IETF Logo Mail Archive

Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)

Christopher Wood <caw@heapingbits.net> Thu, 17 June 2021 12:43 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55FFB3A1E38 for <ohttp@ietfa.amsl.com>; Thu, 17 Jun 2021 05:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=atX7oULS; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nicMlUBT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7hnMROG3BKc for <ohttp@ietfa.amsl.com>; Thu, 17 Jun 2021 05:42:55 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 928793A1E3A for <ohttp@ietf.org>; Thu, 17 Jun 2021 05:42:55 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 908691417 for <ohttp@ietf.org>; Thu, 17 Jun 2021 08:42:49 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute4.internal (MEProxy); Thu, 17 Jun 2021 08:42:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=dqsVX uAdBsR5m81nlPQuqiuGIad0s2Z9Js4LnfDN/ME=; b=atX7oULS9h9ldMqJ1CYaS oa3911MG0Wfp1hIDbXNbAf7cRC4mCNwSSvaI2t1SNjsqLsH7ymMOUcnnMTWLcbIa beQzO1hkUSlukta862ZnXrZz1w/OWbQZK5WA6lNLtwzfsIycJqynwN9fl+Ek24nW XwlcCj4ys5nDUEiDpUCTAhM5oMF6ujaMGcgR0mOUZsAoEDvjAMO2jk+HFadIN3F4 nmYbjSSyQulP0RRUXVhi+4mWQRE8xrlOjqjlsKQduOIl1OWTmILYf6NJeS5Ch3J3 kzECIDnl+XnPS7pOduStv5l5UA7EbLl+ASno9uxHY+kEsgZCP1RRqmsAf2fm1i/s Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=dqsVXuAdBsR5m81nlPQuqiuGIad0s2Z9Js4LnfDN/ ME=; b=nicMlUBTFoBUPISievgQd3cVTkcoDZb/5cmUzHK5CgRRTS7/5Nro0fSXT 9gHYsWzTOoMFgEaHtnO2sw8AwCSnu+f4dC3Bi6vror0ZxE7PP5VtC9NvpGtbKrMP dbwYIw7BaRaqW5bAyB2IL5seJuEiAbZAgjW9XIYKqV8EqOZATnxyPkTSdqc7Tld3 LnxpS5fCOzz/eyiksnxeZiTeEb/YPls/sq1qU1Vw+CLnrdxlf1OLoXOuSdd4g+yu NN+aVgGr6wF6RQsdBdjufdb5PT78x4bN5nntgT87n8YC3OiAMJ9dpVvLX+BZNPNC qQJZIk9cgX2/Ap5GypetpDWpfDMRg==
X-ME-Sender: <xms:SEPLYBTG5Ov1qu5sjYUqjZp7OgE9VRthQLIg8QhI2iIAG2doYSAYQA> <xme:SEPLYKxqxDQywQIimvUMqLKT-4MdOt16FQbbANIr4qBYPv8-3dPKAaZz-KyL51V75 ZNszk4rqCcrp55tAm4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeefuddgheefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggr fieshhgvrghpihhnghgsihhtshdrnhgvtheqnecuggftrfgrthhtvghrnhepteeivdelff eftddvlefhtdfhvdfgteffhedtjeelgfehkeelledvudffledtleeknecuffhomhgrihhn pehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:SEPLYG1LaGWMHXnbGF7BUZvweiKpgwAvWhtl7CEeQoOdmmO6vp9x9Q> <xmx:SEPLYJB3izTvNWd4aALPH1bHOqUh8UUcut9cTMsuEffRbIShN0Hcfg> <xmx:SEPLYKgM0QGqQSlVXkj3izXaH1S6y-8rkxzi_VjlRDf6fqOrADynmQ> <xmx:SUPLYFtfuBgsAwdlAsk64Bzjx_dgUXElCyjxH263sGnneiDsPByqhA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8DC081603B2; Thu, 17 Jun 2021 08:42:48 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-526-gf020ecf851-fm-20210616.001-gf020ecf8
Mime-Version: 1.0
Message-Id: <6978b93e-2560-4001-849e-67819df5edf5@www.fastmail.com>
In-Reply-To: <126107E9-B27C-458F-9947-691398E20969@cisco.com>
References: <162383653561.1023.5027949292786523303@ietfa.amsl.com> <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com> <126107E9-B27C-458F-9947-691398E20969@cisco.com>
Date: Thu, 17 Jun 2021 05:42:28 -0700
From: Christopher Wood <caw@heapingbits.net>
To: ohttp@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/dXf3FOZfAy5xYnCZXh7PsOOJKRA>
Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 12:43:02 -0000

(Top-posting, since there are several comments that seem to stem from a misunderstanding.)

I'm not Ekr, but I believe by "coordinated by a single entity" he meant that the _choice_ of proxy and target is made by a single entity. One example given was that a browser might choose the proxy to use for sending telemetry to a manufacturer, which may also be controlled by the same entity which controls the browser. This does _not_ mean that the proxy is also controlled by this same entity. (Indeed, as you observe, this would obviate the benefits of the protocol.) It simply means that the in the deployment envisioned the selection or and relationships between non-colluding entities is pre-arranged by some entity.

Does that help clarify?

Best,
Chris

On Thu, Jun 17, 2021, at 5:28 AM, Eric Vyncke (evyncke) wrote:
>  
> Hello Eric
> 
>  
> 
> Thank you for your detailed reply and the explanations. I still 
> consider that the topic should be presented to the community during a 
> BoF where a longer explanation and Q&A could be done rather than a 
> 30-minute session at secdispatch.
> 
>  
> 
> If you do not mind, then some more from me below, look for EV>
> 
>  
> 
> Regards
> 
>  
> 
> -éric
> 
>  
> 
>  
> 
> *From: *Eric Rescorla <ekr@rtfm.com>
> *Date: *Wednesday, 16 June 2021 at 16:35
> *To: *Eric Vyncke <evyncke@cisco.com>
> *Cc: *The IESG <iesg@ietf.org>, "ohttp@ietf.org" <ohttp@ietf.org>, 
> "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org>
> *Subject: *Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: 
> (with BLOCK)
> 
>  
> 
> > I have many concerns about OHTTP (see below), which may be shared by the
> > community. Therefore, a BoF is required before creating the WG hence my BLOCK.
> > We may also wonder why creating a working group for a single document and
> > whether ART is the right area but those points are details.
> 
> Perhaps, as Mark Nottingham suggests, it would simply be easier to
> have this work done in HTTP, thus addressing the "why create a new
> WG question", and making this proposed charter moot.
> 
> 
> With that said, I think perhaps you misunderstand the setting in which
> O-HTTP is intended to be deployed. I.e., it is not a generic proxying
> system like Tor but rather one which is designed to allow the client,
> server, and proxy to work together to conceal the client's IP address
> from the server. Indeed, the most natural deployment scenarios are
> ones in which the client, origin server, and proxy are all coordinated
> by a single entity. For instance:
> 
> 
> EV> Indeed: I misunderstood it; it is clear neither from the draft 
> charter nor from the I-D
> 
> 
> 1. A browser who wants to send telemetry back to the manufacturer
> while concealing the IP address. In this case, the browser and
> manufacturer are controlled by the same entity, who also arranges
> for the proxy, which is preconfigured into the browser.
> 
> 
> 
> 2. Oblivious DoH (in a TRR configuration). In this case, the client
> and proxy might be operated by the same entity who then has an
> arrangement with the DoH server.
> 
> 
> EV> I understand the requirements and the use cases (thank you BTW), 
> but, if all the pieces are from the same entity, then I wonder what is 
> the purpose of the machinery ? I could understand OHTTP if the 2 
> proxies are operated by different entities but with one ?
> 
>  
> 
> 
> Note that these cases are largely maintaining existing topologies,
> but merely inserting a proxy. Moreover, as noted above, these
> relationships are largely static.
> 
> 
> > My concerns are not all technical ones but include:
> > 
> > 1/ What is the incentive for the proxy/request intermediaries ?
> 
> I don't really think this question is in scope for WG review.  We
> don't typically ask why organizations want to do things, but merely
> whether there is interest. I think it's clear from the discussion
> leading to this that there is interest and I can tell you that Mozilla
> is looking at running such a proxy, as are others who may want to
> speak for themselves.
> 
> 
> EV> see my point above, what is the use of it if all function elements 
> are controlled by a single entity ?
> 
> 
> 
> > 2/ Depending on 1/, we may expect that just a couple of intermediaries will
> > exist, this leads to centralization to a couple of parties but also introduces
> > a single point of failure, scalability issues, and easier censorship.
> 
> This is irrelevant for the use cases of interest, as described above.
> 
> 
> EV> agreed if this is limited to those use cases but it can obviously 
> be extended to any HTTP session.
> 
> 
> 
> > 3/ While OHTTP would be able to 'hide' the good guys from  bad
> > networks/servers, it would also protect the bad guys who can then easily attack
> > servers; leaving servers defenseless as they cannot protect against an attack
> > by blocking a couple of IP addresses without also impacting the normal users.
> > Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not
> > have the bandwidth to be a DoS vector.
> 
> This is an issue to some extent, but because the relationships are to
> some extent static (i.e., the server does not expect to receive large
> traffic volumes from arbitrary proxies), it is less than with a
> generic proxying protocol. In general, servers are going to expect
> that proxies do anti-DoS. With that said, because the O-HTTP requests
> are wrapped, it is possible for the proxy to provide anti-DoS
> meta-information (e.g., IP reputation) that is more difficult with a
> generic proxying protocol.  Moroever, unlike a generic proxying
> protocol, we don't expect ordinary HTTP servers to run this, so the
> risk is easier to control.
> 
> 
> EV> understood, but, far from being clear from the I-D and proposed charter
> 
> 
> 
> > 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in
> > democratic countries will become less and less able to achieve their tasks.
> 
> I don't think this is an appopriate consideration either, for the
> reasons indicated in RFC 2804.
> 
> 
> 
> EV> hence my ‘and perhaps less important’
> 
> EV> and in the described use cases above, this is not even relevant at all
> 
> 
> These detailed points aside, these objections seem particularly out of
> place in light of the fact that the IETF is presently designing a
> generic proxying protocol that is designed to work with any server,
> without modification (MASQUE). All of the considerations you list
> above apply a fortiori there (and, for that matter, to RFC 2817 HTTP
> CONNECT, TURN over TLS, and any VPN protocol we've designed).  Given
> that O-HTTP is a more limited system than all of those (differing
> primarily in that it is optimized for single request/response pairs)
> it's hard to understand what the problem is.
> 
> -Ekr
> 
>  
> 
> On Wed, Jun 16, 2021 at 2:42 AM Éric Vyncke via Datatracker 
> <noreply@ietf.org> wrote:
> 
> > Éric Vyncke has entered the following ballot position for
> > charter-ietf-ohttp-00-00: Block
> > 
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> > 
> > 
> > 
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/charter-ietf-ohttp/
> > 
> > 
> > 
> > ----------------------------------------------------------------------
> > BLOCK:
> > ----------------------------------------------------------------------
> > 
> > I have many concerns about OHTTP (see below), which may be shared by the
> > community. Therefore, a BoF is required before creating the WG hence my BLOCK.
> > We may also wonder why creating a working group for a single document and
> > whether ART is the right area but those points are details.
> > 
> > My concerns are not all technical ones but include:
> > 
> > 1/ What is the incentive for the proxy/request intermediaries ?
> > 
> > 2/ Depending on 1/, we may expect that just a couple of intermediaries will
> > exist, this leads to centralization to a couple of parties but also introduces
> > a single point of failure, scalability issues, and easier censorship.
> > 
> > 3/ While OHTTP would be able to 'hide' the good guys from  bad
> > networks/servers, it would also protect the bad guys who can then easily attack
> > servers; leaving servers defenseless as they cannot protect against an attack
> > by blocking a couple of IP addresses without also impacting the normal users.
> > Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not
> > have the bandwidth to be a DoS vector.
> > 
> > 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in
> > democratic countries will become less and less able to achieve their tasks.
> > 
> > All in all, the points above should be discussed by the community before
> > creating a WG.
> > 
> > There should also be an operational consideration part.
> > 
> > 
> > 
> > 
> > 
> > -- 
> > Ohttp mailing list
> > Ohttp@ietf.org
> > https://www.ietf.org/mailman/listinfo/ohttp
> 
> -- 
> Ohttp mailing list
> Ohttp@ietf.org <mailto:Ohttp%40ietf.org>
> https://www.ietf.org/mailman/listinfo/ohttp
>

v2.23.0 | Report a Bug | By Email