Re: [Privacy-pass] [Ohai] Fwd: New Version Notification for draft-schwartz-ohai-consistency-doublecheck-03.txt
Martin Thomson <mt@lowentropy.net> Thu, 20 October 2022 23:09 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492E6C1522D0; Thu, 20 Oct 2022 16:09:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=cbZq5dbV; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=jMklTnKh
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZzgF0V38-bp; Thu, 20 Oct 2022 16:09:12 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCE69C1522C8; Thu, 20 Oct 2022 16:09:11 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id D089F320093B; Thu, 20 Oct 2022 19:09:10 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Thu, 20 Oct 2022 19:09:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1666307350; x=1666393750; bh=OzVL9XS/oN +V0YR2gxmpAuUqvE7JnlU68auFN/xh8ow=; b=cbZq5dbVz2U4hrAQZjJ+9EqPxu j3NFWgAgAFeFWeetxDqL7/wkaqtJIvds6mQWvkcBvwx4jzFoVg9aISA2RZHruy8m kZYDc+lkF2ZJH8urktfWCjIxjbGc6NcYkRM7Txn0roMIcUkgH0act/tOndZDuC+n PZr3Ou0ZTK9FVZx8zMK8NNWTTA5Gsi8LDfiDCq24gsB8wDs6ZwU/ZYibMcOSTLIv MLv5gRR/A87/CQqpGK0Ho4WP38rgbuO/c/fCdMosGtppS8Y96j/lMm4lLCll3rE4 xfbtlvhJtz/MoitnJWOYJzK9hbWsPNpIZQu+Ywp7OIIE0PKstB/skvsH9D2Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1666307350; x=1666393750; bh=OzVL9XS/oN+V0YR2gxmpAuUqvE7J nlU68auFN/xh8ow=; b=jMklTnKhuqKiK58Gr7DYDGdWMRCK6slQN3EsRjdYy6P+ iSc9L6rpbg5ppufO+RDw8i2Dp5KculmDajtqQpmmUtzCbyvRtMp73X0D+RHuibAu r5NON/44adkMkt6ObOmOjCMQKu7yXLTLtlOG6vXjSDIpnMx9OKTj5zR2C/3ruMiP 6Ner0/PnxpUWtZqBzzRipTyheaagVV5gyfkwyH2mVy67HKsK1ZsuEVBG1g6iCSyO MVYoP7i6Z/YPCCNaP4CtT5mNLxoHuR6+9CMvoAj6s+JyLOiz9qHSUeUkY3MdBcCD X+ILWDHNRcrocFrcOx0t48dosNcrAvZEx8is3dqqkg==
X-ME-Sender: <xms:FtVRY_fxmlcteEfJOGE2SLuq6jlYcmvUiazI0pbXzUruO-pVYwPyWQ> <xme:FtVRY1MMBwyruoosL_c_r3prR2l9gEsoUI_p3astXhwaDAomwdvUQAlRKWv2WFu41 YA2In1iBR0zmg8oNuk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeeljedgudelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:FtVRY4gp98GwD9JysjTHCSPkRSJc8xNDas5Mk-6Ih3SBTsq7q2SaDQ> <xmx:FtVRYw9L0CPFQ-D1FG3Ek7qjWOgvrBaDqSoS1rGlW-LbpCUfx9v2Ig> <xmx:FtVRY7szN9OK1UKOtFR50yDlIH-gzR9_uWMhscgLqXAEDL8dctOjiA> <xmx:FtVRY53vnCRM1Zmcz_Kd6ag10nMImE5UoHF-SAKyD2xwoNvaLF4lmQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3F3A0234007B; Thu, 20 Oct 2022 19:09:10 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1047-g9e4af4ada4-fm-20221005.001-g9e4af4ad
Mime-Version: 1.0
Message-Id: <6761ae09-dcc7-4b93-8e5f-d1f60471fa6b@betaapp.fastmail.com>
In-Reply-To: <CAHbrMsDWTexrdKuzYeG7_RBXE2TLUMxT5gmA+GWT+x=cdsDmrw@mail.gmail.com>
References: <166620948548.40913.9820980135582975290@ietfa.amsl.com> <CAHbrMsDWTexrdKuzYeG7_RBXE2TLUMxT5gmA+GWT+x=cdsDmrw@mail.gmail.com>
Date: Fri, 21 Oct 2022 10:08:44 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, ohai@ietf.org, privacy-pass@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/ij_LrCcX_QMOSq2gdiINNJf4so4>
Subject: Re: [Privacy-pass] [Ohai] Fwd: New Version Notification for draft-schwartz-ohai-consistency-doublecheck-03.txt
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 23:09:16 -0000
