Re: [Privacy-pass] The PRIVACYPASS WG has placed draft-group-privacypass-consistency-mirror in state "Candidate for WG Adoption"

Martin Thomson <mt@lowentropy.net> Tue, 09 January 2024 11:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DCC1C14F6AA; Tue, 9 Jan 2024 03:45:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="5P9prPwb"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="Aqs/qh2p"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbmyxMlNiUe3; Tue, 9 Jan 2024 03:45:14 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1171FC14F6A4; Tue, 9 Jan 2024 03:45:13 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 52FF85C03A8; Tue, 9 Jan 2024 06:45:11 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Tue, 09 Jan 2024 06:45:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1704800711; x=1704887111; bh=higyi9Np6B d9jUco7yvAlgnqnvZ/HOWW+fiSdv+RAtM=; b=5P9prPwbRLyyZ8HwVk1qI9yYQK RdRPA43f+GNDP12P+4osqfbG1hbbp0YRNR8BUAe5gRWv2pxrFY/Zl/ouqiz2NEPA 5OAYGXgoCXq4FCQSi2sAx4lN4kdqNBUqaY2d0ECQizfqOpJlRoFns8TBJWXnxatS k27IyvixRYojmO2M3/1mYcX1X5+mmqA0QN+zCgMJgmCTE1/bZ4rvloEJFXtRg6L4 iLBn11GMCWW2BSoiuQCeGNlvVQVVrHMlIwG6eOM0pMOibunuMlgWuHp/awFU91k8 TLODPhDxGt1XJ4XaVAjZx2yQ8eLn3Wmf1C+MOrRLdqdk1jWVAG+fXIj4VmLA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1704800711; x=1704887111; bh=higyi9Np6Bd9jUco7yvAlgnqnvZ/ HOWW+fiSdv+RAtM=; b=Aqs/qh2pHZwJSSswXE2E6Lc3sAqALdmxw7+aZaY9S7ex RxeSRet6TQnhOk0WpXBJRNNXQA2DCsdIi5uQeUZQtissuZvGn0SJF/uT/TTiDQlx 71VD20I74DFZ89lqmzvchs/WFT8yq0ZY+iD6fj2hn5sexJjFNCIgE8qVKt8K8TSC cH0DKagzZu4hKl8gJgZXqdKglmRTlejp61M9jFK+q9jo5Dc85cb18Fh9HP/948WM cKFFjHlKG7pTA877hl6nZcTip3L7NIpLDKSw96ZzZVjDtMevQ1zgy0UDdyo5K/Ud 7MoCfJLZf/mRdPJfPYBcLRA7lLE/Dp/Rk/lWesRXSw==
X-ME-Sender: <xms:xzGdZYfffbkAjB-XNSzOoU4JI1WKxDPzwRW5kQwASuDsH5-2HCLW6w> <xme:xzGdZaOS1XvXMHT2TVhPqsDcdJPVuX1_6X2dI98A2kTQmOtNDhay_l5iP4ltDHlMa wIc0EYLvj-vYKmdcyQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdehledgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefhiedttdeviefhjeejgf evfeeuudfggfekveekheeugeegleevkeevkedthfeuieenucffohhmrghinhepihgvthhf rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:xzGdZZg5UhsFjPSfrQ6gc7OALnKNA8wWeBL04ByM-ikciFyTHXhrLA> <xmx:xzGdZd-BxK73A5VGQGM0DgMqJ0d7xz-i2DO5EG9B1SKA3jrcPHoTag> <xmx:xzGdZUtqMU6h7NE5gMDH_umNREFZVw_7888kW6wPMEyRhXQFUDMgng> <xmx:xzGdZRVKkPXxR5_ZmQUopfxbVI6zjKC6GmVVEu4ZIzUfZpJ52HNGBQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0DAB32340081; Tue, 9 Jan 2024 06:45:11 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1364-ga51d5fd3b7-fm-20231219.001-ga51d5fd3
MIME-Version: 1.0
Message-Id: <7967846c-55d9-408b-9986-84c14b9a2a05@betaapp.fastmail.com>
In-Reply-To: <170137846545.34849.17139555973021303518@ietfa.amsl.com>
References: <170137846545.34849.17139555973021303518@ietfa.amsl.com>
Date: Tue, 09 Jan 2024 22:44:50 +1100
From: Martin Thomson <mt@lowentropy.net>
To: IETF Secretariat <ietf-secretariat-reply@ietf.org>, draft-group-privacypass-consistency-mirror@ietf.org, privacy-pass@ietf.org, privacypass-chairs@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/BZwcRaio-4foLCdOG2rnbyWGqzM>
Subject: Re: [Privacy-pass] The PRIVACYPASS WG has placed draft-group-privacypass-consistency-mirror in state "Candidate for WG Adoption"
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2024 11:45:19 -0000

I'm not 100% on the design here.

As much as I like BHTTP, I don't see any value in it being used here.  However, that conclusion depends on subsequent points to some extent.  See issue 25.

It's not entirely clear to me, but it seems like the client doesn't fetch the original resource.  I see a big fat "otherwise..." attached to the text about fetching that resource in Section 4, which implies that the mirror fetch is the only fetch.  I would prefer to see a direct fetch, perhaps via some form of intermediary that can hide IP address, with a confirmation via the mirror.  This is essential to ensure that the resource is *correct* as well as consistent.  See issue 27.

As an optimization, if the confirmation request does not need to provide the client with content at all.  The request can be made using the HEAD method and a Want-Content-Digest field, so that the response can carry a hash rather than a complete copy of the content.

Alternatively, the mirror resource could only provide hashes as the entirety of the representation that it provides, avoiding HEAD and Digest fields entirely, but it seems like there is some value in being able to inspect the inconsistent value.

I raised a few other issues as well.  I think this needs a little bit more polish.  If the WG wants to do this (rather than what Richard might be suggesting) then this is a fine starting point though.

Cheers,
Martin

On Fri, Dec 1, 2023, at 08:07, IETF Secretariat wrote:
> The PRIVACYPASS WG has placed draft-group-privacypass-consistency-mirror in
> state Candidate for WG Adoption (entered by Benjamin Schwartz)
>
> The document is available at
> https://datatracker.ietf.org/doc/draft-group-privacypass-consistency-mirror/
>
>
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass