Re: [Pearg] Adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3"

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Mon, 02 November 2020 13:18 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA32D3A0F3A for <pearg@ietfa.amsl.com>; Mon, 2 Nov 2020 05:18:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uH3n9tKz3lOc for <pearg@ietfa.amsl.com>; Mon, 2 Nov 2020 05:18:19 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2067.outbound.protection.outlook.com [40.107.22.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ED1A3A0F5E for <pearg@irtf.org>; Mon, 2 Nov 2020 05:18:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OBqyajJcmYY3eY+lvJI3EHU0m2ZEpCRGIVEPyw6RrpNPsSIbocd8W3Y8ZBvxeyZhnds5ulvJNZ6Af02jPEef31ZdZg+u2FX5lQloRN6+dap+Rps+tqnws+l/RS6qVvnM5P6mk0nxlZxMJYMHz7AZC9uLmxhZSjc4TlkRwfgIF2jnORGdiB7/fobHSgyKv5eTwxsKglvJwddXMui+qdiS7Jj9eLHsEeGud5B5AS85I69JvcWD7aupiOnriSBFFF73wco8BIkoSD/vfEoTvcLV72Me7daxyrph8KCMNFoVMnUirRjokdZX6i3g3hymBPMsJ+ufebAzXEV44Cbz2X2/ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jF0gnFHeO1UcJdhBIOAT8m/OjJUwoyKonpaVjNxtqMs=; b=EkYyt5eMsbg3n7IcXiLE1KRD1rQbwNVTwq2NpdxmrHaROeA6FoxVqxIUjndD9YbIAE8r1lI730jXa8KD6iFDffHK5DZOMKREKofg77GPi7yqjL+PfKw50ihKyKBs4/c2NIzakuKdlZkhaZQ/XQUhosZDqR1vCUllH+4P7gquUqgFVrgPz//r0JEKNOym1vGRDnKFdPYG7zJB3b1ABkLVv2uSwYf1cyB0aodSAzp+AixwV4hii5DhwsuSAe/Zy5d1T8c8wJAyRUFU2wKHdlzMIO5+RawOiVSY8auN3WDAIPY3+LlF0RJAFYJUS5mko4AAe9E+9UhRn8QvsupyUbgHhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jF0gnFHeO1UcJdhBIOAT8m/OjJUwoyKonpaVjNxtqMs=; b=rvIp9vJXP35mOTVdFuAgFjDBz1v3khooKAd2oeqZnOGYsmehQ9VOIbY9Vnd2b+EgTRXZgOvhZQ0sey2PU4LghX4eyJJxd+tKHX+s9dWncd45tA1HuiaaC9aIscuuZvwc2ksBKJ2apoilEtLMaCJikjhjMuWQXdcae6nT2nqx1d8=
Received: from AM0PR0702MB3713.eurprd07.prod.outlook.com (2603:10a6:208:19::10) by AM8PR07MB7428.eurprd07.prod.outlook.com (2603:10a6:20b:243::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.10; Mon, 2 Nov 2020 13:18:17 +0000
Received: from AM0PR0702MB3713.eurprd07.prod.outlook.com ([fe80::9820:af8a:cdbc:73b0]) by AM0PR0702MB3713.eurprd07.prod.outlook.com ([fe80::9820:af8a:cdbc:73b0%7]) with mapi id 15.20.3541.011; Mon, 2 Nov 2020 13:18:17 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>, Christopher Wood <caw@heapingbits.net>, "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: [Pearg] Adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3"
Thread-Index: AQHWo79VCn7L/IVxwkWnQiABgBUWSqm08ouAgAAL+QA=
Date: Mon, 02 Nov 2020 13:18:16 +0000
Message-ID: <D76F769D-C147-4EE9-8639-0881DD82F135@ericsson.com>
References: <33ba4995-ea2d-45d8-9b01-05ea9b8ddbce@www.fastmail.com> <F27FD790-74CA-44CC-98FB-ED3B24E17B6D@ericsson.com>
In-Reply-To: <F27FD790-74CA-44CC-98FB-ED3B24E17B6D@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2003:de:e707:b600:a9e5:7aa1:80b0:8d15]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fd57c1bc-bd7d-4430-479a-08d87f31c2c7
x-ms-traffictypediagnostic: AM8PR07MB7428:
