IETF Logo Mail Archive

Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 17 June 2021 12:29 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692CF3A1DD8; Thu, 17 Jun 2021 05:29:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.895
X-Spam-Level:
X-Spam-Status: No, score=-11.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=idbYEKLv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=l72JT/zM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQIdmVrwkEsn; Thu, 17 Jun 2021 05:29:12 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 416283A1DD5; Thu, 17 Jun 2021 05:29:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28425; q=dns/txt; s=iport; t=1623932952; x=1625142552; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=idbYEKLv7UIS5z/X31xOGmp+LKgcNUYtizhw/jYH7oB/4N2ATOtQY+RH 6dujhSI2UNNy2Z1j6svQW35XTxbK9+ZiXJI5QcvT/JykfCPn8xLL6YTXZ iesi58JeRYZLTucmrEDkvbmVuwRsvqlIm5F8gisW9xhkCvTjMg4tDu3cm Q=;
X-IPAS-Result: A0BiAwDKP8tgl4gNJK1ahAMwUX5aNzGESINIA4U5iQIDgSKTeIUAgUKBEQNUCwEBAQ0BASoBCgoCBAEBhFACF4JVAiU4EwIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFOwEGASUNhkUBAQEDAQEBEBEdAQEsBAcBBAsCAQgOAwMBAigDAgICJQsUBgMIAgQOBRQOgi0BIQGBflcDDiEBDpoHAYE6AoofeoEygQGCBwEBBgQEgUhBgzQYgjEDBoE6gnuCcVNIAQGCSIFtgiwnHIFJRIEVJwwQgmA+gmIBAQOBKAELBwEJOA0JgmE2gi6CL1IZagQdBRkIDwEgAi0MJEUPBgQHAxoCDx8IAQ0tkHoTGYMiiBSfIgqDH4oSjhOFVwUmg16LJJBDhimFJ5xMkyYEBBiEWwIEAgQFAg4BAQY1gTYia3BwFTsqAYI+UBcCDoE1hlmGHQUICYNOhRSFSnM4AgYBCQEBAwkBe4YeBYJCAQE
IronPort-PHdr: A9a23:YpbEVB3HTRpVVuU9smDPs1BlVkEcU/3cJBIb79wsjLcdOqig/pG3O kvZ6L0tiVLSRozU5rpCjPaeqKHvX2EMoPPj+HAPeZBBTVkJ3MMRmQFzGtKLDAvwK/u5JyA/F d5JAVli+XzzOENJGcH4MlvVpHD67TMbFhjlcwRvIeGgEY/JhMPx3Oe3qPXu
IronPort-HdrOrdr: A9a23:2wW+a6td/ZKJchRlKK+SJjot7skCy4Mji2hC6mlwRA09TyXGra GTdaUguyMc1gx/ZJh5o6H+BEGBKUmskqKdkrNhQ4tKPTOW+FdASbsD0WKM+UyaJ8STzJ856U 4kSdkDNDSSNyk4sS+Z2njDLz9I+rDum8rE6Za8vhVQpENRGtxdBmxCe2Cm+zhNNXF77O0CZe OhD6R81l6dUEVSSv7+KmgOXuDFqdGOvonhewQ6Cxku7xTLpS+06ZbheiLonCs2Yndq+/MP4G LFmwv26uGIqPeg0CLR0GfV8tB/hMbh8N1eH8aB4/JlbwkEyzzYILiJaYfy+gzdk9vfsWrCV+ O8+yvICv4DrE85uFvF+icFlTOQigrGoEWSuGNwyUGT0fARAghKVvaoQeliA0TkA41KhqAh7E sD5RPqi3IcZymw7xjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklXKvoMRiKorzPKt MeQf00JcwmOG+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBaVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaN6DgDKFC06 gpdWko9FLaV3iefvFm7ac7uiwlGl/NKQgF4vsukaSRlIeMMYbWDQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,280,1616457600"; d="scan'208,217";a="708474897"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Jun 2021 12:28:58 +0000
Received: from mail.cisco.com (xbe-aln-002.cisco.com [173.36.7.17]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 15HCSw3U007299 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Jun 2021 12:28:58 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xbe-aln-002.cisco.com (173.36.7.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 17 Jun 2021 07:28:58 -0500
