IETF Logo Mail Archive

Re: [Pearg] Adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3"

Christian Huitema <huitema@huitema.net> Mon, 09 November 2020 01:20 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94FC83A1059 for <pearg@ietfa.amsl.com>; Sun, 8 Nov 2020 17:20:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VHzJw_g-MPnu for <pearg@ietfa.amsl.com>; Sun, 8 Nov 2020 17:20:10 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD6E83A0E14 for <pearg@irtf.org>; Sun, 8 Nov 2020 17:20:10 -0800 (PST)
Received: from xse169.mail2web.com ([66.113.196.169] helo=xse.mail2web.com) by mx128.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kbvql-000n3b-Ci for pearg@irtf.org; Mon, 09 Nov 2020 02:20:08 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4CTtTD43LKzDWX for <pearg@irtf.org>; Sun, 8 Nov 2020 17:20:00 -0800 (PST)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1kbvqi-0004XP-EA for pearg@irtf.org; Sun, 08 Nov 2020 17:20:00 -0800
Received: (qmail 13823 invoked from network); 9 Nov 2020 01:27:14 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.58.43.90]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <pearg@irtf.org>; 9 Nov 2020 01:27:14 -0000
To: amelia.ietf@andersdotter.cc, Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>, Christopher Wood <caw@heapingbits.net>, "pearg@irtf.org" <pearg@irtf.org>
References: <33ba4995-ea2d-45d8-9b01-05ea9b8ddbce@www.fastmail.com> <F27FD790-74CA-44CC-98FB-ED3B24E17B6D@ericsson.com> <D76F769D-C147-4EE9-8639-0881DD82F135@ericsson.com> <bf7cade8-116b-77bc-efce-4b332ec785cc@andersdotter.cc>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <44bed321-40c5-a4a0-646d-6ba5516cf396@huitema.net>
Date: Sun, 08 Nov 2020 17:19:59 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <bf7cade8-116b-77bc-efce-4b332ec785cc@andersdotter.cc>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Originating-IP: 66.113.196.169
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.169/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.169/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0cThwnZT+ODcFyeCwCHoUjupSDasLI4SayDByyq9LIhVzdqM7kZx+IS/ D7R5PQ1foUTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDpaUm5TrTL2ku6BQx2IM1+5j9 EvBvwu01uVCaGVBWGqspfYvaXYi6eh1GiIKE5cbb2rBNMmEsKEibQwSU1xBeOHButNDpi1WUXRkr He1vFsZaZad0VL/QynhFAlbT36L82PtKDP3yRYZgnjgzY0oAVAZ6weYgSzquK2hxskqXvy8woCTx LKweTbuJ+19zsyHVGVmhMAaQ/AfCRwRe7yHm5oY+NYmsSGn+svMubxnbgm1cr18FZBEPC2/c16Xd 7sC9aC4xteE1WLqGS9YoqrsZ2DyteN0e+ECCv9/f+GPymkgDVo7QBKA4MctKq4ifYPcXFRL2K3LA EfDXVOdt7wDbusYnuEVWSxKMHbU0zkNM3EElFDaoLuOPKc8gc82pKfhB7T02ZXdoQxMs//iOE4Fl hiCv9TR+UxzLZWL8hwGBjhoI3W+YcuHfP5PkZb5A+wE5qGdpH54Oa3V8I76VOEvlwPpZ90pncljT Sb0eCPh6fGWYRDg9pZCCLvbUROo4d19BF0cPbSyY7+zkjLH8WW9GfETqxwaYC9EvTYIIl7Z585cn dLDoft3gQzSYknam2p7REfdJpEymAZhy71JzaYKZIazNjLvclnGzlTC8ZgkR3laIWqvAxiBHuIuS y5fCAlEkGFkz7/DcRDIs/F0LykrvzFACVO3tx78u0bG7If2TCVQKbWwGZI2JVuGQpWKB3Q0ZpIib KqqwuucAyd9mPw0NFznzSXChKWk/itcbicJsIPf4sJBOBw8S9lYqictz+EkHfqb5R4VemuUI6bcE ARsm0De6PaZO6/JToEyx4tmc5OljkPSpPXAVjl2oMr8a1xm0wfXUFMjTH2DyD8i5kO5bZlYFvf25 LVONYbYifH5OzZCwIgD/xDehea09OpnwSuobZrrGExMR7eTbBjMGDKI3ijhhJn7Muv/NHXl0o++8 3wM=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/jkHSOBOuLHlWB9FKymOARsMl3w8>
Subject: Re: [Pearg] Adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3"
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 01:20:13 -0000

On 11/8/2020 3:54 PM, Amelia Andersdotter wrote:
> Hi Mirja,
>
> Correct - the over-all conclusion is that RRM is not ultimately very
> useful. Throughout last year and this spring we were also on the hunt
> for other potential areas of application, but we run into similar a
> situation: a feature which can be made more private by RRM obfuscation
> can be made even more private by simply being disabled.
>
> We put it still in a draft since not all research leads down beneficial
> paths (combating positive outcome bias!). A third potential area for RRM
> is for padding bits (randomizing padding bits rather than padding with
> only 0s).

