IETF Logo Mail Archive

Re: A question about user tracking with QUIC

Roberto Peon <fenix@fb.com> Tue, 08 June 2021 19:38 UTC

Return-Path: <prvs=579320c96a=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DAE13A3B44 for <quic@ietfa.amsl.com>; Tue, 8 Jun 2021 12:38:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.793
X-Spam-Level:
X-Spam-Status: No, score=-2.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZehXVyVCUKB for <quic@ietfa.amsl.com>; Tue, 8 Jun 2021 12:37:57 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8387A3A3B41 for <quic@ietf.org>; Tue, 8 Jun 2021 12:37:57 -0700 (PDT)
Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.16.0.43/8.16.0.43) with SMTP id 158JY8RJ031996; Tue, 8 Jun 2021 12:37:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=6Euk9PtMfXFAHz3mB4wjW3i45adyXE8EfvBVs7nmfJg=; b=CpTWLV0k/AiDE5M69DFPQ08OVTw80C9vh1J/omgHmKX7hXk8KkoO7I9cXSHoxRzXXR62 0tPVUGbGF4q3SAzmR7rnepgQLmx3U6qmlv/Hqa48rXCb2WRimu9GWj8XqPYHv5/3Zwi+ pzLCvE1Dznp68tUUCzFJS6bSSZPbpkg44vE=
Received: from mail.thefacebook.com ([163.114.132.120]) by m0001303.ppops.net with ESMTP id 391pw60apv-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 08 Jun 2021 12:37:50 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (100.104.98.9) by o365-in.thefacebook.com (100.104.94.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 8 Jun 2021 12:37:46 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YIrXv/ZY2oPo3z/0Hdaa4ZesDSVrZBRIa+wU0tpDR0oBRZDjHOyHsITHfPwiCAJ63v3nc9L9CoTCsdD3UCbso1eZ0+ZN6Qjxv64x9Mm2QjZjOFLxz7iEkYNjRI0CMbheinov0vyt+JwctF740U/9E6ASLOi1gge65y2PUCiIiE9Lm/IWlNWgRyduYUGJ3ANZECx4O7Jb59UI910RlB5hjnYyOKGoYh19FunmCd87Ew8n1PbE3tFQAqXCI7vm3yUaI+90/ZJMB0YETsNLRywk1aaT39iYXo+VSuVzyGdrqN7WI2aM+B6BP8/Qspc7HNDjtoebggY5bNznS7tQG+yFkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Euk9PtMfXFAHz3mB4wjW3i45adyXE8EfvBVs7nmfJg=; b=gDlc2eUtdKO1/Tb5oMn9jeaeay2M3xmNJhKjbj5iZYTxeYLWZeZya2Ubes/aVrp1I+ki+ICuPyX3JWHO+ykJPcvU2APx4orvB3gsxInK0Jf184jWD2mKGddF2G0CsstfIJsDyYx7m7rvqKQk3oDm6+eT2p8jQ0r/6kHbO3pV7oJCZZjPQSjvRZrAdZVBC6weicAzetwxo35H0YbWGanoLbR8bUQGdisjr4qs7jRwSPgW7b+rOiNRbG2PJ2MHxD0BY4MFaAYLEkdr07eR+yORtPAG5X+uYY+SKmQaSbSwICoeFUcnase6w4apX7ZGYfYOCnuTMm+Vm7gqYMmiPi7usQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none
Received: from DM6PR15MB2681.namprd15.prod.outlook.com (2603:10b6:5:1aa::28) by DM6PR15MB2252.namprd15.prod.outlook.com (2603:10b6:5:88::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.20; Tue, 8 Jun 2021 19:37:45 +0000
Received: from DM6PR15MB2681.namprd15.prod.outlook.com ([fe80::394f:309b:aafe:5f57]) by DM6PR15MB2681.namprd15.prod.outlook.com ([fe80::394f:309b:aafe:5f57%3]) with mapi id 15.20.4195.030; Tue, 8 Jun 2021 19:37:45 +0000
