IETF Logo Mail Archive

Re: [Privacy-pass] Call for Adoption of Key Consistency and Discovery Draft

Tommy Pauly <tpauly@apple.com> Thu, 06 October 2022 16:02 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F137C15259B for <privacy-pass@ietfa.amsl.com>; Thu, 6 Oct 2022 09:02:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.678
X-Spam-Level:
X-Spam-Status: No, score=-2.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3gGFh-6cvwD for <privacy-pass@ietfa.amsl.com>; Thu, 6 Oct 2022 09:02:18 -0700 (PDT)
Received: from rn-mailsvcp-ppex-lapp34.apple.com (rn-mailsvcp-ppex-lapp34.rno.apple.com [17.179.253.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F027DC152597 for <privacy-pass@ietf.org>; Thu, 6 Oct 2022 09:02:17 -0700 (PDT)
Received: from pps.filterd (rn-mailsvcp-ppex-lapp34.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp34.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 296FuasK003068; Thu, 6 Oct 2022 09:02:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=lyH/tO4SYFPfEVrU2uNMG6b4+8Q6+1OXk6p1V01QPnU=; b=AEpx4kyks4g8eb3Rn9KGuXgQuEV/VEnbRRPG4+87f36HL9p0z+OQQxQ+nHyj8L4BJVJR rbIgMN2oye9zUlkmvWmRHciGPnf32dBTFOTY+ZOZHUfKw2rdrUiwA96/rujpWPOomkkl jOcd2i95QNZD3wMCw0SmbTYgUl3ycmn3Y8qEaXYlTiBK8iDUFifw4AL5Bne6mM9oe2xM qVNwKIPIM1xci1My2Q5YiTE2KWYP6ynHfACALF5XMCdsAM07e0JDk0MfyBb6VqsLruC1 GATy/bRWKkW8yEi6QnsoLzhlJBxFEs6a8fzIOc75KeoSY3tQQkOJygfVmw7CTzpi7zHG Jw==
Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by rn-mailsvcp-ppex-lapp34.rno.apple.com with ESMTP id 3k1dq3a8st-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 06 Oct 2022 09:02:17 -0700
Received: from rn-mailsvcp-policy-lapp01.rno.apple.com (rn-mailsvcp-policy-lapp01.rno.apple.com [17.179.253.18]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) with ESMTPS id <0RJC00LST9VPH7J0@rn-mailsvcp-mta-lapp03.rno.apple.com>; Thu, 06 Oct 2022 09:02:15 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-policy-lapp01.rno.apple.com by rn-mailsvcp-policy-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) id <0RJC00W009SEND00@rn-mailsvcp-policy-lapp01.rno.apple.com>; Thu, 06 Oct 2022 09:02:14 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 01a37c4388be431533d60b3d58eeb299
X-Va-E-CD: b1982c4ee0c210eace443be4b2ad67b2
X-Va-R-CD: f5822bc24b9604623c1bd3303d0b9709
X-Va-CD: 0
X-Va-ID: 9a03e7f1-0543-41c4-b272-3f21c7824261
X-V-A:
X-V-T-CD: 01a37c4388be431533d60b3d58eeb299
X-V-E-CD: b1982c4ee0c210eace443be4b2ad67b2
X-V-R-CD: f5822bc24b9604623c1bd3303d0b9709
X-V-CD: 0
X-V-ID: bc2ce11d-e9b2-4f05-88f6-aa663396c78e
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.528, 18.0.895 definitions=2022-10-06_04:2022-10-06, 2022-10-05 signatures=0
Received: from smtpclient.apple (unknown [17.230.175.252]) by rn-mailsvcp-policy-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.19.20220711 64bit (built Jul 11 2022)) with ESMTPSA id <0RJC00H969VPF600@rn-mailsvcp-policy-lapp01.rno.apple.com>; Thu, 06 Oct 2022 09:02:14 -0700 (PDT)
Content-type: text/plain; charset="utf-8"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.2\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <93b18dcf-e129-4ce8-9c3f-3ec70d4f59af@betaapp.fastmail.com>
Date: Thu, 06 Oct 2022 09:02:03 -0700
Cc: privacy-pass@ietf.org
Content-transfer-encoding: quoted-printable
Message-id: <0AEA7E48-9D6A-4404-BB6B-E01416151567@apple.com>
References: <CAMOjQcH6n=DzX0Mh-ufLJ9srqxP+zt6kuQgrjYs4mic6K6Wg=g@mail.gmail.com> <04AE996B-E459-4868-948E-752BE730DA13@apple.com> <93b18dcf-e129-4ce8-9c3f-3ec70d4f59af@betaapp.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3731.200.110.1.2)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.528, 18.0.895 definitions=2022-10-06_04:2022-10-06, 2022-10-05 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/U08XPPw7TNbJPbGVqsxeIX9vJOw>
Subject: Re: [Privacy-pass] Call for Adoption of Key Consistency and Discovery Draft
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 16:02:21 -0000


> On Oct 5, 2022, at 8:09 PM, Martin Thomson <mt@lowentropy.net> wrote:
> 
> On Thu, Oct 6, 2022, at 13:14, Tommy Pauly wrote:
>> My suggestion is that the general technique of double checking like 
>> draft-schwartz-ohai-consistency-doublecheck does — in that case once 
>> with a GET request to a reverse proxy and once with a CONNECT request 
>> to a forward proxy, followed by a GET — could be described in the main 
>> key consistency document. I think really it boils down to “do a lookup 
>> with two different proxies, or do one lookup directly and another 
>> lookup with a proxy”.
> 
> Don't we already do that?
> 
> https://chris-wood.github.io/key-consistency/draft-wood-key-consistency.html#name-shared-proxy-with-key-confi

Yes, it does. I think it could reasonably give some non-normative examples of specifics (mentioning that you could do a GET and a CONNECT/CONNECT-UDP/etc) for HTTP-style proxies, and not require a separate document to spell out the protocol details, or mandate the use of specific methods and versions.

I wonder if it also would be worth mentioning mixing Direct Discovery and Proxy Discovery — if you are OK to reveal your IP to the server, then you could have one check through the proxy and one check without, and it might have similar properties (if I’m not missing anything).

Tommy
> 
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email