Re: [Ohttp] Discovery (no)
Eric Rescorla <ekr@rtfm.com> Tue, 27 July 2021 17:40 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B251B3A0D58 for <ohttp@ietfa.amsl.com>; Tue, 27 Jul 2021 10:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmP3RL-2EBo8 for <ohttp@ietfa.amsl.com>; Tue, 27 Jul 2021 10:40:35 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96D093A0D6D for <ohttp@ietf.org>; Tue, 27 Jul 2021 10:40:32 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id e19so14340ejs.9 for <ohttp@ietf.org>; Tue, 27 Jul 2021 10:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9PNoK2BdiZeAR1ddsk+++bdKBecVosAX070F1FZjeWw=; b=sN7TsZRARX4ehyLvCKHHojbLmSEg7YOj2mME62yjU1UOsIk1Qu8mQWhRcjn9AekSB1 Ky77YUnw5lXAu0r0ff6Se+dzoPUXabh2lmxEQAAh8R62ZE19nXsNecrpYcjEXHszxsJ0 Swp7b+9jxVDmNKvVeC6gIEPLJI91GSDDfXVVltBk3ClCHdlLSl8ZisQC75JPCeG+ryek ggV0V70NyUBDKGb02cy8KD8PX4ESPhziYmJAQH+KGz4MkzYXtPcHPi6TCCxIzyvAmXR8 sgJXeOwishQ/b5Pc9PrVa+ugn10Rss+lz7dkQ2tSIOlaUr+/a6eRXq9rhFms4XfFhAvl uGUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9PNoK2BdiZeAR1ddsk+++bdKBecVosAX070F1FZjeWw=; b=K4kHAFGlp491DdKOhjIcTZv/p6uF61j1to90abNifEGU5dGWeCfEbGB1UpCuHq89H4 /x82h29JZHQJh+O5aCUtu2eNXdmm05ROzQ89+3WUFJL0vuf68UvnE2kNdri3Efrao9iV PsLHpMowNfNZrY5rc7UdvXb2QnT26E34HAMwBeJ6pCg4my6ZBL9aRmwIvXyIHmSHsIZG jEIlu3nlzJzjETTVu1ri7s7XGRK/dtIEArgGzk7BXmrVOotyCWOaFxmB9T/RTLjr34BN 8DsJfYcWDIbxty3geOHLRo+if4OG7CMMrHWSotKLOWZunG46vsmHNYAmBjWElSNROxVb d4uQ==
X-Gm-Message-State: AOAM532EUXs+fgsb53pjZ+2D/9MRpEAwgivozhdg+CiCvAQ/ejx6iTj+ V4hCiXCdX4ZEns5apuGpMgO/4J6K5uL8anzxR+Rrhg==
X-Google-Smtp-Source: ABdhPJywLTme7KA3NoFc/kzrs2jgkrl/SypSBbWs5Pj/GsFulkY8b23exVjwZLnFqz+gXdwPe/TATxcIwPoiK3mSk6k=
X-Received: by 2002:a17:906:7951:: with SMTP id l17mr23256218ejo.529.1627407630440; Tue, 27 Jul 2021 10:40:30 -0700 (PDT)
MIME-Version: 1.0
References: <CAEm8Q12LUx42gYODFVBpLUd0UbwfAvfScDC5Wnm+jsmaB6osQQ@mail.gmail.com> <3cb3ea05-57d8-4db2-9bdb-78cf8d8cf4c5@www.fastmail.com> <CAEm8Q12MegnasLOOEcCVLkZ_gW9E2JXx9hoWF1hFm+4dcwfXyw@mail.gmail.com> <CABcZeBMMh6rOymV9QB7sgCB33PD91im94nNR1h2gBo7fmEriRQ@mail.gmail.com> <CAEm8Q10PnoCEzUZb4mh7XBkz4T4ZeVoeyR_jx7u2VdG9SpUYLg@mail.gmail.com> <CABcZeBN_NZHXTBfRc9tGKArx71_xXogVHC0Any+0Vs9C626iYQ@mail.gmail.com> <CAEm8Q11wzXNBZzgy3eiU88sg15FPVD2br=v8nVH2YkrRynE66A@mail.gmail.com> <LO2P265MB0399D2CBC8855EBB0FA28571C2E99@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM> <ADF568AB-62AD-42B1-821A-EC35B0537A8C@cooperw.in>
In-Reply-To: <ADF568AB-62AD-42B1-821A-EC35B0537A8C@cooperw.in>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 27 Jul 2021 10:39:53 -0700
Message-ID: <CABcZeBPs3pEPC+OSvEswxTmaTP9d3L6Me8N7r8MNb=5+YSumKg@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Andrew Campling <andrew.campling@419.consulting>, Thomas Mangin <thomas.mangin@exa.net.uk>, "ohttp@ietf.org" <ohttp@ietf.org>, Christopher Wood <caw@heapingbits.net>
Content-Type: multipart/alternative; boundary="000000000000b7b9fd05c81e5df6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/xPslPPcTiGMFemwTufuD5eGn2S0>
Subject: Re: [Ohttp] Discovery (no)
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 17:40:41 -0000