From: Roberto Peon <fenix@fb.com>
To: Lucas Pardue <lucaspardue.24.7@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: "Roy T. Fielding" <fielding@gbiv.com>, IETF QUIC WG <quic@ietf.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Subject: Re: A question about user tracking with QUIC
Thread-Topic: A question about user tracking with QUIC
Thread-Index: AQHXW5onbi5PN/TFd0OpK6GY/NWI3asIfxQAgAABnoCAAANeAIAACPuAgAAMOQCAAATjgIAASWaAgAALywCAABu+gIAASxqAgAACPwCAAAXEAIAArMAA
Date: Tue, 08 Jun 2021 19:37:45 +0000
Message-ID: <4ED9F899-186A-4ACD-88AD-A259EF078F0E@fb.com>
References: <20210607123854.GA16312@nic.fr> <CAC7UV9bkqOeCgDsCH+Hdq0v=zmRKNNDtpfiq6Ap_vzm5zUzGVg@mail.gmail.com> <CALGR9oZiUe5TyY3Tv432__GH=v+Lpv2EZah0G4ZD+g3E2FkaMg@mail.gmail.com> <20210607130422.GA27971@sources.org> <EE723B6D-7B6B-4B68-A4A1-F1809CF68F1B@gmail.com> <20210607142015.GA31240@sources.org> <C1B56269-0EF7-42EC-8824-70F7485807B2@gmail.com> <20210607190027.GC5394@sources.org> <7CE3F7FC-21C1-4519-AA60-A2FDFFC512EE@gbiv.com> <CALGR9oZFbUnZyRnL-TPvMac25cjp9WTReTAHWLGi+eO3_T7aww@mail.gmail.com> <CAKKJt-eLegqkLw8dJzPwpV97wsdw3BXh7M-=P2BoYC=B04pwSA@mail.gmail.com> <8d9bfd40-59c5-286b-f2b6-64d4e552c69e@huitema.net> <CALGR9oYZUxLmKHt9fxP6Bj11CMiPRfwVr_5Qb-uhnV+moapyrA@mail.gmail.com>
In-Reply-To: <CALGR9oYZUxLmKHt9fxP6Bj11CMiPRfwVr_5Qb-uhnV+moapyrA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=fb.com;
x-originating-ip: [2620:10d:c090:400::5:9808]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 65b6cf2e-fa9e-4038-e668-08d92ab4e401
x-ms-traffictypediagnostic: DM6PR15MB2252:
x-microsoft-antispam-prvs: <DM6PR15MB225230E9F793B34524DFE5E1CD379@DM6PR15MB2252.namprd15.prod.outlook.com>
x-fb-source: Internal
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZQfLFNPfEgFIQEX/z4K1rXZURPuwgPJC9zoajccLXQZxVYlx9Ke5phSlm6Wcb8QdoOPPF4DNtqs+qUQ6DOhyXItQR2RSaTd2iTfZRQEoVaN2tlzEh8u9HuYd7ipefBYlY7k6oIRi2tg/S+HXzWUWtw/PU6fSlkC5E7+FCja1y8CRcE6aGAkuatzNXRSv/Uz9bzpeKepv1b0bjxMmKNmPSLvHs8PWmuScqJ01l1thmF/x+qnBiOSAMwYr+tBgJ5gqtNpsfQJqR59jgk16wgM7rSbL2+mydlykimeNahZ8b79FW2Ipg8wLJs/dn7gSMFgjcOJ/Gi1myTi6Andz2Epy7ksZtKHKJbFqZb8yFBY7Y8EBGO4Wc8TGxb9xUTM3YrhBMHNniRZPomFN+mxTHupNSbFLZ3tXWmfDyJS0SjcVREdrmjACLuBnlQarSHOEwLOkIsweKmD5hK7+uiBsIjVFQa52znZsWYZ0Efx/Ml4sLRzDxrp82DzbQ8FK6Jv7jg1BnmVZg4P2oXIsENqdNAoLJtvktO4oP4gq1NomkcHM6swmVkZb0oqMtS5b2v7P1Grtps9zPo02zynxFPrfM3XANeUKiUVHDSXzE9O3fRQdOgJMOvbvFaSzIIxh7MmKoXisD9N9q24pAI8pLosbwMkQ6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB2681.