Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session
Andrew Campling <andrew.campling@419.consulting> Thu, 17 March 2022 08:38 UTC
Return-Path: <andrew.campling@419.consulting>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E3843A0D42 for <secdispatch@ietfa.amsl.com>; Thu, 17 Mar 2022 01:38:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.129
X-Spam-Level:
X-Spam-Status: No, score=-6.129 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tS3mKY_ooej for <secdispatch@ietfa.amsl.com>; Thu, 17 Mar 2022 01:38:44 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-cwlgbr01on0613.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe14::613]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E7A53A0D35 for <secdispatch@ietf.org>; Thu, 17 Mar 2022 01:38:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZTUf+07J/5F3xvwLp0m2LmFzTeZvXYeIZLoinGwjtaLlB8wG6gmfQv9C92oEWgrmvKVRWVrlNOJAL0p9T8N1k40e5wPrLr7JrO+XNoUpS15yCUcFO7cJ6ie1nY82ponY+zt6b9jaNHifoqtIaEJkFJiNRs9Xd3ZMuqVwr2MLuSiEvD/uA85IxkHOr0iEnOQmZU1htk4mDaW5vDEnWed+YdKWjSUF6bP/IOV3gdgIpo6IELX4XTJuvY2deLCfLs64tQ0ezeM4r3bDqwOq3cyNKmFGCcfZBIF6OV6LiWThPekAibZLO3yhXpbH1Y6Rzreb0h/MWQmAMvfv9Yu0EAzN9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kE8d7oRjUb1De9amvks/o3FlnYkVbloRjl1KwM03u68=; b=TAFAEiyqyXvaTY1q0bT917Q17+XnERqh2gLKReUit5judf4JM2FS8mzDxRoz4fGcccwTFnBciqTKojTn+FCisrAznP8pGO1iqPbaIUdTlGGhVlBf8RcIHTkKBneZZs3rsvzFpexlXpxl8BeLbtR2fWCIYKmQohHgr8sleep1g7N4sm2yCw3q0rHHHyZfYK7nNNkxZgahIlFM0E5VDz7JWKntdO12eVIRFZXQqZIzihQdcgFi38c76RLqDlGEK/b+VNfU3kQRcYQsZWyZxSGOvXq0fiqklmWbt26fZK1hk2y87cBbBb1lWk9ZOxGuKNlsLkOBdUjd8r815vOGyE12cQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kE8d7oRjUb1De9amvks/o3FlnYkVbloRjl1KwM03u68=; b=SGg9rfCf5DSGiNFANzX4yidxjR5N2TkRfWb0uhQNQ2xPOa+Iao0Ng7bZDvcARslDj6WGj2RQSc3xKNlDO6NPEJHCgNUV4FIvNNPiWOy5fvuqmhnhHbH15t+oYnFJsA6Q+RHILArhSnSKxZ4NO9PaAKnYg2SDe5muVPVTFyddmO4=
Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:103::12) by CWXP265MB4506.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:177::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Thu, 17 Mar 2022 08:38:39 +0000
Received: from LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9]) by LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM ([fe80::2972:e81a:9c67:cea9%5]) with mapi id 15.20.5081.017; Thu, 17 Mar 2022 08:38:39 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: David Schinazi <dschinazi.ietf@gmail.com>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session
Thread-Index: Adg5T/fU+rhG7dE8Srm3FXsRyRsO1AASpeAAAA9NInU=
Date: Thu, 17 Mar 2022 08:38:39 +0000
Message-ID: <LO3P265MB20920BC976D371AFDD3FFA1FC2129@LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM>
References: <LO3P265MB209260DA72D1A8383FD64BBAC2119@LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM> <CAPDSy+5X_SmRi026tLHrQU3Zc+oUPPOqwSJ+9HoGuMSd4wvQ=Q@mail.gmail.com>
In-Reply-To: <CAPDSy+5X_SmRi026tLHrQU3Zc+oUPPOqwSJ+9HoGuMSd4wvQ=Q@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=419.consulting;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 172718df-186c-4f57-0b83-08da07f188fa
x-ms-traffictypediagnostic: CWXP265MB4506:EE_
