Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"

Christopher Wood <caw@heapingbits.net> Wed, 03 June 2020 16:16 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 927823A0788 for <pearg@ietfa.amsl.com>; Wed, 3 Jun 2020 09:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=R51yJMtQ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=b1bbxAeQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id He7VIWhL85qQ for <pearg@ietfa.amsl.com>; Wed, 3 Jun 2020 09:16:43 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 276503A07C7 for <pearg@irtf.org>; Wed, 3 Jun 2020 09:15:47 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 802DC5C0143; Wed, 3 Jun 2020 12:15:46 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Wed, 03 Jun 2020 12:15:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=QEhGKJTM+MFrbJ5JvLMv93j5r78T 6O3UoOK8XB0mUE8=; b=R51yJMtQD4FMh363SAnkNhUcZ7km30WM6DbEaC1el/YR UbRCUFqHelfOnmk7dvak3br+hHMKASzundkRoyTgdIIDqW9F05fBd4M3RiHTp7MM mUxemckXFQXL0+JNeqjPRQO5yqP0OgL0Bm+3F3j0kfsnF9NkSBXeZHd1AoU60NEO BEXXYYbRtXWMc4VT+C5N9AgMp3XXKGz/sfWSKyeFYXRMk4+LMxYHquCfOOIgXdP/ +R+ODZTMx+SmGqXSjR/erfLERC7IZsPPmny5ZjTS4mrB+cAjLO4gIqPkxecW2YDp VbuOjFOVCnF8MT0raeUUDGJHsofdZosxqJCnzhgfwA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=QEhGKJ TM+MFrbJ5JvLMv93j5r78T6O3UoOK8XB0mUE8=; b=b1bbxAeQAiSUv9b+BYVP+y sHMYceG4eeqmgQmbq3aXLLv+GlVPf8qXW2LeBbJ33xbnWFCFowbnw7JpILlKT3Cs EdqBRGf2oLbgufw3RMnPk+h0EDiT9I0KZSnYP2c00Le1cQkr2Wjstedz5W7HpSbK FJqETvQYl2rqqdetMmKohPkIyXzbsYbC+IKhHiyw3lB/gKQK75L6WqC193Eu/fYO kklITulUTYH6ABIK8nDll4ZeTfVknID+3iZEJOoemf36INWkRG0YVgWl4Hs4Y9wl 9V26JIjVVcUcPeu/YFF8/H9E4IELJShPpZBDytykkMj6rIyjWbdq7XEqRtKhOG5g ==
X-ME-Sender: <xms:sszXXmqtBqsQyN2tE4nTYXeb4lT3qE3ix7gplpTVAn0lIwis-5iMug>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudefledgjeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth eqnecuggftrfgrthhtvghrnhepffehfffhieekhefhheeftdekteeivddufeetleeggeeh leeitdevudeggfegveegnecuffhomhgrihhnpehivghtfhdrohhrghdpghhithhhuhgsrd gtohhmpdhirhhtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:sszXXkouU-Pi2bX0pRSPeYSwLn2w1SiO1Rj9zE-M9auX3cAcPKHiFA> <xmx:sszXXrOJmVXCDlvsBAEM_ta--YVX56OcEuP9y89EJPVLtvovqoJc3A> <xmx:sszXXl7f_dNN1E40Ei0AXJkyIHIfKJSLXlqHC7qEOpfZrLHVUEGGMQ> <xmx:sszXXnGbM6STkvqkVTmfPBOgAqWd-0LArE7UD2gEY3A8E2Flb4TbsQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2524B3C00A1; Wed, 3 Jun 2020 12:15:46 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-519-g0f677ba-fm-20200601.001-g0f677ba6
Mime-Version: 1.0
Message-Id: <4ad77854-3f39-4e92-abd1-c2df712417bf@www.fastmail.com>
In-Reply-To: <CAJoqpTLfjhbN7zYRcorJBD98hDgra=Q71RRNSsAKQgoWpT0eeA@mail.gmail.com>
References: <08f43a37-2b7b-418e-95a8-ed57484c66be@www.fastmail.com> <CAJoqpTLfjhbN7zYRcorJBD98hDgra=Q71RRNSsAKQgoWpT0eeA@mail.gmail.com>
Date: Wed, 03 Jun 2020 09:15:23 -0700
From: Christopher Wood <caw@heapingbits.net>
To: Chelsea Komlo <chelsea.komlo@gmail.com>
Cc: pearg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/dxCrdBsDTHZL0R8r-WrGrNhR6YQ>
Subject: Re: [Pearg] Research Group Last Call for "A Survey of Worldwide Censorship Techniques"
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 16:16:45 -0000

Thanks for the review, Chelsea!

