Re: [Pearg] Call for adoption: draft-wood-pearg-website-fingerprinting-00

"Christopher Wood" <> Mon, 20 January 2020 16:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 48F2612089B for <>; Mon, 20 Jan 2020 08:16:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=Md9Nv1ZV; dkim=pass (2048-bit key) header.b=DkS9kgzm
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 54lR8-0TBqJd for <>; Mon, 20 Jan 2020 08:16:29 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A56BB120895 for <>; Mon, 20 Jan 2020 08:16:29 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 0222221ACF for <>; Mon, 20 Jan 2020 11:16:28 -0500 (EST)
Received: from imap4 ([]) by compute6.internal (MEProxy); Mon, 20 Jan 2020 11:16:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=iJt9p xaexUrozARJDW002n0ByMCyp5ZYuH+p/9z+/lQ=; b=Md9Nv1ZVodGCk2pvm0kRo BZO1aRRhdR0AcoYqL3ReXKGdJZceniHl6/2PKdW2W20gEj8JsN6vGCj2cC3QGul4 DTQO1+XNJydM68TwaH09dzqs2EkxlreIL8ASRgS0vATfASoGZg0TxPXv8NMlDDM3 vIsQaLwmA6vIF8vpTVpLfWeAS6Y71KRv5LOaFCVT2UVsmdtF7HIxV0VOaepKwYqR zKHDyzgFRcuJlgrWePDq3/M3v4RDoCbCz/YmO+lyeZOP2cJbcUrvmTRo/u9+ZEh+ xqyWhqMB9h37nyZwPtkMo/aiXbXukwC97hyFWEFVNQUSTEpPTC8egrWsfbiff3Jt w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=iJt9pxaexUrozARJDW002n0ByMCyp5ZYuH+p/9z+/ lQ=; b=DkS9kgzm1hEUeAlc81wserINK9kM3Z00LAJ6j27pylbFeXXvLa+X0l1R6 nSwUApRlB/BYY5Ps2l0Ieekd/SKZFanUkgHW8gvdiA8ZUPRMFERVmbZr1Zs5684m g28blcofTmamyelJD08+mSnPd2O+6MLp4l2nbVEbyQhWLoHEU3KA4iEmnJE+cHgl 20LUQJNmPRxfYfGuQ2kcp4M1DQT3EXbqNFP896Hq/V2DTuCTj98fM5rO+m6zUmVm ANorgOCSOU6/CgS00SwvTgxWx/85IUwhpCZSpzx29f/A50lzKG4pnFvfhfAARID3 MbeiSheMv1vwTZ9mz0h+OcCCsyQ5w==
X-ME-Sender: <xms:W9IlXinAO0F4HP5ALomkOALUahjIu1gT7GF5C6MtRsXANuxCl9A92Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudeigddvfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpd hgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:W9IlXi6dUILsZFw5z6s2-h2RFyhpnGW8Yug_8_1gnkFjSsvmdV8sjQ> <xmx:W9IlXpudXrjMTguT2N1Yl72eoIbLepeCHe-G5jYmxdYpRF0Zy95DNg> <xmx:W9IlXiXcqFeUNKPhsJokFTe9BUlmTqKlLVWulGezvoLO9dQMHV0trA> <xmx:W9IlXhyOeRgRfmI4_aDNxnzPhgty7eqDjSuTj2FdCcSgPOTSgXhj0A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 577233C00A1; Mon, 20 Jan 2020 11:16:27 -0500 (EST)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-754-g09d1619-fmstable-20200113v1
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <>
Date: Mon, 20 Jan 2020 08:16:06 -0800
From: "Christopher Wood" <>
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Pearg] =?utf-8?q?Call_for_adoption=3A_draft-wood-pearg-website-?= =?utf-8?q?fingerprinting-00?=
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jan 2020 16:16:35 -0000

Hi Stephen,

Please see inline below.

On Mon, Jan 13, 2020, at 4:01 AM, Stephen Farrell wrote:
> Hiya,
> On 13/01/2020 09:42, Sara Dickinson wrote:
> > Hi All,
> > 
> > A draft called ‘Network-Based Website Fingerprinting'
> > (
> > has been presented twice in PEARG meetings and received positive
> > feedback at IETF 106. This email starts a two week Call for Adoption
> > of this document.
> > 
> > Please review this draft to see if you think it is suitable for
> > adoption by PEARG and send comments to the list, clearly stating your
> > view.
> > 
> > This call for adoption ends on 27th January 2020.
> I did a quick scan and very much support adoption. I plan
> to give it a more thorough read at some point.
> Three comments, none of which ought delay adoption:
> 1. I think it'd be good for the RG to have a discussion
> about how one might develop section 8 further. That may
> or may not mean more text for this draft or could result
> in text that ends up in other drafts or in IETF drafts.
> Not sure when it'd be best to try start that, but I'm
> sure the chairs can figure that out.

Agreed. I'll spin up a new thread on this topic!

> 2. A suggested addition to section 7: What mechanisms
> to counter WF might make sense for generic libraries
> (e.g. TLS/HTTP libraries) and HTTP servers? By "generic"
> here I mean code that doesn't know anything about the
> resources will be served/consumed. And in saying
> "mechanisms" I include APIs and controls that turn on
> or off or configure protocol-level anti-WF schemes.

I filed an issue for this:

Would you mind submitting a PR to address this?

> 3. Another suggestion for section 7: How might one
> provide defenses that are effective for small hosters
> (as opposed to mega-scale CDNs)? (Note that I didn't
> follow the references yet, so that could already be
> covered by some of the cited work - just ignore me
> if so:-)

The references don't cover this area (well) -- they're mostly focused on what clients can do with little server assistance. I filed an issue for this:

As above, would you be open to adding a PR for this?

Thanks for the review and feedback!