On Tue, Jul 27, 2021 at 10:30 AM Alissa Cooper <alissa@cooperw.in> wrote: > Hi Andrew, > > On Jul 27, 2021, at 11:13 AM, Andrew Campling < > andrew.campling@419.CONSULTING> wrote: > > On Mon, Jul 26, 2021 at 21:07 Thomas Mangin <thomas.mangin@exa.net.uk> > wrote: > > > > > > > I feel we will have to agree to disagree: if developers can not create two > interoperable implementations from a draft/RFC alone, this is not a > complete document. > > > They *can* create an interoperable implementation. The entities that > interoperate are (a) the client/origin-server and (b) the proxy. It's just > that the client/origin server are in two pieces. But that's no more a > problem than that in order to do QUIC you need a QUIC stack and a UDP stack > but there's not really a standardized interface that goes between them. > > > > > With the same argument, the port could/should be left out of HTTP RFC. > You can make interoperable implementations without it, you just need to > agree the port outside the RFC. I fail to see your QUIC parallel, I had no > issue with the QUIC drafts but I its has been well over a year since I read > a draft and I have not read the published RFC. Also there is quite a few > "end-to-end" OSS QUIC implementations where developers were able to create > QUIC clients and servers. I can not implement a OHTTP stack and make it > work with anyone, without out-of-draft discussion. > > > > But again, I feel that it does no matter on long we discuss this on the > ML, we will probably not agree. That said, the draft encoding and > components description is very good and clear and I can see no issue with > it. > > I agree that discovery is a necessary part of the development of this > protocol: if we rely on unspecified, out-of-band methods for proxies to be > determined then we are open to collusion between parties, with associated > loss of any privacy protections, as well as risk of further > centralisation. > > > Parties can always collude whether or not a discovery mechanism is > specified. > Indeed. Moreover, one of the key configuration questions is which proxies you trust not to collude, and that's inherently a decision for the client. You'll note that the question of "discovering" which trust anchors TLS clients use is not one that the IETF addresses. -Ekr > Alissa > > In my view, the WG should commit to documenting a fair, open discovery > mechanism for proxies that is published alongside the main protocol. > > No doubt this will come up in the BOF discussion later today. > > > Andrew > > > > -- > Ohttp mailing list > Ohttp@ietf.org > https://www.ietf.org/mailman/listinfo/ohttp > > >
- [Ohttp] Discovery (no) Thomas Mangin
- Re: [Ohttp] Discovery (no) Christopher Wood
- Re: [Ohttp] Discovery (no) Thomas Mangin
- Re: [Ohttp] Discovery (no) Eric Rescorla
- Re: [Ohttp] Discovery (no) Thomas Mangin
- Re: [Ohttp] Discovery (no) Eric Rescorla
- Re: [Ohttp] Discovery (no) Thomas Mangin
- Re: [Ohttp] Discovery (no) Andrew Campling
- Re: [Ohttp] Discovery (no) Alissa Cooper
- Re: [Ohttp] Discovery (no) Eric Rescorla
- Re: [Ohttp] Discovery (no) Andrew Campling