IETF Logo Mail Archive

Re: [Ohttp] Discovery

"Livingood, Jason" <Jason_Livingood@comcast.com> Fri, 25 June 2021 13:56 UTC

Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D0B43A195E for <ohttp@ietfa.amsl.com>; Fri, 25 Jun 2021 06:56:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQZZWXz60GMI for <ohttp@ietfa.amsl.com>; Fri, 25 Jun 2021 06:56:22 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E84FB3A195D for <ohttp@ietf.org>; Fri, 25 Jun 2021 06:56:22 -0700 (PDT)
Received: from pps.filterd (m0184894.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15PDtFTp004985 for <ohttp@ietf.org>; Fri, 25 Jun 2021 09:56:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=+rUU46qV67HaTVLcLwCrAilqkpnKHEXWAcX9Pi4PlKM=; b=w2xMOAnnFjJH1ZTEWtqK8Clwrqjoa5LOInAY9FhYQJgUBO3To+R0xDoV/2GfqsltWJE9 fkCll0bJRB7pS04apHGgV610FIyT/4M4qc8NNYfs0rY58AkyzeWgQV551caa9UmjREJt u6pfRseImy6YyQ5ORLG4I7zPN9bpAz7zuERBJG2THSjVGbvUkOESPFttcN/7KUUaqUfp N0zlqhk0dqW69tj56LLSB2EVYNKxcbb9b9G2dT5BaNc64sJU2yvIUtQvJL4l5xVboquS pNelVXczQKZt9cO42YeNyDcDdJJreijgZVmOZQvxcZ0Kpa8SwD5U26V21Xlt1NuldMgM VA==
Received: from copdcexc34.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0a-00143702.pphosted.com with ESMTP id 39d2fxm176-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <ohttp@ietf.org>; Fri, 25 Jun 2021 09:56:22 -0400
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by copdcexc34.cable.comcast.com (147.191.125.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.10; Fri, 25 Jun 2021 07:56:18 -0600
Received: from COPDCEXEDGE02.resource.comcast.net (76.96.35.199) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.10 via Frontend Transport; Fri, 25 Jun 2021 07:56:18 -0600
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.173) by webmail.comcast.com (76.96.35.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.5; Fri, 25 Jun 2021 06:56:09 -0700
Received: from MN2PR11MB4287.namprd11.prod.outlook.com (2603:10b6:208:189::17) by MN2PR11MB4175.namprd11.prod.outlook.com (2603:10b6:208:153::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Fri, 25 Jun 2021 13:56:08 +0000
Received: from MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::88e2:5d7f:ea75:7c62]) by MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::88e2:5d7f:ea75:7c62%7]) with mapi id 15.20.4242.023; Fri, 25 Jun 2021 13:56:08 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: "ohttp@ietf.org" <ohttp@ietf.org>
Thread-Topic: [Ohttp] Discovery
Thread-Index: AQHXaZUmZjTiAT+KuUCnwYRgIFESz6skYy2AgAAAxwCAAAlhAIAAECOA
Date: Fri, 25 Jun 2021 13:56:08 +0000
Message-ID: <D74D56F2-DC79-491D-ACFC-5036E6311BED@cable.comcast.com>
References: <D8268CF8-94DA-4E91-9286-4E45B8E26CB6@mnot.net> <c57ed5b0-c17a-0bca-f42a-dafaa1725792@lear.ch> <1F7246CE-589A-4B34-B514-AFA0F640A384@mnot.net> <238476f4-6bf9-4124-8146-e8c051b1b25f@www.fastmail.com> <f1308d19-085d-dadf-df69-da6f8b1b5171@lear.ch> <85F35B48-DAB9-4429-9538-625E03262CDE@mnot.net> <LO2P265MB0399E24FF16C8A459E70EC0BC2069@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM> <434C5683-4292-4354-B000-42C1EFFB026D@mnot.net> <468362609.26110.1624611502535@appsuite-gw2.open-xchange.com>
