Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 17 June 2021 12:29 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692CF3A1DD8; Thu, 17 Jun 2021 05:29:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.895
X-Spam-Level:
X-Spam-Status: No, score=-11.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=idbYEKLv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=l72JT/zM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQIdmVrwkEsn; Thu, 17 Jun 2021 05:29:12 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 416283A1DD5; Thu, 17 Jun 2021 05:29:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28425; q=dns/txt; s=iport; t=1623932952; x=1625142552; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=idbYEKLv7UIS5z/X31xOGmp+LKgcNUYtizhw/jYH7oB/4N2ATOtQY+RH 6dujhSI2UNNy2Z1j6svQW35XTxbK9+ZiXJI5QcvT/JykfCPn8xLL6YTXZ iesi58JeRYZLTucmrEDkvbmVuwRsvqlIm5F8gisW9xhkCvTjMg4tDu3cm Q=;
X-IPAS-Result: A0BiAwDKP8tgl4gNJK1ahAMwUX5aNzGESINIA4U5iQIDgSKTeIUAgUKBEQNUCwEBAQ0BASoBCgoCBAEBhFACF4JVAiU4EwIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFOwEGASUNhkUBAQEDAQEBEBEdAQEsBAcBBAsCAQgOAwMBAigDAgICJQsUBgMIAgQOBRQOgi0BIQGBflcDDiEBDpoHAYE6AoofeoEygQGCBwEBBgQEgUhBgzQYgjEDBoE6gnuCcVNIAQGCSIFtgiwnHIFJRIEVJwwQgmA+gmIBAQOBKAELBwEJOA0JgmE2gi6CL1IZagQdBRkIDwEgAi0MJEUPBgQHAxoCDx8IAQ0tkHoTGYMiiBSfIgqDH4oSjhOFVwUmg16LJJBDhimFJ5xMkyYEBBiEWwIEAgQFAg4BAQY1gTYia3BwFTsqAYI+UBcCDoE1hlmGHQUICYNOhRSFSnM4AgYBCQEBAwkBe4YeBYJCAQE
IronPort-PHdr: A9a23:YpbEVB3HTRpVVuU9smDPs1BlVkEcU/3cJBIb79wsjLcdOqig/pG3O kvZ6L0tiVLSRozU5rpCjPaeqKHvX2EMoPPj+HAPeZBBTVkJ3MMRmQFzGtKLDAvwK/u5JyA/F d5JAVli+XzzOENJGcH4MlvVpHD67TMbFhjlcwRvIeGgEY/JhMPx3Oe3qPXu
IronPort-HdrOrdr: A9a23:2wW+a6td/ZKJchRlKK+SJjot7skCy4Mji2hC6mlwRA09TyXGra GTdaUguyMc1gx/ZJh5o6H+BEGBKUmskqKdkrNhQ4tKPTOW+FdASbsD0WKM+UyaJ8STzJ856U 4kSdkDNDSSNyk4sS+Z2njDLz9I+rDum8rE6Za8vhVQpENRGtxdBmxCe2Cm+zhNNXF77O0CZe OhD6R81l6dUEVSSv7+KmgOXuDFqdGOvonhewQ6Cxku7xTLpS+06ZbheiLonCs2Yndq+/MP4G LFmwv26uGIqPeg0CLR0GfV8tB/hMbh8N1eH8aB4/JlbwkEyzzYILiJaYfy+gzdk9vfsWrCV+ O8+yvICv4DrE85uFvF+icFlTOQigrGoEWSuGNwyUGT0fARAghKVvaoQeliA0TkA41KhqAh7E sD5RPqi3IcZymw7xjV9pzGUQpnmVGzpmdnmekPj2ZHWY9bc7NJq5cDlXklXKvoMRiKorzPKt MeQf00JcwmOG+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBaVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaN6DgDKFC06 gpdWko9FLaV3iefvFm7ac7uiwlGl/NKQgF4vsukaSRlIeMMYbWDQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,280,1616457600"; d="scan'208,217";a="708474897"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Jun 2021 12:28:58 +0000
Received: from mail.cisco.com (xbe-aln-002.cisco.com [173.36.7.17]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 15HCSw3U007299 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Jun 2021 12:28:58 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xbe-aln-002.cisco.com (173.36.7.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 17 Jun 2021 07:28:58 -0500
