Re: [Pearg] IRTF Chair review of draft-irtf-pearg-censorship-06
Colin Perkins <csp@csperkins.org> Sun, 18 December 2022 10:09 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA766C14CF1A for <pearg@ietfa.amsl.com>; Sun, 18 Dec 2022 02:09:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level:
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjMT887D6lPM for <pearg@ietfa.amsl.com>; Sun, 18 Dec 2022 02:09:28 -0800 (PST)
Received: from mx1.mythic-beasts.com (mx1.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85B9BC14F718 for <pearg@irtf.org>; Sun, 18 Dec 2022 02:09:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=cpfAK8fQYAfNPhyD46Uov+Tf2EzTxvMeM7s/CvRH2I4=; b=JyHgDwtKeEEapNZvgmS28pjd5R JhEt6SlwXi0WSGxBN/6/j75fZPCNeliLj8QNHoelnMy+ZOv8vNJXBqjh5plEXNRG+VpY2xJr/kwAj ++oPKuckiU3xtqkVGRaQ550NBF0ps+R3h6v2g5CAjVE5Ap6P2Jg/4OEQXrWX1KVWIpK5ceenPieJl OUPLTdZitHl4Z7G4UnlvTbIkflBVnenC8x//xWOzt6t/KJV8LfgImtv9YGqtVHmSVw4Sbay2gVlG2 TV9ngCxBNoZheuhgc8YqpgVOIm88CJY3mINbo/g240K7D+QgSSjKxl1XcfEFyet4jj74OuWQjvfw6 4IXTU45g==;
Received: from [81.187.2.149] (port=47898 helo=[192.168.56.1]) by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <csp@csperkins.org>) id 1p6qbl-00EWSw-Lz; Sun, 18 Dec 2022 10:09:25 +0000
From: Colin Perkins <csp@csperkins.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Mallory Knodel <mknodel@cdt.org>, pearg@irtf.org, pearg-chairs@ietf.org, draft-irtf-pearg-censorship@ietf.org
Date: Sun, 18 Dec 2022 10:09:18 +0000
X-Mailer: MailMate (1.14r5930)
Message-ID: <725E3EBD-C1F4-479C-AF7D-BA8692D4C6E8@csperkins.org>
In-Reply-To: <CABcZeBP9QFnfOO-r8zqugPNGtjJ3ieTDAbXMv6B2LnyhpYF==g@mail.gmail.com>
References: <EEB94C0D-88B8-4AE2-BF71-93E370D4A3C8@csperkins.org> <3e99a9e7-bf20-dada-d04f-8341217fdb01@cdt.org> <036B4FCA-71C5-4C7E-9007-C5CC24BAB491@csperkins.org> <CABcZeBP9QFnfOO-r8zqugPNGtjJ3ieTDAbXMv6B2LnyhpYF==g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_D6304DC9-CD7C-41D2-8694-53DACDF80576_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"plain":[78, 2890], "uuid":"FA811EE9-98BD-45FB-81FE-14F1189C7EF0"}]
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/pd7P0cVUB_MtvxU0RXzUYBqogwA>
Subject: Re: [Pearg] IRTF Chair review of draft-irtf-pearg-censorship-06
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2022 10:09:34 -0000
Okay – thanks Ekr! Colin On 18 Dec 2022, at 0:54, Eric Rescorla wrote: > On Sat, Dec 17, 2022 at 12:03 PM Colin Perkins <csp@csperkins.org> > wrote: > >> Hi Mallory, >> >> >> On 15 Dec 2022, at 17:40, Mallory Knodel wrote: >> >>> Hi Colin and all, >>> >>> I made some changes in the new version thusly: >>> >>> On 12/2/22 12:29 PM, Colin Perkins wrote: >>>> RFC 5743 compliance: The draft does not follow the guidelines in >>>> RFC >> 5743 >>> Fixed. >> >> Thanks - but I think a little more is needed. The draft doesn’t >> state the >> breadth of review undertaken by the RG, and doesn’t include an >> explicit >> statement that the draft is not an IETF product and is not a >> standard. >> >>>> There are two places where specific censorship products are >>>> mentioned, >> along with citations of their use (SmartFilter in §3 and §4.2.1, >> NetSweeper >> in §4.2.1). Given that the set of such products changes over time, >> and is >> likely to become rapidly obsolete, I wonder if the draft might better >> just >> list the classes of products and leave the specifics to the cited >> sources? >>> Agree-- and since those sections included enough description of >>> those >> technologies it was easy to remove them. However I did have to change >> the >> citation for NarusInsight because the former citation (directly to >> the EFF >> blog post about the AT&T lawsuit) didn't mention it. I use the >> Wikipedia >> article about the lawsuit instead, which gives a better overview of >> the >> techniques in question. >> >> This is good, thanks. >> >>>> §4.2.3: “Note that TLS 1.3 acts as a security component of >>>> QUIC” – do >> the differences in the way TLS integrates with QUIC affect censorship >> as >> described in this draft? >>> >>> My interpretation of the intention of this sentence is to point out >>> that >> various parts of TLS 1.3 are used for blocking, but that each of >> these >> parts then can be used to block QUIC in the same way. So rather than >> having >> a QUIC subsection, they are combined. I checked the subsequent >> sections and >> have confirmed that the subsections where relevant indicate where >> QUIC can >> be blocked or where QUIC cannot be blocked with the same method given >> that >> it is, still, different from TLS. >> >> I was asking a slightly different question that was maybe not well >> phrased. >> >> TLS when used over TCP formats the TLS handshake in a particular way >> onto >> the TCP connection and exposes certain information in the clear (the >> SNI, >> for example). QUIC does this differently, sending the TLS handshake >> in >> CRYPTO frames as part of Initial packets that have some limited >> protection >> applied to them. Do these differences change the information that’s >> exposed >> in a way that affects the censorship described in this draft? >> > > I don't believe it meaningfully does. Although it is encrypted, it > uses a > deterministic key that can be computed from the data in the packet. > You > really need ECH if you want to conceal this information. > > -Ekr
- [Pearg] IRTF Chair review of draft-irtf-pearg-cen… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Dr. Joseph Lorenzo Hall
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Dr. Joseph Lorenzo Hall
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Mallory Knodel
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Eric Rescorla
- Re: [Pearg] IRTF Chair review of draft-irtf-pearg… Colin Perkins