Re: [saag] Ubiquitous Encryption: content filtering
Joseph Lorenzo Hall <joe@cdt.org> Fri, 19 June 2015 13:10 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9289F1A8F4F for <saag@ietfa.amsl.com>; Fri, 19 Jun 2015 06:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.501
X-Spam-Level: *
X-Spam-Status: No, score=1.501 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HnIfatyuRjAP for <saag@ietfa.amsl.com>; Fri, 19 Jun 2015 06:10:28 -0700 (PDT)
Received: from mail-lb0-f174.google.com (mail-lb0-f174.google.com [209.85.217.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFC991A8F4D for <saag@ietf.org>; Fri, 19 Jun 2015 06:10:27 -0700 (PDT)
Received: by lbbvz5 with SMTP id vz5so23775262lbb.0 for <saag@ietf.org>; Fri, 19 Jun 2015 06:10:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=R4UOkMY59ZYdhzhNzebH4NrL3z5E7WE8IEXU+r52AJ0=; b=j5lIygMKJ8zKfuXAmYGfseUeAJhoNfFEuSfH2F2pEwf2e2I7+09Ls1gI6HYnp63MTe Xp6f9oNDeD/TaxWhea0P36SpJA5VU82mw7RK2h5axV/vFeaxwPIgvydtOoCG789oYgUO iUF5svuUFWduxkbAZlKnvys1w1oaD+CMpLIFnrtqVN3LK55M8c26gu6d7F7Qghj7ibjz eWYCYwuKmSOzcDC9O+AF8TyD1BL5bPHzlMiO2sCEE08tUUAbYM7x0NJX0KkKhPA0FWKJ eR5wqepNJYQToYoIsBE2CqVIdxINMtXYy2pB8AbR3b/7R3NB47g3Pccsa1tovOvzWRTT eLuQ==
X-Gm-Message-State: ALoCoQkZcMN6q+rn75mCSOLfAyBI/B3HHRDaC0EIzMX5doogGKfw41zKxII3i9QabsmUltNfuLKb
X-Received: by 10.152.5.65 with SMTP id q1mr17801512laq.110.1434719426141; Fri, 19 Jun 2015 06:10:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.154.5 with HTTP; Fri, 19 Jun 2015 06:10:05 -0700 (PDT)
In-Reply-To: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Fri, 19 Jun 2015 09:10:05 -0400
Message-ID: <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com>
To: Natasha Rooney <nrooney@gsma.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/rml5M8HJYGOQRZG6xsN-I6TEJd0>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 13:10:35 -0000
I would at least like this to acknowledge that it's possible to do filtering at the endpoint. As you can imagine, I would argue another term for content filtering is censorship. best, Joe On Thu, Jun 18, 2015 at 3:58 AM, Natasha Rooney <nrooney@gsma.com> wrote: > Hi all, > > I have a new submission for the Ubiquitous Encryption draft. I must admit, > this one is a little controversial, and certainly is not something I believe > in. However, I had a good think about it, and figured that this is an > "effect" of ubiquitous encryption, and maybe would be beneficial for the > draft. I am not expecting anything comes out of adding it past education for > members of the IETF community that this is an issue for some organisations, > governments and maybe users. Please feel free to tweet me if you want to > discuss personal views! Anyway, here we go: > > > 2.3.X Content Filtering > Law agencies may request Service Providers to block access to particular > sites such as online betting and gambling, sites promoting anorexia, or > access to dating sites. Content filtering in the mobile network usually > occurs in the core network. A proxy is installed which analyses the > transport metadata of the content users are viewing and either filters > content based on a blacklist of sites or based on the user’s pre-defined > profile (e.g. for age sensitive content). Although filtering can be done by > many methods one common method occurs when a DNS lookup reveals a URL which > appears on a government or recognised block-list. The subsequent requests to > that domain will be re-routed to a proxy which checks whether the full url > matches a blocked url on the list, and will return a 404 if a match is > found. All other requests should complete. > > Even in encrypted connections transport and lower layer metadata is able to > be viewed so for many systems content filtering should be able to continue. > Cases when they may not work is when TLS proxies are being used which > obscure metadata with the proxy metadata, and future versions in HTTP and > TCP may encrypt metadata again stopping content filtering software from > working (this is currently not the case and has not been standardised). > > Some sites involve a mixture of universal and age-sensitive content and > filtering software in these cases may use more granular (application layer) > metadata to analyse and block; this will not work on encrypted content. > > > I do have a few questions about what I have written, maybe someone can > answer: > [1] Does HTTP2 multiplexing do anything to content filtering software, i.e. > when sending multiple requests for one webpage (loading images in > particular). I don’t think it does it’s just that my brain isn’t working > this afternoon... > [2] Is it fair to mention future versions of HTTP and TCP when nothing has > been standardised yet? I don’t think so in which case maybe this should be > removed. > > Hope this didn’t ruin everyones morning! Thanks! > > Natasha > > > Natasha Rooney | Web Technologist | GSMA | nrooney@gsma.com | +44 (0) 7730 > 219 765 | @thisNatasha | Skype: nrooney@gsm.org > Tokyo, Japan > > > This email and its attachments are intended for the above named only and may > be confidential. If they have come to you in error you must take no action > based on them, nor must you copy or show them to anyone; please reply to > this email or call +44 207 356 0600 and highlight the error. > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
- [saag] Ubiquitous Encryption: content filtering Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Smith, Kevin, (R&D) Vodafone Group
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Farrell
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Christian Huitema
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Ted Hardie
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Yoav Nir
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty