IETF Logo Mail Archive

Re: [Ohttp] Zaheduzzaman Sarker's Block on charter-ietf-ohttp-00-00: (with BLOCK)

Martin Thomson <mt@lowentropy.net> Thu, 17 June 2021 23:13 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB823A3268; Thu, 17 Jun 2021 16:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=pKFuIOp5; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MZf+DOSV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5xUtwn9hNSo; Thu, 17 Jun 2021 16:13:01 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BB073A0813; Thu, 17 Jun 2021 16:13:00 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 2E3385C0132; Thu, 17 Jun 2021 19:12:59 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Thu, 17 Jun 2021 19:12:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=qxRuNKBvwe+UWngtyzmrDAQDk0oZ cyRQ3sziTA3/TbA=; b=pKFuIOp53Az1NYZ+iTURRBs5czqoPElzidksxJFld2Kz FDyBsgFtnLpGcmEXjZxu5dYlts3fKCYyn9HFPftWAdpwE9qu8pf3Lykk32XqYc8z kzM4AoZp+gUR1OmEK+l7VyPwoLtG1E5xI1fYRumxXcsSMEcLOB13TqEe1V6t00BE NLh/WHWNaaPxJC0OEc9GaU1FeWj2C6eLiTcwjBg2vWMMBYkRi8od/5SFJMCSnGC8 9rkFnTQ0zzu9NHgvWIxQpUniwba+bLX4t+cEBjDr74U4CrYjP93gTnubIA6NyZoO 5fwpv4xwWU3afQs5m111KZ/gGk1++k9vMxy4HHl6uw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qxRuNK Bvwe+UWngtyzmrDAQDk0oZcyRQ3sziTA3/TbA=; b=MZf+DOSVNwweXOK7kYCjZN 2eSW/YVdKlwVi6ezFLy9vJ6k4lzcOUnd3Eox3CKcm8tEM2t0BIGP2wj7OvurVM3J 6Ksfk9MEHEqXnmok0zZXkWvU3rxElvlSl5pBFgTtAoMDVxBTDIVr73O50xnRQttb j9yUiqX4rcrV5Sw/iII022Tg7xH3cvGYdUcRIb+3QEyS6HmEc0XewkV8rSEjMApx sggusLynvHdh/9GK5EX63bp4tf8gyrgNYYwconcqYaHj4mYofKyjUeGMt7vTpKGB B19v+ZQ39IKYBTKruhF6knL61FAuptOJzZXb3DeEPh8PD7bktb3498Ljq7jeQN2Q ==
X-ME-Sender: <xms:-tbLYM_cbbsiGeJx4tHNut9wT9VeqpQQsVLMO0lReLUSEk8aFADyvg> <xme:-tbLYEsa89p3CvrEnr1PViB1Tuec28x09arKc6_nFRa5O_m2LYZLwtr-Yp4Xe3w-0 URmhjqEhVKJnFEjV3A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfeefvddgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepheefteduudduhedtkefhvdfhteelffdujeegjeffheffveekudei gfeuveekfeelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:-tbLYCDspeH1ETr1Qr0sqJO5Y6rNS3K2coRnqIBQOx_to8bt3Mh-Ow> <xmx:-tbLYMe1LdjXpqPjtOaCu4h9KVr1wgLRJIcJ7HIAPRAF3eVkKrn0ww> <xmx:-tbLYBP0fn6w2jfbaIMiwUtqfK4gAnkGdtRtzBOd564-5BWDFT5c1A> <xmx:-9bLYP0S5TtAS4DGnAmsGhOhb3UTXCenhgieEZI2w96VuKBV8xjRWQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 453D14E00FB; Thu, 17 Jun 2021 19:12:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-526-gf020ecf851-fm-20210616.001-gf020ecf8
Mime-Version: 1.0
Message-Id: <2335b22b-b98d-4e7f-8481-62c8b146c70f@www.fastmail.com>
In-Reply-To: <162392685980.9639.17048456192736231833@ietfa.amsl.com>
References: <162392685980.9639.17048456192736231833@ietfa.amsl.com>
Date: Fri, 18 Jun 2021 09:12:36 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Zaheduzzaman Sarker <Zaheduzzaman.Sarker@ericsson.com>, The IESG <iesg@ietf.org>
Cc: ohttp@ietf.org, ohttp-chairs@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/gIksWbMsyHnv5spgfLQkaCCHBQQ>
Subject: Re: [Ohttp] Zaheduzzaman Sarker's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 23:13:07 -0000

Hi Zahed,

On Thu, Jun 17, 2021, at 20:47, Zaheduzzaman Sarker via Datatracker wrote:
> **  The client is responsible for creating the request and the information it
> shares with the server. I didn't find any hint in the charter about the work
> needed to actually inform or configure the client to restrict the use of
> sensitive client information in the requests. I get a feel that the  current
> charter is more focused on communication security and method to invoke the
> communication security, which kind of not really solving the actual problem of
> preventing the client information sharing with servers.

I don't think that a charter needs to address this question.  We don't specify in HTTP charter or specifications how clients decide that a particular resource is interesting enough to request.

In this case, the draft does address the question, though obviously that could be improved through work in a working group.  Why do you think it necessary that this detail be addressed in charter?

> ** From the charter text it is not clear what are the particular settings that
> will invoke the use of ohttp, didn't got any single example to get the context
> correct. This kind of making the scope of the working group a bit fuzzy, like
> Rob wrote, not sure if this is a general http related work or there is a
> particular usecase in mind. I think the charter should be more clear about the
> context and use case if this is targeting a particular setting of http usage. I
> am sure there are known cases where ohttp make sense, we just need to print
> them in the charter  text.

I think that the discussion on other BLOCK positions has answered this already.

As above, I don't agree that charters need to carefully plot out the precise applicability of a protocol.  But ensuring that the protocol documents applicability is worthwhile.  As I noted, the draft has a section on applicability; would it help to add something explicit to the charter?  Something like:

> The OHTTP working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure.

Does that work?

> ** I believe, the linkablity cannot be solved at a particular protocol stack
> level. Like the source address can be shared with the server in different ways.
> Oblivious HTTP, likely to play a part at application layer but work need to be
> done in the lower layer as well. I think it would need to discuss the potential
> relations with other protocols that might be used with HTTP to achieve what is
> desired here. The charter should acknowledge such relation very briefly and
> should state if those work needed in lower layer is within scope or not.

That is work that is more appropriate for a working group in the context of a protocol design.

> ** I am missing milestones.

Me too.  It happens to everyone.  I blame the pandemic.

Seriously though, I thought that Francesca had fixed this.

v2.23.0 | Report a Bug | By Email