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(396003)(346002)(376002)(366004)(53546011)(38100700002)(6506007)(110136005)(54906003)(8676002)(36756003)(122000001)(66556008)(4326008)(316002)(2616005)(6512007)(478600001)(186003)(66476007)(2906002)(64756008)(71200400001)(91956017)(6486002)(76116006)(33656002)(66946007)(5660300002)(83380400001)(86362001)(8936002)(66446008)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6aZc4b1srq2SUeCpC3cLXPRhsHQ21z/OX+UtqhhhPf9Sx+XwBQMqOeRrmjUgxBoAj0PSFm6uvuZ2Q7b0ZfUUpM6ztQmUvy5iYr/ZLYY9hkQTvJRPGDkAK/0LPPi8KjsFHAtHuFpw6IIQgWh8lr+xm3sebGlican+ZNblULJij7eIJ1driQAg2CEqyuXsnEF7G/YaFFJLv7B6AhKQ3Za117EwXnJ2Zk9YE7gQS6LWwRfDicNhEp435AP3VY7NhzMB272+79gtXLzRJN8vIKMMNbzNadR8ZwUlIAspksEdluuW5zK+i/pZ5IKhho+5nqiR2w6xoSB8njShl2oaeB8Pcn0Kdmh/G/2jCBM5bDitHkFinfPDKfPca80BjSiwrW3OEKBvbR+JPAwcscENvO+9QH/yuvbSizvizz3YPqRr4ycHmj19TfQs+mDI4uIYE7HhMI7Vuys58+ZpDmKv//Ah+vRLuMxi3/G1h37DVCAiUg3PE9A6ZBU2tRlFYSq0mypSFsEgbraxthaQzW0nr/CUNOHj37kK4UDOGExNd6+gqbSMxRbyj5Y+g3jrJRg9gM3EfkNVqz61D5RVsvcVV2/YKAW2gIwJ7qK67dVNti40SYHqk++K8FNmUEiBTQWfRWxpCM77Q7elx55KL9etDqdWELg86lIVP+FQPShujmve2AJZc6drAE/aMRnL/hfRXy64CY005J1oGMKNrVtpdQvfbqGYSxefgpOYvTdBGgx3AE6QG6Uw9rLWruVpaggl+glUdSVtFLPUoJd+7R0mrL+o1O7xAqinejYuIeYpBdnqXXj7XB00oZ7SLVckcJk/dM+zmtSWYOmWL0dF63RejQTN1wpvQklNpUu8jXhlbzxMITDBTzHkLDsfLtSHFg0kGQWzgeiNSo3Q+xlWXB7pj6G2spFszbpqi0Q09UcZlIWu3fW86RGno1DqVnPSiFyGrUqmWNFV0K8YrGH8FxYskIEVW2WeDfj7O6aKA8Dhgxi7iMyvkHNFvzOm7PzE/2RS14o7W+gyYNZbpnjnEbA2VCvNaQWRI5CM+RYZLVjNqLKQYQshQUh5nRS2gCJlbklCAvrPkgSu9tT5VH6Q6UsOJEodM2DqLiUR2Nk7229sdVihOD+4L6SAi1ZTUS4TrDi33uzla7x85etoQ1zgiOQzwyD60WZPwqeqImLy6xx0JDMh9X7RU4glk4mQj2WzTFykVh1PEe2txKBt4RFyQCnNkge0zqeJN4pyGjeUdPPIW3SlddOiXOGELKEp83WFIo2qq8t5Hbk4tJiPDOIFUl4+sHDB5y25H6sR0B46k14sUpXBa1aUguBggQbD2uW0a3AjBP21+KipgrJjvZPYU88dtbgOxdI7v/Il+OL8ADbLtuKg7Sc=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_4ED9F899186A4ACD88ADA259EF078F0Efbcom_"
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB2681.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 65b6cf2e-fa9e-4038-e668-08d92ab4e401
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jun 2021 19:37:45.5446 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qppepHVVe7ehKhr9P+rGonjHarieFnKZuJyjIZQn4YzNsxG/MM320wOEN0ErCxDk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR15MB2252
X-OriginatorOrg: fb.com
X-Proofpoint-GUID: S95AldS7XsCUrraGL6Gg6HmtaKkKJCXh
X-Proofpoint-ORIG-GUID: S95AldS7XsCUrraGL6Gg6HmtaKkKJCXh
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-06-08_14:2021-06-04, 2021-06-08 signatures=0
X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 bulkscore=0 priorityscore=1501 suspectscore=0 spamscore=0 mlxscore=0 phishscore=0 impostorscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2106080126
X-FB-Internal: deliver
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/8HG0vkifvqI23M-FPBgnTItiuyI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 19:38:03 -0000

