Re: [Pearg] draft-irtf-pearg-censorship review

Joseph Lorenzo Hall <hall@isoc.org> Sat, 11 April 2020 22:36 UTC

Return-Path: <hall@isoc.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 960613A1A34 for <pearg@ietfa.amsl.com>; Sat, 11 Apr 2020 15:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 263YwHxWjZuI for <pearg@ietfa.amsl.com>; Sat, 11 Apr 2020 15:36:45 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2059.outbound.protection.outlook.com [40.107.94.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 502D03A1A32 for <pearg@irtf.org>; Sat, 11 Apr 2020 15:36:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gP/waG3yFgAh5rW7WsWlHBDIQnA3A9biIYmC5ZUAHcLdrG4L4sxgz0R7318DwhJzGTMdeTajooDQGjkGaxaNxvNubZiIy9nI2hexKZZmsou4fxIlxTSNPZ9uVMXe11C0sqIR70TruNm3+Sgu1Rc57OKHqgKYtWhgJkNzxrHL84quqgQ0WwQ+q2Y+Evhnx44OdIWM8zYEvTyuK7quiVJoXkoYxEtOEU9Il5JgKcy0DVtJrJJL7Mn+7kmhNXbUB4BFRJhbVwGOTRVBcbgTL1dxROyPPQgLsGhEGu1sMbhzu8WzqScQPneXMr2whMb0p/ES4s3IXZbkpfMkErQgWotzCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3LetqFua8OmRP20OgIThNIgE4mGAUAQY303u2ePleMY=; b=XraNdRcMO5sB4XssJqeLxF7vImcB52TYf2JGXbL9ifk575ckZPQLvvthTWzC4p/82IrTdnk1Y7cmG+jFQrLj+Tbtoj+3fdmCDpiGZ+NIGlSXJYhMb+FUEWuplNFrh4Mz++VD1qDqaoOa7ltSVRrWTMHRotc1Xwjie6xgp20+zJSzUkKGIv/l1+y4vo6MHIesRjI6firNevmgVNfZNf7Allt+uxTAEzODfKJxOlDZFcSMpXroj8TiXK6yee/Ha0Y++cqo8lR+wNAIbQG8hlweVm+Kz8mwGUe4qQm9jET9+8NQLMMUEUbdiGYCQwJq+TeM+D2OdPmO3v/+t8rhIBFrxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3LetqFua8OmRP20OgIThNIgE4mGAUAQY303u2ePleMY=; b=GT/QkX/nEMJ1fCZ0+WCQpzKNrBJdv03lxlZH4O7MmaVcT9WMKmZDbyy452Lop05HQbUcqGPdK6p1p/B/GgB9gau+xTpePp59ZlW5KbN8PvDjyPareYXD3idl2HuyWs+32v6hGO/DDVHsG7A1NfwS0m99tiMghyEIjC645Ha7pD8=
Received: from BY5PR06MB6451.namprd06.prod.outlook.com (2603:10b6:a03:21e::20) by BY5PR06MB6708.namprd06.prod.outlook.com (2603:10b6:a03:232::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15; Sat, 11 Apr 2020 22:36:37 +0000
Received: from BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::3891:1ca6:1667:cbd]) by BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::3891:1ca6:1667:cbd%2]) with mapi id 15.20.2900.026; Sat, 11 Apr 2020 22:36:37 +0000
From: Joseph Lorenzo Hall <hall@isoc.org>
To: Christopher Wood <caw@heapingbits.net>, "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: [Pearg] draft-irtf-pearg-censorship review
Thread-Index: AQHWD6u84dP2BqvmUU+akQqO5soH/ah0g21j
Date: Sat, 11 Apr 2020 22:36:37 +0000
Message-ID: <BY5PR06MB6451A6AE5AC2E65983DD8433B1DF0@BY5PR06MB6451.namprd06.prod.outlook.com>