x-microsoft-antispam-prvs: <AM8PR07MB742868B77BC1F2E3311BEE96F4100@AM8PR07MB7428.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: occyAWE9l6CtDCUdWO6eYEJGPIEZS9Qj/YP+W1LikJktZ4SwmiBCXYMmyXBOSB1rjSVfd184dKgddVaXSg4m7ZbeBHFMa3SX0Kf28ImKGUSQzCwV8WXawxELd7jg2HNMYKElcmAY+1AXkjr2PH7YPgtBCAq6bdpoN4x70S6TIEKTSTLfJAyCk+vThRbqQ3AfP4GDExhlhTYNsCcTRYleoyC6aTl3eoTvEjjuptbSCxx9jZxegzFOz/XYCFcmQcf35lhTp7epmk1uuzZfv3d5FpBMYsRfGrIQDm1FipzRIZKY7KiG4SAdtXqWPYV5v3XhP2Csyul0/y71EM38d/n43Bg3Yp8AcfBa9kDRq2n1wXTbBbpagVf/Fuu9M5unNH5jWt0HQzJ2+gE2e842T+pueg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3713.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(366004)(39860400002)(376002)(186003)(6486002)(36756003)(71200400001)(6512007)(64756008)(66476007)(2906002)(66446008)(44832011)(66556008)(66946007)(2616005)(5660300002)(8936002)(33656002)(316002)(966005)(86362001)(76116006)(478600001)(6506007)(53546011)(83380400001)(110136005)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: nOYdXYqxi6ncrDvomUmREUfXMj0+nH0zS0BFoV1Kc0aIAKDeLlfm+6rbqh0NhbXi57Gs83Txpi7DqosZ7fiQ77YzisfL9J21ZF54BCMs0VDGI7HgwteEl4RQ8ltnVy13t/+63+UdzoC/jYuRwkdMwcCsyxEwzJscC4k1v2WO0BSpoVQB+gS/RiIgFhVyQn2M06UboQL5YJhIAIYQ6sFNX5e9pwUGPf47u9wrW98Wk/nGiV/ED0yBPIgefmzH2/4MYjhgbZG+2CHOm4j0Ly+fZG7YUbfsNNgO0JIJie+Wc7vkrKdt/K9hM5RgmyEj11taNR3BQ0z2rafHIHPbD7Vd7mreD55YjBivwdCW5y+mQqJxaEiALo9dLB3UeUkFyZ9oBsFzwcFtA2xIbCMz05hVqTkLG3iV8mBZlrf9AyioPHHmKkBO9NGK4P9PfUF+0SBl2r231gS4lG4O10n6IqMM4SZqkKtdqDVUk4orjw+giEiJ4mywZwm3sc7sar1qhbMTyAfpsRod4/JvtlbucZTizDDVOLqr/EEFTf217d50yJNmopjAOfFioauLBlb+inVZR1srZz1q94l7SRHuicbu0Ivh+x1NAsiCsWTOHT9oOnTfKUUc6rB4nGVv7LCMrv8b3yV5zRvkAiZ/qi7S/DItT4VcqVWAbWQ4mrIP5m4nmGEfLs5cgUXX/pOqPDLKv+Fe3yUzJ/fEV01gGyBzazg9rw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3E7F21A7C732B94DA78F458BA67E387F@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3713.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd57c1bc-bd7d-4430-479a-08d87f31c2c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2020 13:18:17.0021 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OBfzrKiKgEuwTOUFsxmPdLxbXPIqw75dxYXAuLr28nMTNpOc+mXh2I0w5ZknvtZDXQ1aef4lCZ6ShNkQ/i07ZLVkaRPfUCsMfDE0JcJDaV8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB7428
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/sxedXh99SCBR8gz360Vv7CJ5hco>
Subject: Re: [Pearg] Adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3"
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 13:18:22 -0000

Hi again,

I just realized (as I had two windows open) that I'm citing below text from an old version of the predecessor draft (which had quic in the name). This text was removed/changed in the current draft, however, I think those point still remain valid. The current draft only says:

"It is not clear that RRM would ultimately bring any particular
   privacy benefit beyond what is already guaranteed in the present
   specification of the spin bit in Section 17.3.1 [I-D-QUIC]."

My conclusion to this point is that there is no additional benefit and the obfuscation proposed in this document will in many cases render the signal completely unusable and will likely not reach the goal to preserve any utility as many transmissions are short and there is already a lot of noise in the network.  Therefore it is really preferred (and much easier) to disable spinbit support if privacy is seen at risk (e.g. in cases where VPNs are used as it was already discussed and agreed in the QUIC wg). 

Mirja


On 02.11.20, 13:35, "Pearg on behalf of Mirja Kuehlewind" <pearg-bounces@irtf.org on behalf of mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote:

    Hi Chris, hi all,

    sorry for my late reply. I finally found some time to review this draft.

    First of all one quick question: why was the name changed from QUIC to HTTP/3 given the draft discusses a function of the QUIC...?

    Then I'm not really in support for the adoption of this draft for two main technical reasons:

    1) As stated in the draft, there are already proposed mechanisms QUIC specification to address the need to disable the spinbit:
    "it is unclear whether RRM
       has advantages larger than already existing privacy mechanisms
       included in the QUIC draft (such as making the spin bit optional, or
       requiring that 1/8 of all streams are not measurable)"

    2) Further the document says:
    " But the whole point of differential
       privacy mechanisms, including RRM, is using statistical methods to
       ensure that data can be made more privacy-preserving while also
       preserving the data utility.  In the case of the spin bit, it is the
       utility of the data that allegedly violates privacy, which means
       differential privacy is an intuitively bad tool to address privacy
       concerns."
    For this reason there is the option in QUIC to disable the spinbit entirely. Trying to add further fuzziness to the spinbit (when decided by the endpoint to enable) will in most cases simply make the signal unusable. This is because to measure the RTT you already need a certain amount of packets, also because there might network interfere that already make the signal noisy, and many transmission are short.

    Further the draft actually does not discuss the privacy risk of this information. There was an extensive analysis in the QUIC working group that concluded that "[t]he geolocation threat appears negligible and no other threats were identified" (see https://www.ietf.org/proceedings/100/slides/slides-100-quic-sessa-spin-bit-evaluation-design-team-report-00) I don't think this group should adopt an document that is based on assumption which has been neglected by the working group that is actually specifying the protocol.

    Mirja


    On 16.10.20, 15:22, "Pearg on behalf of Christopher Wood" <pearg-bounces@irtf.org on behalf of caw@heapingbits.net> wrote:

        This message starts a two week adoption call for "Randomized Response Mechanisms in RRT Measurements for HTTP/3," located here:

           https://tools.ietf.org/html/draft-andersdotter-rrm-for-rrt-in-http3-00

        Please review the draft and indicate whether or not you would like to see this draft adopted by PEARG. 

        This call for adoption ends on October 30, 2020.

        Best,
        Chris, for the chairs

        -- 
        Pearg mailing list
        Pearg@irtf.org
        https://protect2.fireeye.com/v1/url?k=250a60b8-7baace75-250a2023-866132fe445e-bbbcd97773754954&q=1&e=53be6d3f-ae58-498c-beca-e2dba355cbfd&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fpearg

    -- 
    Pearg mailing list
    Pearg@irtf.org
    https://protect2.fireeye.com/v1/url?k=b161e66f-eefadc2a-b161a6f4-867b36d1634c-6b4135653ff1b0b3&q=1&e=2e7581ce-31bf-495b-a51a-9cc1f39e00c6&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fpearg