It isn’t just about connections, though.
Connections are just one example of resumable sessions.
The things to worry about apply to all resumable sessions.

-=R

From: QUIC <quic-bounces@ietf.org> on behalf of Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Monday, June 7, 2021 at 7:20 PM
To: Christian Huitema <huitema@huitema.net>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, IETF QUIC WG <quic@ietf.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Subject: Re: A question about user tracking with QUIC

Hey Spencer, Christian,

On Tue, Jun 8, 2021 at 2:58 AM Christian Huitema <huitema@huitema.net<mailto:huitema@huitema.net>> wrote:


On 6/7/2021 6:50 PM, Spencer Dawkins at IETF wrote:

Hi, Lucas,



On Mon, Jun 7, 2021 at 4:22 PM Lucas Pardue <lucaspardue.24.7@gmail.com><mailto:lucaspardue.24.7@gmail.com>

wrote:



Hi,



Speaking as an individual.



Through the lens of server-side observation and linking of clients, I

think Christian makes astute observations on some common concerns and

QUIC-specific ones. Roy too makes some great additional observations about

the context of discussion.



Agreed. Very helpful.





It seems to me this topic might well do with some time to draw out the

considerations for documentation. However, the applicability draft is

already through a second round of WGLC, and that timeline seems too tight

for inclusion of such considerations. I would seem to me that the PEARG

(Privacy Enhancements and Assessments Research Group) [1] is ideally suited

towards housing effort on deeper/broader analysis of privacy aspects of

protocol evolution (I might even stick a note in for multipath TCP as

something that moves the needle on privacy of "legacy" application

protcols).



Ignoring the question of PEARG interest in this topic for now, I'm assuming

that these observations would likely end up in an Informational RFC, is

that right?



An IRTF RG can publish Informational and Experimental RFCs, but not BCPs or

standards-track documents that must be published in the IETF stream, so

that would be an important question to answer early.

That.

The IRTF is not the IETF. IRTF research groups are best for analyzing difficult research issues. But if we end up doing something like "privacy considerations for QUIC clients", IMHO that belongs in the IETF, not the IRTF.

Not disagreeing with either of you here. Although perhaps I was thinking more broadly that QUIC-specific concerns, and something more like "privacy considerations of long-lived and resumable connections for protocol design and user agents". This to me would appear to me to fit some of PEARG's charter goals such as: "Formulate better models for analyzing and quantifying privacy risks", "Offer guidance on the use of emerging techniques and new uses of existing ones", and "engage with other organisations e.g. PETS, SOUPS, W3C and the Privacy Interest Group therein". Others could disagree with me, and I'd encourage them to express an opinion so we can figure it all out. I guess I was speculating that the process of work in an RG might actually help us determine the right type of text (if anything) that should be written for affected protocols. That could provide input into concrete consideration for protocol designers or deployers, best written in an IETF WG. The best place for QUIC work is this WG.

Cheers,
Lucas

v2.23.0 | Report a Bug | By Email