In-Reply-To: <468362609.26110.1624611502535@appsuite-gw2.open-xchange.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: ietf.org; dkim=none (message not signed) header.d=none; ietf.org; dmarc=none action=none header.from=cable.comcast.com;
x-originating-ip: [2601:41:200:d70:1dd5:a338:9f63:2e1c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9e93fd6e-3b92-40ae-569a-08d937e0fba5
x-ms-traffictypediagnostic: MN2PR11MB4175:
x-microsoft-antispam-prvs: <MN2PR11MB417575DF42CE34E55E0D3B60C7069@MN2PR11MB4175.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Hk/82LiJnI8WQtyAVnIXkfxDdDSqsWtGOHH6i9Be19kppOMposRRHIJDf8WVD40XT3otg/YldzycDAyelyAE1eLd6jFrSve8QatDQXFWfy/H0IUbyga8pgE4x+g6Gn6khxpZDLlE+5pUWbYWViBo7PcPaqC4/nTCCFQFwVzR3NHfBpqF0tkhgqmgVx3c3m33Cb+F5Wl6OdvZ9QeDjdZ8qXo5NX6QCxR0AP+RZqlVQdjduj+dTsumZY0IP+ctXhnIJ1txLFfruu8UMeUmlRUHTr81fYRQ2TpIeLlrGh7I3EmEEfU1GOsyothBiAt//UE2pLF05wigTKjF9qwQKLTCUleII4e42woK+5pVo4vYKDxEPj6tQLEfDHPZsO9RFIMAKVouzQu/VCxvmcTP5MmHvfi40z9iZ/hP99DFUtqyyEQJ+i2yaZpoW4urMNNXc1wB9CvA/DqXrBQVfh9E3KmyO07rFWaygQG1J2JE+FCIXP0ZqszHImU2c/Gk+H4OiVi8OSPY4XkaN/AnDb2WtIrgCOYvaP8PBqJYsbd6g/PsR+y3K7Rr4Fgs0Owf7w9t84SSpa1rxDzjUbPIlkzJp0b8Lbrfkhh2HnHCdI6m3lMCqKIZshnJFB6f5JOoEBueLA/iZD0jdaOxSq6ASTkyIf7X01q3I6wQxVC3pSTJspjitXg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4287.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(396003)(346002)(376002)(136003)(84050400001)(6506007)(6916009)(478600001)(38100700002)(86362001)(122000001)(66556008)(76116006)(66446008)(8676002)(64756008)(186003)(8936002)(5660300002)(66946007)(6486002)(66476007)(6512007)(71200400001)(316002)(2906002)(2616005)(33656002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xONPA+s7IGdsAUJNj7hIzmjnYBDLhheLSgS/lwkKWxE9wuqNln9MPopkR8diYnzyUSy89CPVD54lYad1dXtxGT/Jo5SySidx7BynI/ZKxX4TA0x1RARyHw4HR4VcS2Jb8vvgx0utXl/VziafYyfk4mk/k4sJu7F8AEr0zQGf1dW41gsWj14KcudRIKTmHvoHT/pveH5mbts8RKIK0Iyb4jOGQc4xZlzCB7zw/45yuFuIPCEf9KkQ9Xxe+spFg8B39idSbYC0Q3eZa0Fw2gay92ut/kpEcnwKxZBt9FgBlxzTL0nTfIrghNoKCihP1qANe+yGzqvOBPs6Y1HGusDAQwtO3x7zkVHncxc+7pBY3/rbf8+iPaqjpsQDYkpM2iB0yvPdv9Kp2urjxu+NEZaGJtM+XpOZuI2PFb6kyfDpat3BnlrB/3zSFI8JmAStA439pQSARPinlwjOrqoZTNy1M7zOiI7CZ0N6WCkprlVvz/mIoPqZ2uUqB9l/JvLUaGKwMZDEAKQgbHHRxWjIejeJubzlioxo9CZlJBDDRWjvcQ8Lk5tpStLC/Ck8eDBfuaxxKZInRP66l3pyXQpWrKJta4D+/0grhAAEiow2aMg1bahl0fFyC2ouFryRcaA4xyafaywmO15HrwOJJT4h0AIU+dehK7tYw21vyKvmaFQtgOpCQuOL+7c2i2RLe/97epM/Ks2qJfnQcuGLy7mXwr+/6l8R+a47ryX2XFM0o4ZYjgQlL0Z0uMpwuCNRNEafQ3WOXIJy/BdF2Q4CtI+pGavIp0Xb4aRCnvTqecm78rCMCMFS7uGL9O8JD3XmQitxJNQc8JM6o3H/aVcDSW2kMKy8w7RA8fdw6REDGReNYbTadLwhNMehQd1MJGnIrGvJ0JQHhvWmuaHkwWbzvIQJwRo8rnqv4VQ5lJdppy6B4OxOgucISSilulSXKCIHznff8Yya/dJq2oB1B8iNF8t5i85Q2aY0zJ+FBuyUbDmJ9OzmGUkIvgV6MA4Rg4BlYoQh4nXWwjJzmwbY8+w2LJffoisAgAtWa/SYSymy6L9J/b7i/lVtoBaE/cPbj7+fQDtwM88Hrna17mtVS5WGRx4r8BZMugjIquGCbTYfGUtob7LO18OdUnMSPvj705soFDMXyer7LVBmtByjdHwPfgTJpn9xqYPgP56ZY2Jtu6KBabxOt1tvZlu0eLwrLA84ysq9g5ItdaN/1lgz+jSeQstGUdcbCOlZCjvVPOjlKF4HFDF8W3jBnKaN3tyIJOpMt/hyzumWOeuOoyXwaHExnLjY1OB2psHGViYYGIbB+sPTpg9Mqf4QqDHv5CrWVhwXrjKs3Hcpk6lpqxmbueJ6mJ0NxEeYji2XzToWUR8Cwq7wSpesOwosP4EyjvFqjaRGMQgJI0Pl
