Re: [Ohttp] Centralization and deployment models
Martin Thomson <mt@lowentropy.net> Tue, 15 June 2021 23:47 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6F7E3A42AC for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 16:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Eh2taDCF; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LhZr5ICH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7A8NvilkEL3 for <ohttp@ietfa.amsl.com>; Tue, 15 Jun 2021 16:47:01 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE513A42AD for <ohttp@ietf.org>; Tue, 15 Jun 2021 16:47:01 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 11C101531 for <ohttp@ietf.org>; Tue, 15 Jun 2021 19:47:00 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute4.internal (MEProxy); Tue, 15 Jun 2021 19:47:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=tkHDC4gjIUfV59P49WS1aXxTtYrVMh5 YUIZAeeVux8g=; b=Eh2taDCF3nsMi8D5kStAo/aU53hpCsqCNAtEWSqc8C0fnmv vbS3v96b+d2weViDGzlysP6X03nH2lFpL5e7DmKY88+xfmmVObGjuBZh5cdxu6wv 7tyNeRPzfDxDJlTbMGHAdWTZWEQSQ2tPbZQYGGYgsbxdzgvgOAzHy744w90DBhYg jSvXbxIQYEo8Sj+mRBzEtnwH7L7Oa9e7TyhwbqE28oZOTFuIa/wulgJt3LqhXvQG SMBEFZpHLo8aGj8Gyws1NNPxHkM8MkuWOB7ozIkkqBUkeScjPKEU49zVpzdcC5Q+ 0nljdH/gb+71hqE+88XYp4WxkCUmBbYcC4hXapg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=tkHDC4 gjIUfV59P49WS1aXxTtYrVMh5YUIZAeeVux8g=; b=LhZr5ICHnzkmeQixwfJQkZ ltkjQJBMeyafiI7waurAXc1lLkHtmSYw23g51pksAzZtDrPoME/lwAgqVaOQzvOo qEnLfBWfoVrk3X89bs4JaWjizunNk5XOPOdPFV9mCTjF32t3zzKB6G4ATPDl49lw N591ooHFl2TklEiGZoVRgS1coehuF/MUmC5pATJo6TazHl5V2GG8XOK7losH1Mwa /KoktdfVEpwb2CIRyW73ITqD7YaHkEyIDSKVW+VclDWW5r/Z10cUToJpgkdi93ow CTsqhUWy4U9LA0L+vAX3Vdi38drNQQHtnkAy8kOLNr0+UoLYZ31XYurFg66wbM3A ==
X-ME-Sender: <xms:8zvJYBJWQNp4iihtpXzHRHcJgE4VKZeCUEUJZD3G1BBFTgXkjXdXsw> <xme:8zvJYNLtRvd9jNiCxjSSlHPGp1SLF5lcJMVrDfna2TAXUDr4RZ5azkvUe-blNI78E KhqiZaIa3S4Z5oMjEs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedvkedgvdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:8zvJYJtG1lPJPZKQnkZvmkf0VMGkZblKw0R5Jnaxxx3LrmNWHsXyYg> <xmx:8zvJYCa-cvuuLhQ6cNR8OurMAETMJY7z02uOj62VW3MLjr_tA25Ktw> <xmx:8zvJYIbe_KHzy0SuyZQKIQUpA8OBHt9XvhSx_07Ol-vhQ-wkqi6tXw> <xmx:8zvJYBmxqkIvFGfdgFhagBfJbGNyWCJwmVAteHeqCoDx1qX-OUSK0A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5F0354E0169; Tue, 15 Jun 2021 19:46:59 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-519-g27a961944e-fm-20210531.001-g27a96194
Mime-Version: 1.0
Message-Id: <504724b7-d9e2-474f-ad7c-0687ae224665@www.fastmail.com>
In-Reply-To: <2009158400.9760.1623760514335@appsuite-gw1.open-xchange.com>
References: <4f21995e-1fa3-4813-bfb4-42d117fe7f2e@www.fastmail.com> <2009158400.9760.1623760514335@appsuite-gw1.open-xchange.com>
Date: Wed, 16 Jun 2021 09:44:41 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ohttp@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/zDXUdX30T29NqQW_2ohxOWUUVjA>
Subject: Re: [Ohttp] Centralization and deployment models
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 23:47:08 -0000
On Tue, Jun 15, 2021, at 22:35, Vittorio Bertola wrote: > I think that we should consider the possible implications on Internet > centralization from the start, exactly like we need to consider > security and privacy impacts. This I agree with. We are collectively still grappling with just what it means to consider these issues, so maybe a little more deliberate effort is needed in new efforts to engage with the topic. I just don't know how to turn that into something actionable. It's not through lack of trying either. The IAB spent a lot of time on the subject in the 4 years I was there and have done since. We have no shared understanding of the subject and so no concrete advice to give. We just have a general sense that consolidation is bad. Maybe that is limited to when centralization leads to single points of failure or control. We don't know what leads to centralization and - in particular - what protocol designs might to do influence it. I've heard it said that DoH has worsened centralization, but I don't think that question is settled either. What is natural forces of market pressure and what the protocol enabled are hard to disentangle. For DoH, I don't know if we could have done anything different then, even with this foreknowledge, except to the extent that we would have tried harder to engage with those who might be affected. And just to make it clear, I don't think that the parallels with DoH and this work that are being drawn are quite right either. Part of the reason I am engaging with this work is that it helps a major privacy problem with DNS centralization problem: the aggregation of profiles at DNS resolvers. All that said, I'm no richer in terms of knowing what to write in a charter on the subject. > Again, this depends on deployment models. Would OHTTP proxies be > anonymously available to the general public, or would they require user > authentication before use, or be restricted to traffic from specific > networks, or specific devices, etc? No deployment model that has been suggested to me involves any anonymous, general purpose, and open proxy. Indeed, as I mentioned to Eliot, the protocol as proposed cannot be used for general purpose use cases. You might define some sort of extension for that purpose, of course. > [...] a new standard should include deployment recommendations to > prevent the worst scenarios from happening, or explanations of why > those scenarios are unlikely or unattractive for abusers. This is a reasonable request; FWIW, I've opened an issue on this. We have some of this text already, but maybe not as comprehensive as you might like.
- [Ohttp] A few responses Martin Thomson
- [Ohttp] Centralization and deployment models Vittorio Bertola
- Re: [Ohttp] Centralization and deployment models Martin Thomson