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 17 Jun 2021 07:28:57 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 17 Jun 2021 07:28:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bVLV1C4xhNZM70oQMF34hllbZ5NCcgUn5EEcfJ9wO0wjtp/DSb9p4lijLbVfWnIwbTwoA9LVzSubq1ZRBuIKwmEhdG0JPOyDwru43QurYboQ8iki0RuZaPjqmvR8VcJO1UVrzkekbsGx0+eeEVmZzBOjJOmG5bUgc5xYC/jZnntPIExCgfCOmg0ZCuE2TMi9AYCq+p8g3upTHFNQUTT00bYWTWySy5CfHCkZHyAyw4UOCgDd6uAStEUzL0pZCsR0woPYvXmg/55mZOWMTe23xeTATG0urTTdPtD3WqaJtCYE3csMtbJjc02Dv5Le8iZh5PU5MD1jRSUZCxjomdiIYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=EPWdel8caCjGfcBPkerWvBpcp74WVtm+NkdO8HSnF52RHSYQCPEkUNxcpBi8K39dbrV28VF6nW3nTCY9P1264qEAmRlSqV9Fb/+eM5JyRWnV1xxUoovhsz1g9mBalybt5eYb5OkcOFAGkFKTYNjS8PMA/m6Eg0rqdYbXSHRMKdzxrneJGUmSu0P90rXno0O7exMmycxCJZ8Y+eRg41JFQyqZYvrbZeBS/4Bg4rSsxvlD45LkPKpx+ruIhQPplUutdMSOko+MYWqpZqeUaYc1mEjSusK1Oly+MSdSi1r4XzebtgVIAIkab+j++nyqLPKCzdw9LvVIh0B/UGZ/qEPBfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o374vshQpdv4yIeb44QQTCHEZ2/I7A2lCuyO21DWykQ=; b=l72JT/zM2czYT5Td7suoVdTp65HhHn4PA1xIA31Q0nywayrnYP+JGUQ8MZyku5qMi73bx0JdiPu9CjkuGm3wgJFUgFjieYDpJoMS6nMh338p5pdVWv6MWQLNG/SNj+kiI/g/qiam/pG0ltR0QShUJWNGgQK4hGUL/6OUrQxtAlM=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4807.namprd11.prod.outlook.com (2603:10b6:510:3a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.19; Thu, 17 Jun 2021 12:28:56 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64%3]) with mapi id 15.20.4242.021; Thu, 17 Jun 2021 12:28:55 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "ohttp@ietf.org" <ohttp@ietf.org>, "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org>
Thread-Topic: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
Thread-Index: AQHXYrzVWetAgmrc60OsRdOj+5oh3KsYRLqA
Date: Thu, 17 Jun 2021 12:28:55 +0000
Message-ID: <126107E9-B27C-458F-9947-691398E20969@cisco.com>
References: <162383653561.1023.5027949292786523303@ietfa.amsl.com> <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com>
In-Reply-To: <CABcZeBPsfxcmA2MwtqU75QikatAiNAeKuLr5A-mWsEfxq4GrcA@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:f092:31ff:65a9:f581]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d65ec95b-fefc-49cc-ca43-08d9318b7989
x-ms-traffictypediagnostic: PH0PR11MB4807:
x-microsoft-antispam-prvs: <PH0PR11MB4807325477058DAFDEE568C0A90E9@PH0PR11MB4807.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6pVZwhxopP/KMa4xgIWtYK/bNy01skxHjb4cn508NUMgH5YPiqAV3DirIIGYEOINkNrLC47Lcdzew5pqwyOoJLJ5Fh7t50PUoqmhb1yrHyjdpBN/dXsKmPjl3xXg/OVViRJdUItCtTOdgOQreER6jJamroVLtylnE7IopdLkNZBndmSEMKM9+3Bv9VlY9Hno0ClGPjjNZ9WGy9f+MTK985F1h3r210MbjbaaLTy7hnCcloEDmgLcYXoWqkgtjhljfhSOoWQGFBc4ShKlth+P5BgdFc8gR2vuJwnefgVFoiHh4iYqfbm4LEkhC3xBOZ4p1c91ebbylYjxQlsaG6VXxYK7HTLnr+7tnC1u9JF815fhWbgncdeV18qjkfRbGngmAujgIz5Tc4qJAVrxPyeeLtl64abARhHsz9Qh30V/YBf1uSzZckX7rEqtmTOwU1O9G3fqqNsxNykXQMtvs7M09fYmWWKE3k9XdOrhzeA7/Q8Lw/M0b/a4+kecfPJaxAvWwThupCx+MZeL9PF3HFYLLqwZqheYwjYFlZRn+p4SjZeT1fgHg/XgpzTsdB55f/FqtbENzaACVwfD/42x2MMxIGJzPw/Ez4hMTaoMz1nF06sk96/tkxMW86DWScbI7EKTc0MkFwdqszoefaHwJDrisLazEQseNnnjtvUte3u7Q4XhOz7NNBoCCPNKlfKbSVDvJMF/gsvdgrimaVCUtuhhFPGuMUABP6VQTIdKXc3RZys9+CuclsENU6nfzOYLdLpQ0I27zCe64GrzKE1WNUxu3+Sr9MfzbwgyZRSvzO86wMGyQPb1ceR5M8KeV/JwT2Rp