In what context are you considering such padding bits? In the case of
QUIC, the Padding frames are encrypted as part of the payload. They
start as zero, but are random once encrypted.

There is a narrow and arcane issue with applying padding to coalesced
QUIC packets during the handshake phase. The payload of the UDP packets
carrying the Initial packets during the handshake must be padded to 1200
bytes. Some applications do that before encryption, and some do it after
encryption. When doing that after encryption, yes, non-random padding
will leak some info about the length of the Initial packets. But then,
the Initial packets are "encrypted" with a static well known key, so it
is not clear that requiring random padding will be very advantageous.

-- Christian Huitema


>
> best regards,
>
> Amelia
>
>
> On 2020-11-02 14:18, Mirja Kuehlewind wrote:
>> Hi again,
>>
>> I just realized (as I had two windows open) that I'm citing below text from an old version of the predecessor draft (which had quic in the name). This text was removed/changed in the current draft, however, I think those point still remain valid. The current draft only says:
>>
>> "It is not clear that RRM would ultimately bring any particular
>>    privacy benefit beyond what is already guaranteed in the present
>>    specification of the spin bit in Section 17.3.1 [I-D-QUIC]."
>>
>> My conclusion to this point is that there is no additional benefit and the obfuscation proposed in this document will in many cases render the signal completely unusable and will likely not reach the goal to preserve any utility as many transmissions are short and there is already a lot of noise in the network.  Therefore it is really preferred (and much easier) to disable spinbit support if privacy is seen at risk (e.g. in cases where VPNs are used as it was already discussed and agreed in the QUIC wg). 
>>
>> Mirja
>>
>>
>> On 02.11.20, 13:35, "Pearg on behalf of Mirja Kuehlewind" <pearg-bounces@irtf.org on behalf of mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:
>>
>>     Hi Chris, hi all,
>>
>>     sorry for my late reply. I finally found some time to review this draft.
>>
>>     First of all one quick question: why was the name changed from QUIC to HTTP/3 given the draft discusses a function of the QUIC...?
>>
>>     Then I'm not really in support for the adoption of this draft for two main technical reasons:
>>
>>     1) As stated in the draft, there are already proposed mechanisms QUIC specification to address the need to disable the spinbit:
>>     "it is unclear whether RRM
>>        has advantages larger than already existing privacy mechanisms
>>        included in the QUIC draft (such as making the spin bit optional, or
>>        requiring that 1/8 of all streams are not measurable)"
>>
>>     2) Further the document says:
>>     " But the whole point of differential
>>        privacy mechanisms, including RRM, is using statistical methods to
>>        ensure that data can be made more privacy-preserving while also
>>        preserving the data utility.  In the case of the spin bit, it is the
>>        utility of the data that allegedly violates privacy, which means
>>        differential privacy is an intuitively bad tool to address privacy
>>        concerns."
>>     For this reason there is the option in QUIC to disable the spinbit entirely. Trying to add further fuzziness to the spinbit (when decided by the endpoint to enable) will in most cases simply make the signal unusable. This is because to measure the RTT you already need a certain amount of packets, also because there might network interfere that already make the signal noisy, and many transmission are short.
>>
>>     Further the draft actually does not discuss the privacy risk of this information. There was an extensive analysis in the QUIC working group that concluded that "[t]he geolocation threat appears negligible and no other threats were identified" (see https://www.ietf.org/proceedings/100/slides/slides-100-quic-sessa-spin-bit-evaluation-design-team-report-00). I don't think this group should adopt an document that is based on assumption which has been neglected by the working group that is actually specifying the protocol.
>>
>>     Mirja
>>
>>
>>     On 16.10.20, 15:22, "Pearg on behalf of Christopher Wood" <pearg-bounces@irtf.org on behalf of caw@heapingbits.net> wrote:
>>
>>         This message starts a two week adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3," located here:
>>
>>            https://tools.ietf.org/html/draft-andersdotter-rrm-for-rrt-in-http3-00
>>
>>         Please review the draft and indicate whether or not you would like to see this draft adopted by PEARG. 
>>
>>         This call for adoption ends on October 30, 2020.
>>
>>         Best,
>>         Chris, for the chairs
>>
>>         -- 
>>         Pearg mailing list
>>         Pearg@irtf.org
>>         https://protect2.fireeye.com/v1/url?k=250a60b8-7baace75-250a2023-866132fe445e-bbbcd97773754954&q=1&e=53be6d3f-ae58-498c-beca-e2dba355cbfd&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fpearg
>>
>>     -- 
>>     Pearg mailing list
>>     Pearg@irtf.org
>>     https://protect2.fireeye.com/v1/url?k=b161e66f-eefadc2a-b161a6f4-867b36d1634c-6b4135653ff1b0b3&q=1&e=2e7581ce-31bf-495b-a51a-9cc1f39e00c6&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fpearg
>>

v2.23.0 | Report a Bug | By Email