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 17 Jun 2021 07:28:57 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 17 Jun 2021 07:28:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bVLV1C4xhNZM70oQMF34hllbZ5NCcgUn5EEcfJ9wO0wjtp/DSb9p4lijLbVfWnIwbTwoA9LVzSubq1ZRBuIKwmEhdG0JPOyDwru43QurYboQ8iki0RuZaPjqmvR8VcJO1UVrzkekbsGx0+eeEVmZzBOjJOmG5bUgc5xYC/jZnntPIExCgfCOmg0ZCuE2TMi9AYCq+p8g3upTHFNQUTT00bYWTWySy5CfHCkZHyAyw4UOCgDd6uAStEUzL0pZCsR0woPYvXmg/55mZOWMTe23xeTATG0urTTdPtD3WqaJtCYE3csMtbJjc02Dv5Le8iZh5PU5MD1jRSUZCxjomdiIYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=EPWdel8caCjGfcBPkerWvBpcp74WVtm+NkdO8HSnF52RHSYQCPEkUNxcpBi8K39dbrV28VF6nW3nTCY9P1264qEAmRlSqV9Fb/+eM5JyRWnV1xxUoovhsz1g9mBalybt5eYb5OkcOFAGkFKTYNjS8PMA/m6Eg0rqdYbXSHRMKdzxrneJGUmSu0P90rXno0O7exMmycxCJZ8Y+eRg41JFQyqZYvrbZeBS/4Bg4rSsxvlD45LkPKpx+ruIhQPplUutdMSOko+MYWqpZqeUaYc1mEjSusK1Oly+MSdSi1r4XzebtgVIAIkab+j++nyqLPKCzdw9LvVIh0B/UGZ/qEPBfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=l72JT/zM2czYT5Td7suoVdTp65HhHn4PA1xIA31Q0nywayrnYP+JGUQ8MZyku5qMi73bx0JdiPu9CjkuGm3wgJFUgFjieYDpJoMS6nMh338p5pdVWv6MWQLNG/SNj+kiI/g/qiam/pG0ltR0QShUJWNGgQK4hGUL/6OUrQxtAlM=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4807.namprd11.prod.outlook.com (2603:10b6:510:3a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.19; Thu, 17 Jun 2021 12:28:56 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64%3]) with mapi id 15.20.4242.021; Thu, 17 Jun 2021 12:28:55 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "ohttp@ietf.org" <ohttp@ietf.org>, "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org>
Thread-Topic: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
Thread-Index: AQHXYrzVWetAgmrc60OsRdOj+5oh3KsYRLqA
Date: Thu, 17 Jun 2021 12:28:55 +0000
Message-ID: <126107E9-B27C-458F-9947-691398E20969@cisco.com>
References: <162383653561.1023.5027949292786523303@ietfa.amsl.com> <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com>
In-Reply-To: <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:f092:31ff:65a9:f581]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d65ec95b-fefc-49cc-ca43-08d9318b7989
x-ms-traffictypediagnostic: PH0PR11MB4807:
x-microsoft-antispam-prvs: <PH0PR11MB4807325477058DAFDEE568C0A90E9@PH0PR11MB4807.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6pVZwhxopP/KMa4xgIWtYK/bNy01skxHjb4cn508NUMgH5YPiqAV3DirIIGYEOINkNrLC47Lcdzew5pqwyOoJLJ5Fh7t50PUoqmhb1yrHyjdpBN/dXsKmPjl3xXg/OVViRJdUItCtTOdgOQreER6jJamroVLtylnE7IopdLkNZBndmSEMKM9+3Bv9VlY9Hno0ClGPjjNZ9WGy9f+MTK985F1h3r210MbjbaaLTy7hnCcloEDmgLcYXoWqkgtjhljfhSOoWQGFBc4ShKlth+P5BgdFc8gR2vuJwnefgVFoiHh4iYqfbm4LEkhC3xBOZ4p1c91ebbylYjxQlsaG6VXxYK7HTLnr+7tnC1u9JF815fhWbgncdeV18qjkfRbGngmAujgIz5Tc4qJAVrxPyeeLtl64abARhHsz9Qh30V/YBf1uSzZckX7rEqtmTOwU1O9G3fqqNsxNykXQMtvs7M09fYmWWKE3k9XdOrhzeA7/Q8Lw/M0b/a4+kecfPJaxAvWwThupCx+MZeL9PF3HFYLLqwZqheYwjYFlZRn+p4SjZeT1fgHg/XgpzTsdB55f/FqtbENzaACVwfD/42x2MMxIGJzPw/Ez4hMTaoMz1nF06sk96/tkxMW86DWScbI7EKTc0MkFwdqszoefaHwJDrisLazEQseNnnjtvUte3u7Q4XhOz7NNBoCCPNKlfKbSVDvJMF/gsvdgrimaVCUtuhhFPGuMUABP6VQTIdKXc3RZys9+CuclsENU6nfzOYLdLpQ0I27zCe64GrzKE1WNUxu3+Sr9MfzbwgyZRSvzO86wMGyQPb1ceR5M8KeV/JwT2Rp