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39850400004)(376002)(346002)(136003)(366004)(71200400001)(86362001)(53546011)(4326008)(6916009)(186003)(33656002)(122000001)(2906002)(6506007)(478600001)(966005)(2616005)(36756003)(38100700002)(54906003)(83380400001)(91956017)(8936002)(76116006)(66946007)(66556008)(66476007)(64756008)(224303003)(66446008)(316002)(6486002)(66574015)(6512007)(166002)(5660300002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1uSXLpDaFPFjXTJTz36iE8P7W/oPxstDhuRYkN3IWLl9O/iqxqJUeAqjTs+gyCIazLyIyLyU1NF8rwoOjWLWbvuhJ4B44WTeR21IewF9Nvq58l8idGv5vdi/0xEjGgtrRP6zxKi6/gGFfpnt/1N5aHgHfq/lYLUrzd+POKEkSpcvFrYeuoW7Wh24G/vH6KnbylKe8BNsb/tZHb5FlFtbtGrrdeY15Yhj3O0oJ2+jr1tc+lRdnxHJdSEJlD7mwiPLJMZ014ev+xkEPCdkAEaUhdVysqeTzdDuI3hu3hZjg1i7vZuAmW5AmEk9yrbpAe9jCiUtZ2nyYQvFGUSOWPxmWccbUAzCZEZMvRXeoYwqPfFk07qZvi/Zf1uqEeJcVjvnieIuMH9XFFWugfRt1j8rrXG+U1aNpWz/eBx2Yt/AGAV4EHkNybluU3QTFJcRaYVOwWP8E6zvgEHXKGocE/JVBLPd05GAk9w/YWtMvtM0AS/k+VFsiLcJK5qjSGsgjvpc11DGssQYJ99wfWv49Y6aV81Uc8zf+meoLtsA4k2zXyg9tRcOJavsSyMKZ82CWwRzfN30tZJwkplilxQ+UeyojejkzTQA0aCPVtkq6qEbNxainbz1uW9bnjDI3GMs7NbS34KnLPEQADYU3G2Mn29DfPV83mmpneW122+0idFqxZYj7eKJgX6fwj5t39dsnOl4ip2ezpD6czzL7xg53BgVfRQSKPCIip0WwJbfBpcRGugrs922nf7HhNXnTGSficbE3lpTpc51tR++0pU71vdbV2SNk7qZZPSInb9Hpxv9U6kBWTvVLRmpqAOqvvfTKBhzaDokE5xtiGoMzKcdYulvoOt8GGHLuA1KxLH1kVNEGmdlk94D9/tjJXvi/Dz9bNdP82Rff0mbYnSb4xBFP1auBXUia90iaItfP/iGTaZnqI74NlvZqO/zWTnMUZDy3YGWUT0AKNAufqPrctZBMS8A0Q6GI/nnnykwv7vyVzj3yohKTbDJaz6QzFwu2g+MQSbuoVhNuk/G8QLv6Pr6H0P1G6fP65aVWPdngWUrJmN8PdQWp2ZcqVxT0Mb5zAYe9VKodis1jMxvuZJK9DkUj7owz9SEkQP1+Tk/B+qL73PcmbaoEuf+Y6J7k+I3VrzS24Gtt5VmicpWVDHNwtivbNP90rEpmA0kdjVDShcNA9irQ/ThtGZ2F5gzRiKO7b0QVwB+/AoXHje6qbsCWAJwNmqcn1CAjlR1H5iSbN/ct7KepJBQc65QCV204N5EBSWfgiVQhBaTvUo5lADovGjlM7FuqJ1mny6ZO6m+OxbI8wcTZUnh+D3zUR1mUhEC0zWch3nQw3vdRqRyL1/TiZptgjT1PNpmcsZ74BBmstZSlN6MN70Pd5VIi+5oRtJnu2+jObhn
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_126107E9B27C458F9947691398E20969ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d65ec95b-fefc-49cc-ca43-08d9318b7989
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2021 12:28:55.7779 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a8CkdCsuY+2uFKdlU9/vcPcZ8iTM8DFFtN1FTyzQLesQ+OsUU6E1jfnnK3OOE3/LrfU59GajBb1G4taQ2+tkoQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4807
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xbe-aln-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/uLtz8SXJxIkTLvKu5s_0faxzRFE>
Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 12:29:18 -0000
Hello Eric Thank you for your detailed reply and the explanations. I still consider that the topic should be presented to the community during a BoF where a longer explanation and Q&A could be done rather than a 30-minute session at secdispatch. If you do not mind, then some more from me below, look for EV> Regards -éric From: Eric Rescorla <ekr@rtfm.com> Date: Wednesday, 16 June 2021 at 16:35 To: Eric Vyncke <evyncke@cisco.com> Cc: The IESG <iesg@ietf.org>, "ohttp@ietf.org" <ohttp@ietf.org>, "ohttp-chairs@ietf.org" <ohttp-chairs@ietf.org> Subject: Re: [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp-00-00: (with BLOCK) > I have many concerns about OHTTP (see below), which may be shared by the > community. Therefore, a BoF is required before creating the WG hence my BLOCK. > We may also wonder why creating a working group for a single document and > whether ART is the right area but those points are details. Perhaps, as Mark Nottingham suggests, it would simply be easier to have this work done in HTTP, thus addressing the "why create a new WG question", and making this proposed charter moot. With that said, I think perhaps you misunderstand the setting in which O-HTTP is intended to be deployed. I.e., it is not a generic proxying system like Tor but rather one which is designed to allow the client, server, and proxy to work together to conceal the client's IP address from the server. Indeed, the most natural deployment scenarios are ones in which the client, origin server, and proxy are all coordinated by a single entity. For instance: EV> Indeed: I misunderstood it; it is clear neither from the draft charter nor from the I-D 1. A browser who wants to send telemetry back to the manufacturer while concealing the IP address. In this case, the browser and manufacturer are controlled by the same entity, who also arranges for the proxy, which is preconfigured into the browser. 2. Oblivious DoH (in a TRR configuration). In this case, the client and proxy might be operated by the same entity who then has an arrangement with the DoH server. EV> I understand the requirements and the use cases (thank you BTW), but, if all the pieces are from the same entity, then I wonder what is the purpose of the machinery ? I could understand OHTTP if the 2 proxies are operated by different entities but with one ? Note that these cases are largely maintaining existing topologies, but merely inserting a proxy. Moreover, as noted above, these relationships are largely static. > My concerns are not all technical ones but include: > > 1/ What is the incentive for the proxy/request intermediaries ? I don't really think this question is in scope for WG review. We don't typically ask why organizations want to do things, but merely whether there is interest. I think it's clear from the discussion leading to this that there is interest and I can tell you that Mozilla is looking at running such a proxy, as are others who may want to speak for themselves. EV> see my point above, what is the use of it if all function elements are controlled by a single entity ? > 2/ Depending on 1/, we may expect that just a couple of intermediaries will > exist, this leads to centralization to a couple of parties but also introduces > a single point of failure, scalability issues, and easier censorship. This is irrelevant for the use cases of interest, as described above. EV> agreed if this is limited to those use cases but it can obviously be extended to any HTTP session. > 3/ While OHTTP would be able to 'hide' the good guys from bad > networks/servers, it would also protect the bad guys who can then easily attack > servers; leaving servers defenseless as they cannot protect against an attack > by blocking a couple of IP addresses without also impacting the normal users. > Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not > have the bandwidth to be a DoS vector. This is an issue to some extent, but because the relationships are to some extent static (i.e., the server does not expect to receive large traffic volumes from arbitrary proxies), it is less than with a generic proxying protocol. In general, servers are going to expect that proxies do anti-DoS. With that said, because the O-HTTP requests are wrapped, it is possible for the proxy to provide anti-DoS meta-information (e.g., IP reputation) that is more difficult with a generic proxying protocol. Moroever, unlike a generic proxying protocol, we