x-microsoft-antispam-prvs: <CWXP265MB4506D87D44C275FCCD6093ACC2129@CWXP265MB4506.GBRP265.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /rHMhcHSJjiKD/M+tXxqqLI8oKhVPdQxalHgqtq6HVcBLTDJhsiZDZRZuklK1/heNnHgAlLXCrlp4Z2ufNVLFt85TIktpM3sU4tCxoTAAn0f0d+ZEdhvPiMwZO4uR+tfNG1b/CbwWdjhN81pZTK0f/78gjUK1EQ6S0DhaOqEjOPNHYqr/Dcgr9Amg8dKGPLhSmzKZq3TCciTn8P/x3WYLweAG50rCZYaIR8p3MuTrb5QDilWNm7q5oRkIlWznaj1GN4FB7rcp3Pb/isEhZS+q4XekbU2py+WRqD4fNlctvyiHNikX5/0eu3diyliOalkw9S2GYUD8QrxYhs98aCTx67ZYRHUWw/foAfEffpY+vgf6GyJg6T5B2bM4tT40JEw8ki9UmqPNoT9YYIemhZq6pQg6fj+eRZT6sSxGCcAmfRzTnW7kTj45IWA2iQceTaXngOHYIj1MhQnhSwxmAyRlfMi4SjLrb6NYsMbRQmb8ORRRkthb+zJg53RsUCpcbS6Hp+JyAlWY3cp+I7nbjCY8BxAQTh077Gq77+5EwCRA2EefVNixsweF3DJ8nnF4e5ip61lA7fNuOtp/9hPY0yLWHOzYMBsLem2HM4H4ofQrfLXojKrIcuDecuu8KQH9E9I3+ebeIQ6c6VZSwYLcT7wTUDNktqL+dlCKNZsc7BTmEAgzhkhfySice2nbj2hPkgt4rQ9qkKPwKRWb6HE6oUbQd/TPY2QFx/Ta6wAktvUCL30Dkg1zWGlAIEQx3ZxrmkgsT2DYbT+MKOYndn/97BCTUqJJ0eJicb5iIrYod8Fsr4LFTHK1CIrjxvp3R45TnJ9
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(136003)(396003)(376002)(366004)(346002)(39830400003)(38100700002)(53546011)(7696005)(6506007)(122000001)(186003)(52536014)(86362001)(966005)(9686003)(38070700005)(66574015)(8936002)(26005)(71200400001)(33656002)(166002)(55016003)(44832011)(83380400001)(316002)(2906002)(5660300002)(64756008)(508600001)(66946007)(66476007)(76116006)(66446008)(8676002)(66556008)(6916009)(4326008)(46492015); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UNt3gXtdPgGV9ZzOFrJoyRpNLN0Vs5WpETirVo7PQzQuHWePpaXlxq0e1Kl/4wq4kkzXyyIwVR7qAX5/F3Y4OkHk9pjEMEVqkVQdWqDKHKaNY6bn70rbQhb16/XEwDS0NL9QmKjnQoFk0JSnCYeGFA0lDS6k62SeHgactLoz6oK6vjT49kqLeZE0Jnw+Sa5oAtlVa8xGg5t4roWGrP0hV2kN7lhT6xqRoyNhYTo1mk7JYyoDhUSSnh5v5uZvwtjuEPbRnjH8ib5Z3vAhaTQqezqUP+rh/QaOEOf2SSCoJdxq5QB6iB5HA93lefhpK81qJI4/uBkq808CGY16GoIaY7e3Lxs3JZhXa/nnzZSuWwodkD0pcI6CMqTvlyG5JCnEdXjPpNtUHzoIUkjAQ0LS9kMwNDDl60qB6/KiEEEqIrB60ekeC0O9g/eSidatwg5IK16mBbvJzsKMjAfSlvm7zSnlU2v2Q+z1dk3I56KOjFsTUEsdACkCthXdzExUA9IEZKe//L2DzwkJVVx79Y9cd9tGxqC/pHLMdjMSteiKJWYQ+GAgJq8LtYlnX2PpQUeq12PLsJGHjkGSbeyHrKvnccDJoypp1BP/bNNUSTP0wb3IlDuRNbYTwHfQlOqnVYdpoUCbWmcGgk2bR/6vp9nl2/qxeaeScTrOEJ9TWmCBuR3XokAc8zxQ5qcfl1Mj4x5NhNWG9OOGhnnPOaubg2B9Sjiov8FFDMsC8fKj4dD4qyV7DcbJUQLXW0weUgtreEiW/QEPfGZTYGdg3H4uVHOBryIP5tGXHwNPSAfGFX0BuP1ofdkwe+hKQntoY0mouUbHhBihMblj1u/D80tMhC0ayLx+c+KX5gjX9OiVl8oTs03sApE/ziXtgVFH2vvRRmMgiM4pAj4LWhQpYABGdGpFBBJHOWnPESs1O3AbV4KE5A5DaHyH1TksjLYntr9ppJY+JvLYY0H4kljN2jY8afbOij0CZtK5lmuTJxO97aOLz9p7U6mStUip3u8jhviNSpEAdEA0WMU6HAPbLFA0dXGyJnPZnp78ZwIcCMTIYLgwBWTmm0KaOvhLBzMEwGjCGt2Rr+BXOP4YHUOlTnPxN76Af3nHnD9IoDGou9iyubcmn3vFxHGK22noc2eTegCydmZ8wSVHTXuVeAWw3DUBmJwhs/4v33fqOs037MdJECWuI0D+ttsA6b7wYgq/fZ3A9LwYkgIufUwdV8JRPZdMeRemac31+cszDgD0gTB7Svz+kgIoBnGyPXcSit3W7JQNZlrx2qEoYXxV8LNQL34MevRRSic0A4kTDaBR8CCwOD/P2q+X87Jxl22ALk2b8zxfpY7hSIlyq9xJAsOpwCwiGS2WeufGQUU1tkYNcX5FRI8KMsIhhRfSqIXrg7tGNE3xsg/Aux95EtenntWaL+EaLeHMHBthaLPljTzGVAqksFneHBnOZ0T6MIs2r1hGmXPEcK0RUtIS6CKcVDT2g1Ufn+C6Ltf5d32H4diDg4Q9M9GkDRQ=
Content-Type: multipart/alternative; boundary="_000_LO3P265MB20920BC976D371AFDD3FFA1FC2129LO3P265MB2092GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 172718df-186c-4f57-0b83-08da07f188fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2022 08:38:39.2010 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cCCS8IYLtKs01MlKGRRQRO1w+19G4O6xQXqECpU8mNmBqB3mG1F9BiV57dcgGDErl8xOKaZDkycf09NWVjjPG4O0uUKGNCWKMipAkmvmkMA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP265MB4506
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/Y2N2BPjDCQTb215MvYQALdTvi0E>
Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 08:38:49 -0000