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39850400004)(376002)(346002)(136003)(366004)(71200400001)(86362001)(53546011)(4326008)(6916009)(186003)(33656002)(122000001)(2906002)(6506007)(478600001)(966005)(2616005)(36756003)(38100700002)(54906003)(83380400001)(91956017)(8936002)(76116006)(66946007)(66556008)(66476007)(64756008)(224303003)(66446008)(316002)(6486002)(66574015)(6512007)(166002)(5660300002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1uSXLpDaFPFjXTJTz36iE8P7W/oPxstDhuRYkN3IWLl9O/iqxqJUeAqjTs+gyCIazLyIyLyU1NF8rwoOjWLWbvuhJ4B44WTeR21IewF9Nvq58l8idGv5vdi/0xEjGgtrRP6zxKi6/gGFfpnt/1N5aHgHfq/lYLUrzd+POKEkSpcvFrYeuoW7Wh24G/vH6KnbylKe8BNsb/tZHb5FlFtbtGrrdeY15Yhj3O0oJ2+jr1tc+lRdnxHJdSEJlD7mwiPLJMZ014ev+xkEPCdkAEaUhdVysqeTzdDuI3hu3hZjg1i7vZuAmW5AmEk9yrbpAe9jCiUtZ2nyYQvFGUSOWPxmWccbUAzCZEZMvRXeoYwqPfFk07qZvi/Zf1uqEeJcVjvnieIuMH9XFFWugfRt1j8rrXG+U1aNpWz/eBx2Yt/AGAV4EHkNybluU3QTFJcRaYVOwWP8E6zvgEHXKGocE/JVBLPd05GAk9w/YWtMvtM0AS/k+VFsiLcJK5qjSGsgjvpc11DGssQYJ99wfWv49Y6aV81Uc8zf+meoLtsA4k2zXyg9tRcOJavsSyMKZ82CWwRzfN30tZJwkplilxQ+UeyojejkzTQA0aCPVtkq6qEbNxainbz1uW9bnjDI3GMs7NbS34KnLPEQADYU3G2Mn29DfPV83mmpneW122+0idFqxZYj7eKJgX6fwj5t39dsnOl4ip2ezpD6czzL7xg53BgVfRQSKPCIip0WwJbfBpcRGugrs922nf7HhNXnTGSficbE3lpTpc51tR++0pU71vdbV2SNk7qZZPSInb9Hpxv9U6kBWTvVLRmpqAOqvvfTKBhzaDokE5xtiGoMzKcdYulvoOt8GGHLuA1KxLH1kVNEGmdlk94D9/tjJXvi/Dz9bNdP82Rff0mbYnSb4xBFP1auBXUia90iaItfP/iGTaZnqI74NlvZqO/zWTnMUZDy3YGWUT0AKNAufqPrctZBMS8A0Q6GI/nnnykwv7vyVzj3yohKTbDJaz6QzFwu2g+MQSbuoVhNuk/G8QLv6Pr6H0P1G6fP65aVWPdngWUrJmN8PdQWp2ZcqVxT0Mb5zAYe9VKodis1jMxvuZJK9DkUj7owz9SEkQP1+Tk/B+qL73PcmbaoEuf+Y6J7k+I3VrzS24Gtt5VmicpWVDHNwtivbNP90rEpmA0kdjVDShcNA9irQ/ThtGZ2F5gzRiKO7b0QVwB+/AoXHje6qbsCWAJwNmqcn1CAjlR1H5iSbN/ct7KepJBQc65QCV204N5EBSWfgiVQhBaTvUo5lADovGjlM7FuqJ1mny6ZO6m+OxbI8wcTZUnh+D3zUR1mUhEC0zWch3nQw3vdRqRyL1/TiZptgjT1PNpmcsZ74BBmstZSlN6MN70Pd5VIi+5oRtJnu2+jObhn
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_126107E9B27C458F9947691398E20969ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d65ec95b-fefc-49cc-ca43-08d9318b7989
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2021 12:28:55.7779 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a8CkdCsuY+2uFKdlU9/vcPcZ8iTM8DFFtN1FTyzQLesQ+OsUU6E1jfnnK3OOE3/LrfU59GajBb1G4taQ2+tkoQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4807
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xbe-aln-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/uLtz8SXJxIkTLvKu5s_0faxzRFE>
Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 12:29:18 -0000