References: <fbf66d2f-cebc-4978-ad1d-26ccea08687b@www.fastmail.com>
In-Reply-To: <fbf66d2f-cebc-4978-ad1d-26ccea08687b@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=hall@isoc.org;
x-originating-ip: [108.28.51.147]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc7a3c65-ff14-4d9e-0aee-08d7de68cc0f
x-ms-traffictypediagnostic: BY5PR06MB6708:
x-microsoft-antispam-prvs: <BY5PR06MB6708F81CA3A0189D465DE1FAB1DF0@BY5PR06MB6708.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 03706074BC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6451.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(376002)(396003)(39840400004)(346002)(366004)(136003)(66446008)(64756008)(5660300002)(9686003)(316002)(66556008)(53546011)(8936002)(81156014)(66476007)(66946007)(76116006)(55016002)(8676002)(86362001)(110136005)(2906002)(91956017)(186003)(6506007)(52536014)(33656002)(66574012)(26005)(966005)(7696005)(71200400001)(478600001); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: isoc.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ey7Hmqggns4tmK8sghzb8rI5Pb9bsNsFwx1w8IuOAh8rB7vjV7iSzGvUINSHYQRKQf3PJ7rspeOpYxSo737ULOt0zZOzSkBoxvfzmTqV1q3aEtR0S2T/iI0EcN/ZFoJTig9c25h3HpCCxoL2dpGfGk0cRYXSzWDazoBVLmdPmQM4XHPePvX75bHmc6J9wW9LZXyIyelbgluKljqp+rW1JloGPGwAoK1WCkzheUFw4CBgzDG/jo7lNihLi3Pe6BbfUHcxEPwl9YHdIZoBp1k0qbZrVZM0qaJxXWkGEarRfQyqWMKaug1R5KaYOFbweAoN3z2PEjNcByHoL5FuTotP7Y/Ige0EWe7ltYBLJsL5/oCUKS3ikUotR0Pvh0gls9aXLf0RmJ0xgpnXvh6RzT3EI5KHWLUraRAxI6ZJ4jibopOSB6VKKSD3qDZdXnHwVzVghdQwOkxK52RUEZV8Wnd288xSYoOPAWNV0hn0vrafKRBSL9LBB3lQkb7cr9gIM/vG0XMgoO4ErkfIzgGm8CJyAg==
x-ms-exchange-antispam-messagedata: rit2HsFPztYe+Wa+ODwm2Z9Gs235gjMsf5xP8BpfOgl6keVEGyMYNeBV+qSf+iHtwlbxXge63Z4tJNBCTFReOGp5kz4JjUjmC5nwtlFxHNu6yhrASsrboNXNr5LqD1DjT8ZVaV2CiieR+JpOd9ebxw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY5PR06MB6451A6AE5AC2E65983DD8433B1DF0BY5PR06MB6451namp_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-Network-Message-Id: bc7a3c65-ff14-4d9e-0aee-08d7de68cc0f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2020 22:36:37.6433 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EuKaZdq3U29hQbBJzagUCjDzS/Lc6RQI3DQyM7ZkI/WgYbsXZwZ6KfsZsQ76OY1M
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR06MB6708
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/x0Gj6XuElO6F06JBO2bn-6k72fE>
Subject: Re: [Pearg] draft-irtf-pearg-censorship review
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 22:36:48 -0000

Thank you, Chris! Very helpful, and clearly it is in need of some key updates over the six years or so in the drafting. I'll make the changes I can any merge your editorial PR tomorrow; I'll be sure to come back with any questions. Cheers, Joe

--
Joseph Lorenzo Hall, Senior Vice President, Strong Internet
hall@isoc.org | +1-703-483-9504
internetsociety.org | @internetsociety
pgp: https://josephhall.org/gpg-key
3CA28D7B9F6DDBD34B1016075F86698740A9A871
________________________________
From: Pearg <pearg-bounces@irtf.org> on behalf of Christopher Wood <caw@heapingbits.net>
Sent: Friday, April 10, 2020 10:48:22 PM
To: pearg@irtf.org <pearg@irtf.org>
Subject: [Pearg] draft-irtf-pearg-censorship review

Document: draft-irtf-pearg-censorship-02 [https://tools.ietf.org/html/draft-irtf-pearg-censorship-02]

Assessment: Almost ready

Thanks for your work on this document! It has a lot of very useful information. I think it's nearly ready to go with some cleanup and additional references.

Below is my review of its contents (with no hat on). I prepared an editorial PR --- aiming towards format consistency -- against the draft repository [0]. I hope it's useful!

Comments:

- Section 3.2.1: This section describes common ways in which censors use HTTP fields for filtering with a pile of references at the bottom. Upon first read, it seemed to lack relevant citations. (For example, the sentence

   As such, "method" and "host" are the two fields used most often for ubiquitous censorship.

seemed like it could stand to use a reference. However, this seems to be covered by one of the empirical examples at the end of this section. Perhaps Section 3.2 could note this structure for each of its subsections? Perhaps:

   "The following subsections describe properties and tradeoffs of common ways in which censors filter using application-layer information. Each subsection includes empirical examples describing these common behaviors for further reference."

- Section 3.2.4.1. should probably reference draft-ietf-tls-sni-encryption or draft-ietf-tls-esni. (I'm happy to help word-smith that text, if you want or need assistance!) Also, the bit about fallback to SSL (pre TLS 1.0) seems a bit outdated. Most TLS stacks no longer implement SSLv3 at all, for example. I might remove this bit. I might also include a reference to [1] as further SNI-based blocking reading.
- Section 3.3.1: Assuming that IP address filtering is efficient, it might be worth citing [2] given that it studies the (often unique) relationship between address and domain. It might also be worth mentioning DoH(443) and noting the challenges it raises for blocking parties.
- Section 3.3.2: Is it worth mentioning Pluggable Transports here, especially in the context of blocking Tor?
- Section 3.3: I was surprised to see no mention of QUIC in this section. Perhaps we could replace "TCP/IP header" references with "transport header references"? The information about network addresses and ports equally applies to TCP and QUIC, and including both seems prudent so as to not give the wrong impression about what QUIC exposes (or doesn't).
- Section 4.4.1: There's no mention of encrypted DNS here. While it's true that "DNS lying" and other examples are not completely mitigated with stub-to-resolver encryption, it does change the threat model slightly. Maybe DoH/DoT are worth including? It might also be worth noting limited client support for DNSSEC, perhaps after this sentence:

   "Additionally, the above mechanisms rely on DNSSEC not being deployed or DNSSEC validation not being active on the client or recursive resolver."

- Section 4.2.2: Is packet dropping not a form of filtering? I was surprised to see it in the interference section.
- Section 4.2.3: It's probably worth mentioning QUIC here, especially as it complicates this type of attack. It might also be worth citing recent research [3] on off-path TCP attacks, noting that the censor need not be on-path to interfere with service.
- I was surprised to see this recent SoK paper [4] missing from the references. It has a lot of additional information, particularly in Tables V and VI, about different types of filtration mechanisms and how they impact users (by under or over blocking). That said, integrating this paper will be a chore. So, given that the landscape of relevant research and empirical evidence will undoubtedly continue changing, perhaps we can simply drop a reference somewhere?

Nits:

- Section 2: SmartFilter is missing a reference.
- Section 3.1: "Internet Service Providers have until now been the most frequently exploited point of control" probably also warrants a reference, if possible.
- Section 3.2.1: The [Verkamp-2012] reference seems broken.

[0] https://github.com/josephlhall/rfc-censorship-tech/pull/53
[1] https://www.usenix.org/system/files/foci19-paper_chai_update.pdf
[2] https://irtf.org/anrw/2019/anrw2019-final44-acmpaginated.pdf
[3] https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_cao.pdf
[4] http://www.cs.umd.edu/class/fall2018/cmsc818O/papers/sok-censorship.pdf

Best,
Chris

--
Pearg mailing list
Pearg@irtf.org
https://www.irtf.org/mailman/listinfo/pearg