Re: [Pearg] I-D Action: draft-irtf-pearg-censorship-04.txt
Joseph Lorenzo Hall <hall@isoc.org> Thu, 23 July 2020 21:46 UTC
Return-Path: <hall@isoc.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BDE93A0E27 for <pearg@ietfa.amsl.com>; Thu, 23 Jul 2020 14:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isoc.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLO3vMJvg_zR for <pearg@ietfa.amsl.com>; Thu, 23 Jul 2020 14:46:26 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2048.outbound.protection.outlook.com [40.107.236.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A90123A0E25 for <pearg@irtf.org>; Thu, 23 Jul 2020 14:46:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FPbSE9BRbajMIRWtgT/74nO2FGVxZfx4QdxNRvulQItTUWTfZ52EQCMQVleF1xlHFoh4tHIRcfuLPk5eUK2fTvnDpdyA7l1tGOXSTqonzHmmfrNf0PbSV9Zy7R1Iwj71gQzGap4L3LiapippufYZsTR4DCgywafChJrgZjdouXppVv6aI1Z2XZahbS6NTy70DTP2h9JxX00VjNi8xAD9U2V40JlS++DaNvT6tHzR9LFim2Lr5e8kmSakROpNd9QZ+KWN3HKsnn6YcefFOzWU5AcNf414/prnFauHeGunDtCXK0kleDd3V6FF6kXQW5wN0l6mTY/aJqBsVzc18r/PBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sCodZ2pCGiLQZHH7iufauMM4SxAP6bSAWyHWT4Ow5uw=; b=QF3tiDlabmnwS5708GlhZYMlL55xKHXYhGyv07Og0RjyIqQ6ERBHFvJIDPSQ5JfzrdbW864v6/jORqQwEBN5dpfjXtrKPDeV3c4vCpaln9n2kR16jpHZlNZPe3qYRgHJEjTC5wk+NvLAlK8qzfFDF2UsCmOJt+h2DqCNma3Defjv6uiAsoiDeb55mJbaWvdPvAFCXXYSvQxzUpnlHTnGE4MOaEui6GxXOpdxC5VntWvmlEiyW4JCyTjl6XvMpHDIXrFJ8C3eJ+6fjJxQOtQC+uA/tMYrfQInoyVm6r4/XC/AcrJOhkLDv5mt/uVb7eXP8KykGDmwPZ4rHvf7Og//Ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isoc.org; dmarc=pass action=none header.from=isoc.org; dkim=pass header.d=isoc.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sCodZ2pCGiLQZHH7iufauMM4SxAP6bSAWyHWT4Ow5uw=; b=sGcTgkoNcluHMQndnwlV4HQw0ELVM/n3aVMvO1zrdqVFsbmqd2DkKfu7EYJDONySfd9W/0A/3uW/4a6J5WZqVLNG1giMA/HI6QAWRaqKb9KPspSrqap3+tOrzNg525+tGmxtwmpvaOTaNheBD8NElU88H++/OrJNcHsiZuKeukg=
Received: from BY5PR06MB6451.namprd06.prod.outlook.com (2603:10b6:a03:21e::20) by BYAPR06MB4087.namprd06.prod.outlook.com (2603:10b6:a02:86::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Thu, 23 Jul 2020 21:46:21 +0000
Received: from BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::6058:ff81:1380:a73c]) by BY5PR06MB6451.namprd06.prod.outlook.com ([fe80::6058:ff81:1380:a73c%3]) with mapi id 15.20.3216.022; Thu, 23 Jul 2020 21:46:21 +0000
From: Joseph Lorenzo Hall <hall@isoc.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
CC: "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: I-D Action: draft-irtf-pearg-censorship-04.txt
Thread-Index: AQHWX3KP3/ygn4i9QUSL7DYCJKdpc6kVtoKA
Date: Thu, 23 Jul 2020 21:46:21 +0000
Message-ID: <3164714D-F19E-4652-B167-43111CE3A376@isoc.org>
References: <159466596628.22724.642459259274073600@ietfa.amsl.com> <BY5PR06MB6451513C274911A1F5897F5CB1600@BY5PR06MB6451.namprd06.prod.outlook.com> <20200721152104.GA26448@nic.fr>
In-Reply-To: <20200721152104.GA26448@nic.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
authentication-results: nic.fr; dkim=none (message not signed) header.d=none;nic.fr; dmarc=none action=none header.from=isoc.org;
x-originating-ip: [108.56.212.130]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8e8647b-0efd-4925-d809-08d82f51d6f8
x-ms-traffictypediagnostic: BYAPR06MB4087:
x-microsoft-antispam-prvs: <BYAPR06MB4087FEB1E78506EA9C9F2407B1760@BYAPR06MB4087.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qggGy9QCnEnoI7xwByfAMyTbmSkhqDB3ZIPlDZ/Snh/VCbl4n+pWBniUG+qZSUwON7Q3zv/PpQbZLGJ0roN5IFP+q84+ZJUVC2xwEi2ja1q3j3WLlaEcUa8pLGlybxjwtIAPf4JOx+41ouw0rYeZwLXbi1INgB9Vz6aVXssIqwoo2UEfw64wBYyTI1jaLfbCfOKe4pvx1CK8TyMvUEQcBh9O7oRNnEz/cCMF28LNCwsQjdSgUAzkc2NxrPMHe9DN2g4CbINAkfOB36qeT/0JYrMLAxIa8gJPKUnXOpRaMk+b2NPJ88rcnX1ojwiZiUZO2TZ6KtdcLiRXD6e3UvUN7IsRTp1GmlGQrZmvXJToc3esiKTC53cgxBm/018+ZkFtnEXeqpro/W7sTRKa6E1FHw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6451.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(39850400004)(396003)(366004)(346002)(136003)(376002)(6916009)(6512007)(478600001)(2906002)(186003)(6486002)(33656002)(26005)(86362001)(64756008)(66556008)(66446008)(166002)(91956017)(76116006)(66476007)(66946007)(66574015)(6506007)(83380400001)(2616005)(8676002)(53546011)(4326008)(71200400001)(8936002)(36756003)(5660300002)(316002)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: oVz8VeU7L6iheC/+IdT0ifQxr6gsy6rnHbGnY9eHTitJutjcftgVSdm4Lpd41NbkRInR3prAMDB7uGU6IH8vkrG1DsiD9PzAWOHrkCiAIUvTcFprgbavrzxSmWmRrhBdVqPVMT78cYPqTXO3xxLJugWl0UhnklTRk3t/IgxikIh4EhWQF1Oj32Qdt1K1LL9DxU+vrmwqYTnz2JWw+N/4kt13UsirecI/cuR3dUO4uJmbWM5jfjuBBmLEnSkvX7b7Z8euN4FRN1l2p7cVeWTqhqoLqfsCCBN72Cg/aaXw8Tc6Eu+qsKEl4hqzarbTZ9JB8H15Gvla3+YJ+xfV4G5a1VexJ1n6fA+rYttrcf2ConVPbzG3bQPJZwYZmuAR7IxIE7+5fu/LA9u8HgIHDgM47HlNtdKSntC5jS1SiJzLkuL/9sgat5MVibny3wIl8JQPOHnb3Vmi45D2CbLyDc4qMbmI/SWZVN/nqV9SCaRcTE3y0B4SnqQGiEVAr3icIe1c
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_3164714DF19E4652B16743111CE3A376isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR06MB6451.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8e8647b-0efd-4925-d809-08d82f51d6f8
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 21:46:21.6701 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bMKA3tdJzoqSepmH/enrXnXFz2WYnEdbl4osrVZ5ODoFTzUzJUAajTThlSgFfMS3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB4087
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/Th75cbhdvWr_ZsrlkpR5I0ihOHQ>
Subject: Re: [Pearg] I-D Action: draft-irtf-pearg-censorship-04.txt
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 21:46:28 -0000
Heya, I’ve placed your feedback below in the following github issue in our repository for tracking: https://github.com/IRTF-PEARG/rfc-censorship-tech/issues/82 Comments inline. On Jul 21, 2020, at 11:21 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr<mailto:bortzmeyer@nic.fr>> wrote: On Mon, Jul 13, 2020 at 06:51:19PM +0000, Joseph Lorenzo Hall <hall@isoc.org<mailto:hall@isoc.org>> wrote a message of 238 lines which said: Title : A Survey of Worldwide Censorship Techniques Filename : draft-irtf-pearg-censorship-04.txt A general issue with drafts dealing with current techniques is that it is hard to stay up-to-date (a reason to publish rapidly). For instance: For example, a censor could block the default HTTPS port, port 443, thereby forcing most users to fall back to HTTP. Is it still true today? With HSTS (RFC 6797) and many Web sites redirecting unconditionnaly from http: to https: I wonder if it could still be used. I