Hello Eric

Thank you for your detailed reply and the explanations. I still consider that the topic should be presented to the community during a BoF where a longer explanation and Q&A could be done rather than a 30-minute session at secdispatch.

If you do not mind, then some more from me below, look for EV>

Regards

-éric


From: Eric Rescorla <ekr@rtfm.com>
Date: Wednesday, 16 June 2021 at 16:35
To: Eric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, "ohttp@ietf.org" <ohttp@ietf.org>, "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org>
Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)

> I have many concerns about OHTTP (see below), which may be shared by the
> community. Therefore, a BoF is required before creating the WG hence my BLOCK.
> We may also wonder why creating a working group for a single document and
> whether ART is the right area but those points are details.

Perhaps, as Mark Nottingham suggests, it would simply be easier to
have this work done in HTTP, thus addressing the "why create a new
WG question", and making this proposed charter moot.


With that said, I think perhaps you misunderstand the setting in which
O-HTTP is intended to be deployed. I.e., it is not a generic proxying
system like Tor but rather one which is designed to allow the client,
server, and proxy to work together to conceal the client's IP address
from the server. Indeed, the most natural deployment scenarios are
ones in which the client, origin server, and proxy are all coordinated
by a single entity. For instance:

EV> Indeed: I misunderstood it; it is clear neither from the draft charter nor from the I-D

1. A browser who wants to send telemetry back to the manufacturer
while concealing the IP address. In this case, the browser and
manufacturer are controlled by the same entity, who also arranges
for the proxy, which is preconfigured into the browser.


2. Oblivious DoH (in a TRR configuration). In this case, the client
and proxy might be operated by the same entity who then has an
arrangement with the DoH server.

EV> I understand the requirements and the use cases (thank you BTW), but, if all the pieces are from the same entity, then I wonder what is the purpose of the machinery ? I could understand OHTTP if the 2 proxies are operated by different entities but with one ?


Note that these cases are largely maintaining existing topologies,
but merely inserting a proxy. Moreover, as noted above, these
relationships are largely static.