Hi Ben, I think that this worth doing. I have tons of nits[1], but nothing that warrants any notice at this stage. The only high-level comment I'd offer is that this draft concerns itself overly much with things outside of its scope, sometimes using normative language for things that I would prefer it be silent on. For instance, you require - with a "MUST NOT" - that if the proxy offers DNS service it disable EDNS client subnet. That's overreach in my view, and not the only example of that sort of thing. Duplicating HTTP requirements is similarly overreach in a different way. I would prefer that this follow the key consistency draft into the privacy pass working group, just so that tranche of work all happens in the same place. Cheers, Martin [1] For some reason, a missing comma after "e.g." irks me more than it should. And empty sections (7>7.1>7.11 with no text in between). But all of that stuff can be fixed easily. On Thu, Oct 20, 2022, at 07:14, Ben Schwartz wrote: > Hello OHAI and PRIVACYPASS, > > This revision of the DoubleCheck draft makes extensive changes based on > feedback from the last session and subsequent discussions: > > * The draft no longer has a normative dependency on > draft-schwartz-masque-access-descriptions or OHTTP. > * The draft no longer recommends CONNECT-UDP over CONNECT. > * The "MUST" requirement to provide and use a transport proxy has been > reduced to SHOULD, with explanation about the risks if one is not used. > * The introduction has been expanded to describe how this procedure > might be useful for both OHTTP and Privacy Pass. > * The example (Section 5) has been adjusted to make use of > draft-pauly-ohai-svcb-config. > * The draft introduces its own capitalized terminology for the three > parties, similar to OHTTP and Privacy Pass. > > The protocol itself has not changed since the previous revision. > > I would like to present this revision at IETF 115 if possible. > > Good topics for feedback: > > * Is this bending HTTP Cache-Control semantics too far? > * Is there any way to solve the Thundering Herd problem (Section 6.2) > using only HTTP caching directives? > * Which working group would be best to discuss this? > > --Ben Schwartz > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: Wed, Oct 19, 2022 at 3:58 PM > Subject: New Version Notification for > draft-schwartz-ohai-consistency-doublecheck-03.txt > To: Benjamin M. Schwartz <bemasc@google.com> > > > > A new version of I-D, draft-schwartz-ohai-consistency-doublecheck-03.txt > has been successfully submitted by Benjamin Schwartz and posted to the > IETF repository. > > Name: draft-schwartz-ohai-consistency-doublecheck > Revision: 03 > Title: Key Consistency by Double-Checking via a Semi-Trusted > Proxy > Document date: 2022-10-19 > Group: Individual Submission > Pages: 15 > URL: > https://www.ietf.org/archive/id/draft-schwartz-ohai-consistency-doublecheck-03.txt > Status: > https://datatracker.ietf.org/doc/draft-schwartz-ohai-consistency-doublecheck/ > Html: https://www.ietf.org/archive/id/draft-schwartzAs the > draft is more general-ohai-consistency-doublecheck-03.html > <https://www.ietf.org/archive/id/draft-schwartz-ohai-consistency-doublecheck-03.html> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-schwartz-ohai-consistency-doublecheck > Diff: > https://www.ietf.org/rfcdiff?url2=draft-schwartz-ohai-consistency-doublecheck-03 > > Abstract: > Several recent IETF privacy protocols require clients to acquire > bootstrap information for a service in a way that guarantees both > authenticity and consistency, e.g., encrypting to the same key as > many other users. This specification defines a procedure for > transferring arbitrary HTTP resources in a manner that provides these > guarantees. The procedure relies on access to a semi-trusted HTTP > proxy, under the same security assumptions as an Oblivious HTTP > Relay. > > > > > The IETF Secretariat > > > -- > Ohai mailing list > Ohai@ietf.org > https://www.ietf.org/mailman/listinfo/ohai > > Attachments: > * smime.p7s
- [Privacy-pass] Fwd: New Version Notification for … Ben Schwartz
- Re: [Privacy-pass] [Ohai] Fwd: New Version Notifi… Martin Thomson