don't expect ordinary HTTP servers to run this, so the risk is easier to control. EV> understood, but, far from being clear from the I-D and proposed charter > 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in > democratic countries will become less and less able to achieve their tasks. I don't think this is an appopriate consideration either, for the reasons indicated in RFC 2804. EV> hence my ‘and perhaps less important’ EV> and in the described use cases above, this is not even relevant at all These detailed points aside, these objections seem particularly out of place in light of the fact that the IETF is presently designing a generic proxying protocol that is designed to work with any server, without modification (MASQUE). All of the considerations you list above apply a fortiori there (and, for that matter, to RFC 2817 HTTP CONNECT, TURN over TLS, and any VPN protocol we've designed). Given that O-HTTP is a more limited system than all of those (differing primarily in that it is optimized for single request/response pairs) it's hard to understand what the problem is. -Ekr On Wed, Jun 16, 2021 at 2:42 AM Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Éric Vyncke has entered the following ballot position for charter-ietf-ohttp-00-00: Block When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-ohttp/ ---------------------------------------------------------------------- BLOCK: ---------------------------------------------------------------------- I have many concerns about OHTTP (see below), which may be shared by the community. Therefore, a BoF is required before creating the WG hence my BLOCK. We may also wonder why creating a working group for a single document and whether ART is the right area but those points are details. My concerns are not all technical ones but include: 1/ What is the incentive for the proxy/request intermediaries ? 2/ Depending on 1/, we may expect that just a couple of intermediaries will exist, this leads to centralization to a couple of parties but also introduces a single point of failure, scalability issues, and easier censorship. 3/ While OHTTP would be able to 'hide' the good guys from bad networks/servers, it would also protect the bad guys who can then easily attack servers; leaving servers defenseless as they cannot protect against an attack by blocking a couple of IP addresses without also impacting the normal users. Section 8.2.1 of the I-D is a little light on the topic. Tor currently does not have the bandwidth to be a DoS vector. 4/ Related to 3/ (and perhaps less important), Law Enforcement Agencies in democratic countries will become less and less able to achieve their tasks. All in all, the points above should be discussed by the community before creating a WG. There should also be an operational consideration part. -- Ohttp mailing list Ohttp@ietf.org<mailto:Ohttp@ietf.org> https://www.ietf.org/mailman/listinfo/ohttp
- [Ohttp] Éric Vyncke's Block on charter-ietf-ohttp… Éric Vyncke via Datatracker
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Rescorla
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Vyncke (evyncke)
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Christopher Wood
- Re: [Ohttp] Éric Vyncke's Block on charter-ietf-o… Eric Rescorla