Re: [quicwg/base-drafts] "External observers" is undefined (#3448)

ekr <notifications@github.com> Tue, 11 February 2020 00:59 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6A0F12086C for <quic-issues@ietfa.amsl.com>; Mon, 10 Feb 2020 16:59:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.3
X-Spam-Level:
X-Spam-Status: No, score=-5.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5yS6COx9tju for <quic-issues@ietfa.amsl.com>; Mon, 10 Feb 2020 16:59:35 -0800 (PST)
Received: from out-28.smtp.github.com (out-28.smtp.github.com [192.30.252.211]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03CF3120071 for <quic-issues@ietf.org>; Mon, 10 Feb 2020 16:59:35 -0800 (PST)
Date: Mon, 10 Feb 2020 16:59:33 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1581382774; bh=RLFzzLozmX68QlrSPQAVh7D0qNbsr9mYbpZoTFrLfWc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ehQV6A2jymKh1FA0Se74+Iuluhn3vOt2g9FcVf2VdnOrTQzzbRY+jLAxHsc0B/kAG G78Fl5BRD/dPMsmMBrlvBrPl/FB8tbyAFSnDUDsMK5tzPbXfW0iogv2TOe5DPTdJT0 VXdyvJn8SlqjMnhak+tipdyT5cq2/I3uG8XqyyQc=
From: ekr <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKYPRBJEAR5JAPSPNE54J4XPLEVBNHHCDDCNZQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3448/584432587@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3448@github.com>
References: <quicwg/base-drafts/issues/3448@github.com>
Subject: Re: [quicwg/base-drafts] "External observers" is undefined (#3448)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e41fc75ec871_23b33f90ea6cd968162089"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ekr
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/6maUqWmeiAbrYelZvx4s70omg3o>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 00:59:37 -0000

Right. The purpose of this language was to differentiate LBs and other
associated entities.

I don't understand the problem here: the parenthetical defines "external
observer" clearly, and yes, it would exclude entities whose business it is
to track people as long as they are cooperating with the issuer. That may
not be the kind of tracking we want but it's the requirement we can
actually levy here.

On Mon, Feb 10, 2020 at 1:36 PM Martin Thomson <notifications@github.com>
wrote:

> From email:
>
> Connection IDs MUST NOT contain any information that can be used by an
> external observer (that is, one that does not cooperate with the issuer) to
> correlate them with other connection IDs for the same connection.
> I think it's worth paying particular attention to the phrase "external
> observer" as that is defined nowhere else in the RFC and, at least as far
> as I'm concerned, can be used by companies whose primary source of income
> involves tracking people and selling access to data gleaned from tracking
> people, since they might be able to claim that they are not an external
> observer.
>
> This seems like we can avoid confusion with a simple s/external
> observer/entities other than endpoints/. However, we need to be careful to
> allow load balancers to do this at some level.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/quicwg/base-drafts/issues/3448?email_source=notifications&email_token=AAIPLIO5ACHUDJUAVDOY2ZTRCHCFXA5CNFSM4KSWA2GKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IMMJXGA>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAIPLIOQRKPUT6JAAFZAJZDRCHCFXANCNFSM4KSWA2GA>
> .
>


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3448#issuecomment-584432587