On Tue, Jun 2, 2020, at 7:30 AM, Chelsea Komlo wrote:
> Hi Chris,
> 
> I have a couple meta points and a few specific points.
> 
> Overall, my strongest recommendation is threefold. First, I recommend 
> improving the document organization to clearly differentiate between a 
> specific censorship technique and corresponding methods to circumvent 
> that technique. Second, I suggest strengthening the review of current 
> circumvention techniques and their effectiveness to give an improved 
> view of the landscape and to prevent re-inventing the wheel, as the 
> intended audience is protocol designers. Third, I recommend 
> differentiating between the capabilities of mature censors like China, 
> and weaker censors such as those with only off-the-shelf tools. 
> 
> Here is my discussion of these points in more detail. 
> 
> === Meta Points ===
> - While I understand this draft to be purely informational, 
> understanding censorship today is incomplete without understanding 
> existing censorship circumvention techniques, and how effective these 
> techniques are. Critically, some of the most effective and safe 
> censorship techniques are "hanging by a thread" in terms of how much 
> longer they will be available (such as domain fronting), so 
> understanding these weak areas is important to understanding the 
> sustainability of the current circumvention landscape. I suggest adding 
> at minimum a discussion of "Where are we today" regarding circumvention.
> - To go along with the above point, providing a better review of 
> existing censorship circumvention techniques will help encourage 
> building on existing work, as opposed to re-inventing the wheel from 
> first principles. While perhaps this review should be a follow-up 
> document, I strongly encourage providing such a review, especially 
> since the intended audience is protocol designs. 
> - Within the draft itself, the discussion of censorship techniques is 
> often interwoven with circumvention methods. I suggest separating these 
> concepts out within each section. Instead of a "Tradeoffs" section, 
> perhaps have sections pertaining to "Cost to Implement to Censor", and 
> "Techniques to Circumvent", for improved clarity. 
> - One important point is that while China is an extremely powerful 
> censor, they are often in a class of their own. I encourage including a 
> discussion of something like "censor maturity" or the technical 
> resources required to implement different techniques. There is a bit of 
> this discussion, but it can be better standardized and applied to each 
> technique. For example, IP blacklisting is trivial and does not require 
> significant infrastructure (and many censors do this), but performing 
> active probing to fingerprint protocols and block them on the fly 
> requires much more infrastructure and planning (and is essentially only 
> China, as I understand). 
> 
> === Specific Points ===
> - DPI (deep packet inspection) is technically any kind of packet 
> analysis beyond IP address and port number- this concept can be better 
> clarified. Further, this technique is not specific to 
> - Clearly highlighting techniques that are thwarted by the use of TLS 
> versus techniques which can be performed even in spite of TLS usage 
> would also likely be helpful to readers. 
> 
> Thanks,
> Chelsea
> 
> On Wed, May 20, 2020 at 11:00 AM Christopher Wood <caw@heapingbits.net> wrote:
> > This is the research group last call for the "A Survey of Worldwide Censorship Techniques" (draft-irtf-pearg-censorship) draft available here:
> > 
> > https://datatracker.ietf.org/doc/draft-irtf-pearg-censorship/
> > 
> >  Please review the document and send your comments to the list by June 5, 2020. Feedback may also be sent to the GitHub repository located here:
> > 
> > https://github.com/IRTF-PEARG/rfc-censorship-tech
> > 
> >  Thanks,
> >  Chris, on behalf of the chairs
> > 
> >  -- 
> >  Pearg mailing list
> > Pearg@irtf.org
> > https://www.irtf.org/mailman/listinfo/pearg
> 
> 
> -- 
> Chelsea H. Komlo