Re: [Pearg] Call for adoption: draft-wood-pearg-website-fingerprinting-00

"Christopher Wood" <caw@heapingbits.net> Mon, 20 January 2020 16:16 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F2612089B for <pearg@ietfa.amsl.com>; Mon, 20 Jan 2020 08:16:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=Md9Nv1ZV; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DkS9kgzm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54lR8-0TBqJd for <pearg@ietfa.amsl.com>; Mon, 20 Jan 2020 08:16:29 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A56BB120895 for <pearg@irtf.org>; Mon, 20 Jan 2020 08:16:29 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0222221ACF for <pearg@irtf.org>; Mon, 20 Jan 2020 11:16:28 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Mon, 20 Jan 2020 11:16:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=iJt9p xaexUrozARJDW002n0ByMCyp5ZYuH+p/9z+/lQ=; b=Md9Nv1ZVodGCk2pvm0kRo BZO1aRRhdR0AcoYqL3ReXKGdJZceniHl6/2PKdW2W20gEj8JsN6vGCj2cC3QGul4 DTQO1+XNJydM68TwaH09dzqs2EkxlreIL8ASRgS0vATfASoGZg0TxPXv8NMlDDM3 vIsQaLwmA6vIF8vpTVpLfWeAS6Y71KRv5LOaFCVT2UVsmdtF7HIxV0VOaepKwYqR zKHDyzgFRcuJlgrWePDq3/M3v4RDoCbCz/YmO+lyeZOP2cJbcUrvmTRo/u9+ZEh+ xqyWhqMB9h37nyZwPtkMo/aiXbXukwC97hyFWEFVNQUSTEpPTC8egrWsfbiff3Jt w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=iJt9pxaexUrozARJDW002n0ByMCyp5ZYuH+p/9z+/ lQ=; b=DkS9kgzm1hEUeAlc81wserINK9kM3Z00LAJ6j27pylbFeXXvLa+X0l1R6 nSwUApRlB/BYY5Ps2l0Ieekd/SKZFanUkgHW8gvdiA8ZUPRMFERVmbZr1Zs5684m g28blcofTmamyelJD08+mSnPd2O+6MLp4l2nbVEbyQhWLoHEU3KA4iEmnJE+cHgl 20LUQJNmPRxfYfGuQ2kcp4M1DQT3EXbqNFP896Hq/V2DTuCTj98fM5rO+m6zUmVm ANorgOCSOU6/CgS00SwvTgxWx/85IUwhpCZSpzx29f/A50lzKG4pnFvfhfAARID3 MbeiSheMv1vwTZ9mz0h+OcCCsyQ5w==
X-ME-Sender: <xms:W9IlXinAO0F4HP5ALomkOALUahjIu1gT7GF5C6MtRsXANuxCl9A92Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeigddvfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpd hgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:W9IlXi6dUILsZFw5z6s2-h2RFyhpnGW8Yug_8_1gnkFjSsvmdV8sjQ> <xmx:W9IlXpudXrjMTguT2N1Yl72eoIbLepeCHe-G5jYmxdYpRF0Zy95DNg> <xmx:W9IlXiXcqFeUNKPhsJokFTe9BUlmTqKlLVWulGezvoLO9dQMHV0trA> <xmx:W9IlXhyOeRgRfmI4_aDNxnzPhgty7eqDjSuTj2FdCcSgPOTSgXhj0A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 577233C00A1; Mon, 20 Jan 2020 11:16:27 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-754-g09d1619-fmstable-20200113v1
Mime-Version: 1.0
Message-Id: <20bb79b9-104b-41cd-b837-997c95ffb7ed@www.fastmail.com>
In-Reply-To: <9d1434e5-9a2e-6004-9c25-3b105d099e18@cs.tcd.ie>
References: <B33EF781-F4E7-4B09-B0AC-3B39DE181F73@sinodun.com> <9d1434e5-9a2e-6004-9c25-3b105d099e18@cs.tcd.ie>
Date: Mon, 20 Jan 2020 08:16:06 -0800
From: "Christopher Wood" <caw@heapingbits.net>
To: pearg@irtf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/KXuxXvot-r0swMG3tDEHbv46vmk>
Subject: Re: [Pearg] =?utf-8?q?Call_for_adoption=3A_draft-wood-pearg-website-?= =?utf-8?q?fingerprinting-00?=
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 16:16:35 -0000

Hi Stephen,

Please see inline below.

On Mon, Jan 13, 2020, at 4:01 AM, Stephen Farrell wrote:
> 
> Hiya,
> 
> On 13/01/2020 09:42, Sara Dickinson wrote:
> > Hi All,
> > 
> > A draft called ‘Network-Based Website Fingerprinting'
> > (https://datatracker.ietf.org/doc/draft-wood-pearg-website-fingerprinting/)
> > has been presented twice in PEARG meetings and received positive
> > feedback at IETF 106. This email starts a two week Call for Adoption
> > of this document.
> > 
> > Please review this draft to see if you think it is suitable for
> > adoption by PEARG and send comments to the list, clearly stating your
> > view.
> > 
> > This call for adoption ends on 27th January 2020.
> 
> I did a quick scan and very much support adoption. I plan
> to give it a more thorough read at some point.
> 
> Three comments, none of which ought delay adoption:
> 
> 1. I think it'd be good for the RG to have a discussion
> about how one might develop section 8 further. That may
> or may not mean more text for this draft or could result
> in text that ends up in other drafts or in IETF drafts.
> Not sure when it'd be best to try start that, but I'm
> sure the chairs can figure that out.

Agreed. I'll spin up a new thread on this topic!

> 2. A suggested addition to section 7: What mechanisms
> to counter WF might make sense for generic libraries
> (e.g. TLS/HTTP libraries) and HTTP servers? By "generic"
> here I mean code that doesn't know anything about the
> resources will be served/consumed. And in saying
> "mechanisms" I include APIs and controls that turn on
> or off or configure protocol-level anti-WF schemes.

I filed an issue for this: 

   https://github.com/chris-wood/ietf-fingerprinting/issues/2

Would you mind submitting a PR to address this?

> 3. Another suggestion for section 7: How might one
> provide defenses that are effective for small hosters
> (as opposed to mega-scale CDNs)? (Note that I didn't
> follow the references yet, so that could already be
> covered by some of the cited work - just ignore me
> if so:-)

The references don't cover this area (well) -- they're mostly focused on what clients can do with little server assistance. I filed an issue for this:

   https://github.com/chris-wood/ietf-fingerprinting/issues/3

As above, would you be open to adding a PR for this?

Thanks for the review and feedback!

Best,
Chris