Re: [Ohttp] Discovery
Eliot Lear <lear@lear.ch> Fri, 18 June 2021 14:25 UTC
Return-Path: <lear@lear.ch>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F53B3A44E7 for <ohttp@ietfa.amsl.com>; Fri, 18 Jun 2021 07:25:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfR40dH8B-Pr for <ohttp@ietfa.amsl.com>; Fri, 18 Jun 2021 07:25:24 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E3BD3A44E3 for <ohttp@ietf.org>; Fri, 18 Jun 2021 07:25:23 -0700 (PDT)
Received: from Lear-Air.local ([IPv6:2a02:aa15:4101:2a80:8ce5:a066:a394:8c5d]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 15IEPKu6361537 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Fri, 18 Jun 2021 16:25:20 +0200
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1624026321; bh=R1XXn6othFWjaz9FI8t+WlrslEJrcpjaInIUH/DdVCE=; h=To:References:From:Subject:Date:In-Reply-To:From; b=d8epFXbY5uG5zVxl7Y9OhWEflMXt8Gg9vcvpj3JzaRr56V4h3rMveen1Bg76ueE2W Q4zKSMljMBG+Aux/5KxT/klsZxatrEgfi2Zc/OIoQvtU5KtLDBDm1mzjTfnC+A/y0T uDE/Q7j/OFMB/VVnOaYrfzhGR90FGkNeThBUxvQ0=
To: Martin Thomson <mt@lowentropy.net>, ohttp@ietf.org
References: <D8268CF8-94DA-4E91-9286-4E45B8E26CB6@mnot.net> <c57ed5b0-c17a-0bca-f42a-dafaa1725792@lear.ch> <1F7246CE-589A-4B34-B514-AFA0F640A384@mnot.net> <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com>
From: Eliot Lear <lear@lear.ch>
Message-ID: <f1308d19-085d-dadf-df69-da6f8b1b5171@lear.ch>
Date: Fri, 18 Jun 2021 16:25:15 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="idxsOnbaY84XGkTLOLkXe9VOj1pAwboT7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/pTqDlaT_V8okg_oh_1aaK2vl_Ls>
Subject: Re: [Ohttp] Discovery
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2021 14:25:29 -0000
So... &TLDR; Change: The OHTTP working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure. to (ADD) += The working group will consider and address operational matters, so that the output does not introduce any substantial negative impact to existing deployments. The rest of the charter I can live with, now that I know what is intended. Note that you do address some of this in the draft already, so I don't think the add is much of a stretch. It would help if you included some use cases in the draft. On 18.06.21 09:53, Martin Thomson wrote: > Eliot, this line of argumentation is starting to smell like sealioning. I know that you don't intend that, but maybe you could make some concrete suggestions for what needs to happen. I think we're past the point where you don't understand what is being proposed. It's understandable that advocates would say this, since you live and breath your concept (good!). The rest of us don't, and you didn't elaborate how you intended to use this protocol in the draft; and so we're all playing catch-up based on this email thread. The discussion seems to be evolving and narrowing based on how you've exposed your thinking (good, too!). > I would also point out that this is going to be quite obvious to a proxy that is able to intercept connections. That is not substantially different than CONNECT or MASQUE or any of the VPN protocols that exist (both inside and outside of the IETF). CONNECT is an HTTP method that requires active support, which may well be turned off by default or not even present, and when implemented has a particular purpose around which enterprise proxies can apply policy. MASQUE may well be similar in nature in as much as a TLS proxy would not support it by default. I don't think the same can be said of the POST method: it has an existing general use that would require changes to deployment denylist patterns. While that might not be not super hard, enterprises not doing so would be in for a surprise. At least some of these proxies are just doing textual scans for information that shouldn't leave an environment (customer/patient identity information, for instance). One could reasonably argue that we should use POST just to prove the point to enterprises that this exposure exists, regardless of the standard, but that would also be viewed a standardized version of red teaming without permission, and somewhat paternalistic. So long as the issue is recognized, how it is addressed is something the WG can discuss, develop rough consensus, etc. You proposed leaving this as a configuration option to be used. That's certainly one way to address the matter. To argue the both sides on discovery for just a moment, if we don't have a discovery mechanism for when this mechanism is to be used, OHTTP can really only be used in very specific ways. Maybe that's just as well, and a good place to start. A lot of this discussion ties to the generality of the mechanism. I still worry about using this stuff for DOH, and that should be discussed. Eliot
- [Ohttp] Discovery (no) Mark Nottingham
- Re: [Ohttp] Discovery (no) Martin Thomson
- Re: [Ohttp] Discovery Eliot Lear
- Re: [Ohttp] Discovery Mark Nottingham
- Re: [Ohttp] Discovery Martin Thomson
- Re: [Ohttp] Discovery Eliot Lear
- Re: [Ohttp] Discovery Vittorio Bertola
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Martin Thomson
- Re: [Ohttp] Discovery Eliot Lear
- Re: [Ohttp] Discovery Mark Nottingham
- Re: [Ohttp] Discovery Andrew Campling
- Re: [Ohttp] Discovery Mark Nottingham
- Re: [Ohttp] Discovery Andrew Campling
- Re: [Ohttp] Discovery Vittorio Bertola
- Re: [Ohttp] Discovery Livingood, Jason
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Andrew Campling
- [Ohttp] Off-topic on IETF and public policy (was … Vittorio Bertola
- Re: [Ohttp] Discovery Livingood, Jason
- Re: [Ohttp] Discovery Livingood, Jason
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Livingood, Jason
- Re: [Ohttp] Discovery Martin Thomson
- Re: [Ohttp] Discovery Eliot Lear
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Eric Rescorla
- Re: [Ohttp] Discovery Eliot Lear
- Re: [Ohttp] Discovery Martin Thomson