Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"

Joseph Lorenzo Hall <hall@isoc.org> Thu, 23 July 2020 22:05 UTC

Return-Path: <hall@isoc.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A0593A059F for <pearg@ietfa.amsl.com>; Thu, 23 Jul 2020 15:05:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hKrCUfhICQE for <pearg@ietfa.amsl.com>; Thu, 23 Jul 2020 15:05:55 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2044.outbound.protection.outlook.com [40.107.94.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E26103A0598 for <pearg@irtf.org>; Thu, 23 Jul 2020 15:05:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IoSvQcxW+bP+cZi5D12J/Q/5UhtN4wYutdcEtlo/uJoMddpeGSWiDh/qBy9kdPf4Zu9YU0Gny85Bvz7ByAiomd37rbc+67AJfBMk6tgxeF07AAgtypeSgfq7wYzYmezdGtZ8e37nedlT+VAuj16dNcHfZpYG9GvNKYkeFU+f3BouaMmIJi9tmz68KiaUkWfNWfyakExP+e2uBGYjD8+N5kainrXGeDDEeTLZR90clHIIYFGYp2PnGOwlnddDNL4qd4AdMT2lCO1Q5Rli/IbyNwHrJz3jf1S96xBbyf+UkLQpsfnycffIxZqcSd3hN6fbPTRmtHk560HqF+bgG7/gIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P4HiobSqk+/Q1A9PnZEED2xJtNz+ApHAqVvQ3jCBy98=; b=D6d8ibFhmfM5p6T6mjuRRvy8GWyLu81xTQRTA4CVbGWG1n+e1dsZNqLpgiV57gMJcyEOlG1+930eX9+UEz4kQr4qzEhz066hbyJj4ux4zbx/Jr/kNA8Qg1cq48yHHHXHfnvL2tucRszDq2NdFNJrOmW41HpWX2oIJarbTys7KZhMX6/q8gGIayuPy9z6C7hjMnT2terytq/JbzL4KiXORUGogVtJIy99S6xDy1XYXU12aZyWGrb451nq8ia7vtFBv2aKPCnTMh1I44ElIRDl+GTBJD6QhaLDHbFLLtrPh/4dGHZTH1GEJ3wKWjMzN2r2/2/gvZCpvOigR+ac5STfeA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P4HiobSqk+/Q1A9PnZEED2xJtNz+ApHAqVvQ3jCBy98=; b=LepYhJ7S+Q2WAsSHqTxFPaqRHh9ooGgCTT0dJL+6UDJhXe235YXl/xgNUAN7fexw8fkXlhLhOZ6RLqCg8+ka5EEZrY01U4HIqIo3bphSBBYihLoGu5vFYXi59csonUNfqJQbDpgaL1e0s3C2KaRwaluVg5DSkrKjJKtdQ97GYac=
Received: from BY5PR06MB6451.namprd06.prod.outlook.com (2603:10b6:a03:21e::20) by BYAPR06MB5957.namprd06.prod.outlook.com (2603:10b6:a03:15a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23; Thu, 23 Jul 2020 22:05:52 +0000
Received: from BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::6058:ff81:1380:a73c]) by BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::6058:ff81:1380:a73c%3]) with mapi id 15.20.3216.022; Thu, 23 Jul 2020 22:05:52 +0000
From: Joseph Lorenzo Hall <hall@isoc.org>
To: "S. Moonesamy" <sm+sdo@afrinic.net>, "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"
Thread-Index: AQHWT/VFM6Ff4wrvvUehNqllZogwyKkV2o+e
Date: Thu, 23 Jul 2020 22:05:52 +0000
Message-ID: <BY5PR06MB645151E45BFA2465AB5AB5C8B1760@BY5PR06MB6451.namprd06.prod.outlook.com>
References: <08f43a37-2b7b-418e-95a8-ed57484c66be@www.fastmail.com> <3eba505f-8e85-472c-b22a-660c6ec697c1@www.fastmail.com> <BY5PR06MB6451CAEC5B1CF4FC2C32432EB1860@BY5PR06MB6451.namprd06.prod.outlook.com> <3ed2d30b-9a8d-432f-273e-f2ca183f0f22@andersdotter.cc> <BY5PR06MB6451000D6397DFE09F93BB26B16E0@BY5PR06MB6451.namprd06.prod.outlook.com> <6.2.5.6.2.20200701055337.0d575238@elandnews.com> <6.2.5.6.2.20200701113215.0bf66010@elandnews.com> <44321D58-F56E-47E2-94BF-ED1B7ECA56A7@isoc.org>, <6.2.5.6.2.20200701121525.0adc6978@elandnews.com>
In-Reply-To: <6.2.5.6.2.20200701121525.0adc6978@elandnews.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: afrinic.net; dkim=none (message not signed) header.d=none;afrinic.net; dmarc=none action=none header.from=isoc.org;
x-originating-ip: [108.56.212.130]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ea096292-c116-4ce4-edc5-08d82f5490bb
x-ms-traffictypediagnostic: BYAPR06MB5957:
x-microsoft-antispam-prvs: <BYAPR06MB5957F149D2345A99858D7038B1760@BYAPR06MB5957.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nMubwJJa6HiZ5TAr24t0Z8L4Fq7c8HJmJMSwyQ0tTu0FHZGEUj2NaWOlbZ36Xaja+EnUGeZk3RzE57VjCza6rWY/o+dv+XjQAkfrOb75q6dOE4DUJj6UlOL848G/HSl6l4Svi1sboKq5zLljnxr0IC90WJdNS9m3fI1zf/dvo4P+OOdEE/zZJycM59343in+A4uMAOCAmfzeJifFMh2KBj3fMqVMwiV32y1oX3WBi7cscAuXLvvWVMStY660hUggIHazpos+1fGUR8g0Xo5yh0rVivbBgenDTLZTKPy5XbTiw04HBRtbd5P7CO3CuHYGPafIJAMqMepyfFkZpEgrKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6451.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(366004)(39850400004)(376002)(396003)(136003)(86362001)(186003)(7696005)(2906002)(19627405001)(9686003)(52536014)(53546011)(83380400001)(26005)(6506007)(110136005)(66574015)(8936002)(5660300002)(316002)(66556008)(66446008)(8676002)(91956017)(71200400001)(76116006)(55016002)(66476007)(66946007)(33656002)(478600001)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: mpMSqoMjF8tWdFRIFzrKNsnUmx0FbysllvhJdPk7LcxWKMYrQPUoLtzPmHuTjJn0cisOeHCeLfIE9nHQhuyV1niHmHlJkjdbIeg5MeiJg4yAQ0dKzU18ONWelzuVvLCd8/CJfdTwbsSL2i+9W2kHVinUsxhwZJllXjX/aJKdPdUMXyzQ2FBBkngCRjl2SwYB47BQlhTcq6C1ZvFXGaxEUxsblNmLMOsM9+5VIaAxdKMqGHUEKVFv0wT/pJoyfAF90mth5M6hWdZTUX/9I2f2peZ881zY9kUE1J32x0Yvt9m6ElWCjPr/im5TVQ0FSyIsPzrmv/tRCu+Gu/HzgWG/uOVNfyevbR+sWqAmtoXoBnCeHbz73LAIxIKJO+4Rd9VIhabT27GVecojNB2vQKNswcmrZtLNBGgBo1/UfmHa+yF4miFi0P+P/ZdQzQ6g+jGKw5GribeCoxg/hk8bBtqi6QckFw2tRc3l7Y44J7YV9Ke9L2Wcr4p0ebXas8RdvwDL
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY5PR06MB645151E45BFA2465AB5AB5C8B1760BY5PR06MB6451namp_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR06MB6451.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ea096292-c116-4ce4-edc5-08d82f5490bb
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 22:05:52.3534 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +g9cPTI3kf/lJhSGDDop9xumpfVfzoN7fgezwZ3uipbr/i63PEoEt/iqKMwYzM+i
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB5957
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/OsbRvNMXBNdwrzzKRAVm2AGpk_w>
Subject: Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 22:05:56 -0000

Hi, sorry for not following up sooner (going through things making slides for next Monday!).

I'm unclear as to what you'd like the draft to say differently here. Happy to work on making it more clear but I think what you've outlined is what I understand the ability for an RIR to be compelled to sign routes that misdirect traffic. best, Joe
________________________________
From: S. Moonesamy <sm+sdo@afrinic.net>
Sent: Wednesday, July 1, 2020 18:14
To: Joseph Lorenzo Hall <hall@isoc.org>rg>; pearg@irtf.org <pearg@irtf.org>
Subject: Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"

Dear Joseph,
At 11:59 AM 01-07-2020, Joseph Lorenzo Hall wrote:
>I think what the wording of the draft is trying
>to do there is to point out that if you can
>compel a signed route, ASs will tend to start
>sending traffic that direction, potentially
>compromising the confidentiality and integrity
>of the traffic, not the ROA. I'm happy to make
>that clear. Also, feel free to push back and say
>that it's out of place… this ppart is trying to
>catalog entities in positions of power that
>could affect the ability of two ends to communicate.

I'll explain what I understood.  Please do
correct me if you or anyone believes that it is
incorrect:  The Introduction section states that
the document describes technical mechanisms that
censorship regimes around the world use for
blocking or impairing Internet traffic.  In my
opinion, the reader would expect that the points
of control (Section 3.1) are/were used for impairing Internet traffic.

Section 3 is about the identification of
"technical" points of control.  One of the
examples given is that of a Regional Internet
Registry which issues a Route Origination
Authorization when it is requested to do so by
one of the members of the Registry.  The argument
is that the Registry can be compelled by law to
issue a Route Origination Authorization which is
not compliant with its practices.  The traffic
for the "prefix" would then be redirected to another entity.

Given the above, the two ends would not
communicate as expected (there are RFCs which
discuss end-to-end).  Would that happen without a
Route Origination Authorization?

The example at the end of the paragraph about
"Certificate Authorities" mentions "TLS
interception".  Wouldn't that be detected when
the certificate is verified by the receiving side?

I suggest reviewing the issue which you described
and the text instead of saying that the text is out of place.

Regards,
S. Moonesamy