suspect it depends on where you are; certainly I believe it is still the case that Iranian networks throttle or block 443 for exactly this purpose (there is a reference in the draft to this). If there is data showing this would be highly unlikely most places, happy to change. Also: When in-window sequencing is allowed, it is trivial to conduct a Blind RST Injection: Trivial may be too strong, if RFC 5961 is used. Referring to RFC 5961, section 5.1 may be a good idea (the draft mentions a fixed number of possible windows, which does not seem true). Would you recommend “it is possible”? And to what extent do we know that people implement what RFC 5961 describes? while the term "blind" injection implies the censor doesn't know any sensitive (encrypted) ? "blind" refers to being off-path, it has nothing to do with encryption. Good point, will drop the parenthetical. authoritative resolvers There is no such thing as an authoritative resolver. Either it is a resolver, or it is an authoritative name server. (Source: RFC 8499, section 6) Ah yes, will change that. Editorial: This in-window recommendation is important, as if it is implemented it allows for successful Blind RST Injection attacks [Netsec-2011]. Not clear. Due to the RFC 5961 comment above? Do you want us to put in a “(Note that if [a network? a server?] implements the protections against blind TCP injections in RFC 5961 [it is much harder to accomplish]” or something? [Bortzmayer-2015] Bortzmayer, S., "DNS Censorship (DNS Lies) As Seen By RIPE Atlas", 2015, It's Bortzmeyer :-) Dang, very sorry about that! Will change. [Zmijewski-2014] Zmijewski, E., "Turkish Internet Censorship Takes a New Turn", 2014, <http://www.renesys.com/2014/03/turkish- internet-censorship/>. Moved (without a redirect) with all the Renesys content, after being bought by Oracle. It is now <https://blogs.oracle.com/internetintelligence/turkish-internet-censorship-takes-a-new-turn> Thanks, I’ll update this and the others you noted. best and thank you, Joe -- Joseph Lorenzo Hall, Senior Vice President, Strong Internet hall@isoc.org<mailto:hall@isoc.org> | +1-703-483-9504 internetsociety.org<http://internetsociety.org> | @internetsociety pgp: https://josephhall.org/gpg-key 3CA28D7B9F6DDBD34B1016075F86698740A9A871
- [Pearg] I-D Action: draft-irtf-pearg-censorship-0… internet-drafts
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Shivan Sahib
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Vittorio Bertola
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Mallory Knodel
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Amelia Andersdotter
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Vittorio Bertola
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Mallory Knodel
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Eric Rescorla
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Eliot Lear
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Vittorio Bertola
- [Pearg] About consent (Was: I-D Action: draft-irt… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Stephane Bortzmeyer
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Juliana Guerra
- Re: [Pearg] I-D Action: draft-irtf-pearg-censorsh… Joseph Lorenzo Hall