Hi David Thank you for your interest in the draft. You’re right to highlight the benefit of privacy but, as you will see when you read the draft, we highlight a range of issues that can reasonably be considered as being in the interest of end users such as security, cost and complexity. Focusing specifically on privacy, it is of course more complex than encryption. For example, as noted in the draft, by removing an indicator of compromise (the SNI data), a user may be at greater risk of attack from malicious content or simply by surveillance by badly behaved client software. RFC 8890 highlights the importance of multistakeholder input in order to understand the potential trade-offs between competing factors that may impact end users. This is an instance where such engagement would be beneficial as it will no doubt highlight other considerations to take into account. As you conclude, let’s discuss it at Secdispatch but I believe that debate will be more useful if we avoid using such a narrow interpretation of end users' interests. Andrew ________________________________ From: David Schinazi <dschinazi.ietf@gmail.com> Sent: Thursday, March 17, 2022 1:01 am To: Andrew Campling <andrew.campling@419.consulting> Cc: secdispatch@ietf.org <secdispatch@ietf.org> Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session Hi Andrew, (I'm writing as an IAB member, but not representing the IAB) Your understanding of IAB document RFC 8890 is incorrect. Encrypting the TLS Client Hello is performed to protect end users. In particular, it is an example of Section 4.2 "Creating User-Focused Systems" as it brings control over information sharing closer to the end users. Additionally, ECH was the product of Section 4.3 "Identifying Negative End-User Impact" as we have seen abuse of user information caused by networks observing the SNI. That section additionally references RFCs 7258 and 7624 which clearly lay out the dangers of cleartext information and the user benefit of encryption. If you'd like more information on the IAB's position on this topic, we also released the following statement: <https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/>. You're welcome to raise your concerns about ECH, but they are in the opposite of the spirit of RFC 8890. Let's discuss your draft at secdispatch, but I can't imagine it progressing with such a clear misunderstanding of RFC 8890. Thanks, David On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling <andrew.campling@419.consulting> wrote: I would like to request some time to dispatch draft-campling-ech-deployment-considerations<https://www.ietf.org/archive/id/draft-campling-ech-deployment-considerations-01.txt> at IETF 113. The draft is intended to inject additional detail about deployment considerations relating to Encrypted Client Hello by including observations on current use cases for SNI data in a variety of contexts. In the spirit of RFC 8890, we believe that end-user needs to be taken into account in protocol development and we hope that this document is one small step in that process. Andrew _______________________________________________ Secdispatch mailing list Secdispatch@ietf.org<mailto:Secdispatch@ietf.org> https://www.ietf.org/mailman/listinfo/secdispatch
- [Secdispatch] Request for a slot at the Secdispat… Andrew Campling
- Re: [Secdispatch] Request for a slot at the Secdi… Kathleen Moriarty
- Re: [Secdispatch] Request for a slot at the Secdi… David Schinazi
- Re: [Secdispatch] Request for a slot at the Secdi… Andrew Campling
- Re: [Secdispatch] Request for a slot at the Secdi… Mark Nottingham
- Re: [Secdispatch] Request for a slot at the Secdi… Kathleen Moriarty
- Re: [Secdispatch] Request for a slot at the Secdi… Salz, Rich
- Re: [Secdispatch] Request for a slot at the Secdi… Eric Rescorla
- [Secdispatch] dispatching draft-campling-ech-depl… Stephen Farrell
- [Secdispatch] about draft-campling-ech-deployment… Michael Richardson