IETF Logo Mail Archive

Re: [Ohttp] Discovery

Eric Rescorla <ekr@rtfm.com> Wed, 23 June 2021 14:41 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 141EF3A3A0D for <ohttp@ietfa.amsl.com>; Wed, 23 Jun 2021 07:41:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KqV4Tesd4wLK for <ohttp@ietfa.amsl.com>; Wed, 23 Jun 2021 07:41:27 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C27813A3A0C for <ohttp@ietf.org>; Wed, 23 Jun 2021 07:41:27 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id s19so3725696ioc.3 for <ohttp@ietf.org>; Wed, 23 Jun 2021 07:41:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6kDd10Oido0tme5HkMJXce4QpdCrviAaKRjeQnehglM=; b=p36uDYWASBWJhxSAuMH6568hJ3OyGJjeUzM0t1Lq3do+OP04TnTQprOxXeQ1/p8WjX 8WvAeEd4/5BmtUFi5IzoOu+cfV6CWC1VaZH2m5Q9+AuoMDhw68Lcw5pxXxIRIrBG1ntT 9SKe1xcsNTixwDIOjYzZkkGWgHzdix4qaGWi0k8oOKTuA+WIxzskuU3HTfqam2WXuhYp tFyH4cxP900l3gfbDmwRZ2gMz3O9LwPvfupvZk3O+4y9ZAq7rprVgw4z5rI79W7zsNra 6+qR3pKAHlMnfFH/yN6+rQIwtZwclHk/vqNO6HIdqJ3CdOcP+nATg8ArHxg2IM6kf34o XGiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6kDd10Oido0tme5HkMJXce4QpdCrviAaKRjeQnehglM=; b=Xb0KxMXejTgFVxHnxOUsZJ3p0EoCZVMu1B6b+pDfWKBTNgfbmFHT5jGtWDdl+15Z3/ TYgZzUnMhGlKIqmTx3DmqM2Pg1Nhbf7Zedxs0h7a9oRnMahu8IhZFibXVOqHfxk6kviq Ft2VsUFNQHmD6U5SSXG1FuIAS+60+3aPrB09rHphSwNp3qQRVEiM2/3mm2IeBfCk7Bou DUWZLtqOM3VUmFguahc3PHDmG4rYknEiXTuKYfMXLXl10GpoXNKk/8O6FOkfpAQ894Co ihsiARbHK6LpwVAoNWsiIjMin7uIw4Xlf63lwAHnETjFMNau5kRh64LQPvfM3brwH5fE 5DcA==
X-Gm-Message-State: AOAM533b9xFBXh0FCk1/ENbmu0cmADuzGmdfy+8bxaa/W8l9MRjjxswu XHJWCrviZNDTdcZWYi5H9Fjx5UuZI6iGDy7SHSHNsTGulQLPdw==
X-Google-Smtp-Source: ABdhPJwKDk+Z1uTCPGhtj3Z+8HhiUN00XblazUUR1NVcwvryHYi9utG4BVsjzKhEQQlEn+WoBJfyUYRgUpedcrSQ+gA=
X-Received: by 2002:a5d:8b85:: with SMTP id p5mr7234420iol.43.1624459286393; Wed, 23 Jun 2021 07:41:26 -0700 (PDT)
MIME-Version: 1.0
References: <D8268CF8-94DA-4E91-9286-4E45B8E26CB6@mnot.net> <c57ed5b0-c17a-0bca-f42a-dafaa1725792@lear.ch> <1F7246CE-589A-4B34-B514-AFA0F640A384@mnot.net> <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com> <f1308d19-085d-dadf-df69-da6f8b1b5171@lear.ch> <276764677.18198.1624458666099@appsuite-gw2.open-xchange.com>
In-Reply-To: <276764677.18198.1624458666099@appsuite-gw2.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 23 Jun 2021 07:40:50 -0700
Message-ID: <CABcZeBOjF4sdk_zO5xaPjN3DxCpQcna4hVaUTXzVoJB5HsPUWQ@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Eliot Lear <lear@lear.ch>, Martin Thomson <mt@lowentropy.net>, ohttp@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b7c68605c56fe64b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/omREelQpIk16luIcbKNjJug89GE>
Subject: Re: [Ohttp] Discovery
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2021 14:41:34 -0000

On Wed, Jun 23, 2021 at 7:31 AM Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org> wrote:

>
>
> > Il 18/06/2021 16:25 Eliot Lear <lear@lear.ch> ha scritto:
> >
> >
> > So... &TLDR;
> >
> > Change:
> >
> > The OHTTP working group will include an applicability statement that
> > documents the limitations of this design and any usage constraints that
> > are necessary to ensure that the protocol is secure.
> >
> > to (ADD)
> >
> > += The working group will consider and address operational matters, so
> > that the output does not introduce any substantial negative impact to
> > existing deployments.
>
> I would support this addition, but I would also mention some of the other
> concerns that have been expressed, at least in terms of documenting
> possible unintended consequences and ways to deal with them. So I would
> then add:
>
> "The working group will also consider and address the possible effects of
> a generalized deployment of the protocol outside of the applicability
> statement, in terms of possible impacts on Internet security and privacy,
> centralisation trends and issues around jurisdiction and law enforcement."
>

I do not believe we should do this work. It is not necessary for defining
the protocol and seems to mostly an opportunity for argument.

Finally, "issues around... law enforcement" seems to conflict with the
intent of RFC 2804.

-Ekr


> --
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Ohttp mailing list
> Ohttp@ietf.org
> https://www.ietf.org/mailman/listinfo/ohttp
>

v2.23.0 | Report a Bug | By Email