> My concerns are not all technical ones but include:
>
> 1/ What is the incentive for the proxy/request intermediaries ?

I don't really think this question is in scope for WG review.  We
don't typically ask why organizations want to do things, but merely
whether there is interest. I think it's clear from the discussion
leading to this that there is interest and I can tell you that Mozilla
is looking at running such a proxy, as are others who may want to
speak for themselves.

EV> see my point above, what is the use of it if all function elements are controlled by a single entity ?


> 2/ Depending on 1/, we may expect that just a couple of intermediaries will
> exist, this leads to centralization to a couple of parties but also introduces
> a single point of failure, scalability issues, and easier censorship.

This is irrelevant for the use cases of interest, as described above.

EV> agreed if this is limited to those use cases but it can obviously be extended to any HTTP session.


> 3/ While OHTTP would be able to 'hide' the good guys from  bad
> networks/servers, it would also protect the bad guys who can then easily attack
> servers; leaving servers defenseless as they cannot protect against an attack
> by blocking a couple of IP addresses without also impacting the normal users.
> Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not
> have the bandwidth to be a DoS vector.

This is an issue to some extent, but because the relationships are to
some extent static (i.e., the server does not expect to receive large
traffic volumes from arbitrary proxies), it is less than with a
generic proxying protocol. In general, servers are going to expect
that proxies do anti-DoS. With that said, because the O-HTTP requests
are wrapped, it is possible for the proxy to provide anti-DoS
meta-information (e.g., IP reputation) that is more difficult with a
generic proxying protocol.  Moroever, unlike a generic proxying
protocol, we don't expect ordinary HTTP servers to run this, so the
risk is easier to control.

EV> understood, but, far from being clear from the I-D and proposed charter


> 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in
> democratic countries will become less and less able to achieve their tasks.

I don't think this is an appopriate consideration either, for the
reasons indicated in RFC 2804.


EV> hence my ‘and perhaps less important’
EV> and in the described use cases above, this is not even relevant at all

These detailed points aside, these objections seem particularly out of
place in light of the fact that the IETF is presently designing a
generic proxying protocol that is designed to work with any server,
without modification (MASQUE). All of the considerations you list
above apply a fortiori there (and, for that matter, to RFC 2817 HTTP
CONNECT, TURN over TLS, and any VPN protocol we've designed).  Given
that O-HTTP is a more limited system than all of those (differing
primarily in that it is optimized for single request/response pairs)
it's hard to understand what the problem is.

-Ekr

On Wed, Jun 16, 2021 at 2:42 AM Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
Éric Vyncke has entered the following ballot position for
charter-ietf-ohttp-00-00: Block

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-ohttp/



----------------------------------------------------------------------
BLOCK:
----------------------------------------------------------------------

I have many concerns about OHTTP (see below), which may be shared by the
community. Therefore, a BoF is required before creating the WG hence my BLOCK.
We may also wonder why creating a working group for a single document and
whether ART is the right area but those points are details.

My concerns are not all technical ones but include:

1/ What is the incentive for the proxy/request intermediaries ?

2/ Depending on 1/, we may expect that just a couple of intermediaries will
exist, this leads to centralization to a couple of parties but also introduces
a single point of failure, scalability issues, and easier censorship.

3/ While OHTTP would be able to 'hide' the good guys from  bad
networks/servers, it would also protect the bad guys who can then easily attack
servers; leaving servers defenseless as they cannot protect against an attack
by blocking a couple of IP addresses without also impacting the normal users.
Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not
have the bandwidth to be a DoS vector.

4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in
democratic countries will become less and less able to achieve their tasks.

All in all, the points above should be discussed by the community before
creating a WG.

There should also be an operational consideration part.





--
Ohttp mailing list
Ohttp@ietf.org<mailto:Ohttp@ietf.org>
https://www.ietf.org/mailman/listinfo/ohttp

v2.23.0 | Report a Bug | By Email