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n71NnLUO7rN6C+oZZZrggRPp4P/blIM+7WtQ+24WQm0J5lYkzB4B2boHt8R/5EXJh5zn6hjU2C2vE8Di7IoPrHk62cHiGVv3J5ayichigT0FN2UO05hWvbJrgEK+fAf8lsRE3PfEOjsgrI/Ay73emd54oQoViHSyqxxx0WDcHY5eOu8R3Hwt1bVfnHna9VXyzVt9/ybyBlYGKwMCXZPfbWQ8XN2Mkx5EHf9riYC0CksloVlsc/vzRo+72vIv78YPrvR63Eu49qyPnYWvTkC1FfHBcvnBeIPnnKYH06xUkDGEk6bKA3EVUx17aFeQWB2JWV1xTTvkm/2A2VsgXLH/wg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PU54NDSnAsoi5ZsQBNe8DqGHWbZtS6s/h47LZ4bhEGk=; b=EcirlMl2G1N8mbp20WkPzqAg0HUngnuiI5rHgjvD9IYuvs+AklIOOfGYXiXZji4KtA43xJYWGucLovU4QX+FsQUGUfg1bsSq7YBPCA/73IeNOdyqyt/joEkQ3ROE4bU3KxJPFgsHXkvD+5yMcdrMt6SqxEcZyf2vi1MbSHCKBvV/EcllhLIfPDLPSjPVx1CNMzBaq7Bpkk4S67S/WEJC+GoPK+X1Go3Hg0suNHgsofUKM+tz/A7wqZtJeIOPFwnNJjdq24YXpVQmwDJlvCAvh0bJ3l6tZRipmm4W/9jul+NMsAz7ybfyV6UUh+YuhooUaZhFFKYY7R1zA18fYxX6HA==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4287.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 9e93fd6e-3b92-40ae-569a-08d937e0fba5
x-ms-exchange-crosstenant-originalarrivaltime: 25 Jun 2021 13:56:08.3145 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: qFiY+rXVVZp6X+YU3zP5utNoxL68l91jSpiGLSjhCxXvXZ+gDyuseF2avQw2H910UxY1+waGfKtLeotWu5Ht0ApakssmKyTBAGmi56qvoOI=
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4175
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <8E5F923574A8804BB34F96AC81961F1D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWO
X-Proofpoint-GUID: B9zG70ozjs4m-hp3UXC8Jgja1q7IJIpY
X-Proofpoint-ORIG-GUID: B9zG70ozjs4m-hp3UXC8Jgja1q7IJIpY
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-25_05:2021-06-25, 2021-06-25 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/tCi2kc0c0ge-tNEH2kfBXJP2-KI>
Subject: Re: [Ohttp] Discovery
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 13:56:27 -0000

This is an interesting discussion over whether the WG charter should permit the WG to delve into operational implications in some manner.  In my mind these are as much operational implications as they are design choices or tradeoffs in the design - so putting aside the "operational implication" label I don't know why we'd not directly address what problems OHTTP is meant to solve and what the implications of the design choices may mean without making a judgement on whether the implications or tradeoffs are "good" or "bad".

In my reading of the discussion & charter, it seems like if the design is intended to prevent revealing client source IP addresses to destination HTTP servers then that might mean some of the existing mechanisms for content localization (e.g. based on geolocation & network) would not work or would be less effective - and this may be totally fine for some use cases & threat models. And perhaps new mechanisms will arise to solve this, that provides some sense of geographic and network location but not at too specific a level. But in using OHTTP, ISTM the user or user-agent is making a tradeoff between the pros & cons of sharing that source information (e.g. CDN performance) vs. the privacy pros & cons of that source information being available to a web app platform. So why not explain that?

As well, is it worth including somewhere an explanation that within HTTP content exchange & user agents that cookies or authentication can also be used for user tracking and that OHTTP would not protect against tracking via those mechanisms? Those mechanisms may even be more central to how user tracking occurs.

Jason

v2.23.0 | Report a Bug | By Email