Re: [Pearg] IRTF Chair review of draft-irtf-pearg-censorship-06
Colin Perkins <csp@csperkins.org> Sat, 17 December 2022 20:03 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47ABBC14CF1E for <pearg@ietfa.amsl.com>; Sat, 17 Dec 2022 12:03:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eaodwzjrKjo for <pearg@ietfa.amsl.com>; Sat, 17 Dec 2022 12:02:56 -0800 (PST)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DDA9C14F6EC for <pearg@irtf.org>; Sat, 17 Dec 2022 12:02:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=Xv6uoH1SZ3dwhUkwNGIhdRaD/pA0Z+So9nMm12NiJJ0=; b=1JQP5gi7csqfqen/ntazzMjJnW IWRLojsRQHhKcDMVmFj70MLyqOGC0yt4HC2+dQg8HaBSWSi05sXlRk139S5WjwKrvng8QSYyfL7aR wQIu7q8PQrhFMN4xaDrVZnw/3xCSKrc2TNKuj98ctl5GLBSR47b+6cP4gaRQZ8A2IfvKx2kP3hCIH 5F+vmNdg48NdLj4gV5k8joAFi8vn1TfJRQUuJP3631FATwUx9a597uYJfZplzqnljOCtSY41Vx+5A +jZbgTBb1Pm/EVvx2x2Qb+L+SQPdUNDyqj94jBFPX0kdISIHDtuB1WEwodxqD0i3u3tVxBjWh07iG DCEPKRMg==;
Received: from [81.187.2.149] (port=34622 helo=[192.168.56.1]) by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1p6dOY-00BaSB-IG; Sat, 17 Dec 2022 20:02:54 +0000
From: Colin Perkins <csp@csperkins.org>
To: Mallory Knodel <mknodel@cdt.org>
Cc: pearg@irtf.org, pearg-chairs@ietf.org, draft-irtf-pearg-censorship@ietf.org
Date: Sat, 17 Dec 2022 20:02:49 +0000
X-Mailer: MailMate (1.14r5930)
Message-ID: <036B4FCA-71C5-4C7E-9007-C5CC24BAB491@csperkins.org>
In-Reply-To: <3e99a9e7-bf20-dada-d04f-8341217fdb01@cdt.org>
References: <EEB94C0D-88B8-4AE2-BF71-93E370D4A3C8@csperkins.org> <3e99a9e7-bf20-dada-d04f-8341217fdb01@cdt.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/19BYkavyhevGQtTpfDAlYKJzhco>
Subject: Re: [Pearg] IRTF Chair review of draft-irtf-pearg-censorship-06
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2022 20:03:01 -0000
Hi Mallory, On 15 Dec 2022, at 17:40, Mallory Knodel wrote: > Hi Colin and all, > > I made some changes in the new version thusly: > > On 12/2/22 12:29 PM, Colin Perkins wrote: >> RFC 5743 compliance: The draft does not follow the guidelines in RFC 5743 > Fixed. Thanks - but I think a little more is needed. The draft doesn’t state the breadth of review undertaken by the RG, and doesn’t include an explicit statement that the draft is not an IETF product and is not a standard. >> There are two places where specific censorship products are mentioned, along with citations of their use (SmartFilter in §3 and §4.2.1, NetSweeper in §4.2.1). Given that the set of such products changes over time, and is likely to become rapidly obsolete, I wonder if the draft might better just list the classes of products and leave the specifics to the cited sources? > Agree-- and since those sections included enough description of those technologies it was easy to remove them. However I did have to change the citation for NarusInsight because the former citation (directly to the EFF blog post about the AT&T lawsuit) didn't mention it. I use the Wikipedia article about the lawsuit instead, which gives a better overview of the techniques in question. This is good, thanks. >> §4.2.3: “Note that TLS 1.3 acts as a security component of QUIC” – do the differences in the way TLS integrates with QUIC affect censorship as described in this draft? > > My interpretation of the intention of this sentence is to point out that various parts of TLS 1.3 are used for blocking, but that each of these parts then can be used to block QUIC in the same way. So rather than having a QUIC subsection, they are combined. I checked the subsequent sections and have confirmed that the subsections where relevant indicate where QUIC can be blocked or where QUIC cannot be blocked with the same method given that it is, still, different from TLS. I was asking a slightly different question that was maybe not well phrased. TLS when used over TCP formats the TLS handshake in a particular way onto the TCP connection and exposes certain information in the clear (the SNI, for example). QUIC does this differently, sending the TLS handshake in CRYPTO frames as part of Initial packets that have some limited protection applied to them. Do these differences change the information that’s exposed in a way that affects the censorship described in this draft? > Additional note! Another major change that I should note here is that I've now added some text throughout about image hash matching. Essentially anywhere keyword or URL blocklist is mentioned in a way that is adjacent to content filtering, I felt it appropriate to note the way that images and videos can also be detected and actioned with removal. The very brief text is cited to an excellent description of Apple's proposed NeuralHash scheme written up by ekr, and can be found under 3.0. Technical prescription and 4.2.4. Instrumenting Content Distributors. These changes are fine with me, provided the RG agrees. Colin
- [Pearg] IRTF Chair review of draft-irtf-pearg-cen… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Dr. Joseph Lorenzo Hall
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Dr. Joseph Lorenzo Hall
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Mallory Knodel
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Eric Rescorla
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins