    On Thu, Jun 17, 2021, at 20:47, Zaheduzzaman Sarker via Datatracker wrote:
    > **  The client is responsible for creating the request and the information it
    > shares with the server. I didn't find any hint in the charter about the work
    > needed to actually inform or configure the client to restrict the use of
    > sensitive client information in the requests. I get a feel that the  current
    > charter is more focused on communication security and method to invoke the
    > communication security, which kind of not really solving the actual problem of
    > preventing the client information sharing with servers.

    I don't think that a charter needs to address this question.  We don't specify in HTTP charter or specifications how clients decide that a particular resource is interesting enough to request.

    In this case, the draft does address the question, though obviously that could be improved through work in a working group.  Why do you think it necessary that this detail be addressed in charter?

[ZS] I am not looking for any details about the answers in the charter rather clear statements on the fact that client is ultimately responsible for creating request and putting information, here in the working group we will only work on the method and encryption mechanisms needed to provide a solution for the clients who don’t want to share information with the server. I felt like this is not clearly stated in the charter and that will let others think about the question I raised. 

    > ** From the charter text it is not clear what are the particular settings that
    > will invoke the use of ohttp, didn't got any single example to get the context
    > correct. This kind of making the scope of the working group a bit fuzzy, like
    > Rob wrote, not sure if this is a general http related work or there is a
    > particular usecase in mind. I think the charter should be more clear about the
    > context and use case if this is targeting a particular setting of http usage. I
    > am sure there are known cases where ohttp make sense, we just need to print
    > them in the charter  text.

    I think that the discussion on other BLOCK positions has answered this already.

    As above, I don't agree that charters need to carefully plot out the precise applicability of a protocol. 

[ZS]  I believe if a working group is working on a very specific problem that should be clearly stated in the charter. It is not uncommon that people find one solution designed for a particular problem useful to solve other problems but that will not be the responsibility for this working group.
 
 But ensuring that the protocol documents applicability is worthwhile.  As I noted, the draft has a section on applicability; would it help to add something explicit to the charter?  Something like:

    > The OHTTP working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure.

    Does that work?

[ZS]  That will work for me.

    > ** I believe, the linkablity cannot be solved at a particular protocol stack
    > level. Like the source address can be shared with the server in different ways.
    > Oblivious HTTP, likely to play a part at application layer but work need to be
    > done in the lower layer as well. I think it would need to discuss the potential
    > relations with other protocols that might be used with HTTP to achieve what is
    > desired here. The charter should acknowledge such relation very briefly and
    > should state if those work needed in lower layer is within scope or not.

    That is work that is more appropriate for a working group in the context of a protocol design.

[ZS] So this is not in the scope this charter. Then I think it is better to spell it out in the charter. 

    > ** I am missing milestones.

    Me too.  It happens to everyone.  I blame the pandemic.

    Seriously though, I thought that Francesca had fixed this.

[ZS]  __, It will surely get fixed. I should have not put it my blocking statements rather in my comments, rookie AD mistake from me.

v2.23.0 | Report a Bug | By Email