Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session
Mark Nottingham <mnot@mnot.net> Tue, 22 March 2022 02:17 UTC
Return-Path: <mnot@mnot.net>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D1A3A1750 for <secdispatch@ietfa.amsl.com>; Mon, 21 Mar 2022 19:17:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=i6jXoXKW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bg//VElZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qLHPS5QF-Jx for <secdispatch@ietfa.amsl.com>; Mon, 21 Mar 2022 19:17:16 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8EA63A1CB6 for <secdispatch@ietf.org>; Mon, 21 Mar 2022 19:17:16 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id B5A2B3200EC0; Mon, 21 Mar 2022 22:17:15 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 21 Mar 2022 22:17:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=UfSVaZvKdLHYR6 Yqy/6yQy0lIxzdkOpNaB5GrXY0UAY=; b=i6jXoXKWZRqeUV7oTd0QhtB1MkCigs UV8yuMseZpkmGMjgfpdCaKDOPREiFGKpNrZjvrQfSrqRU+W6ECOOyty1w7TMJ5EB vzwmDsddCF4JJsNxTOkKBeGLRmN+/dxsJ678uW+mRepVMiwqSWlnWteopz7n/+BU xv9ZBU12HZxjNJaNn/OJxzmHX1DhbUAOoJ7JfNjVNKfZndNxhUmOGhd126EjnmGT XVAqRJX1nnofrzVQrawXRLOwv6jTTqStSckoAOoPVpi5LASM1wrS+sba/CPMcI4K 8uoesXyZjQ618BDsWLpImfulocYa+sCX17Gc4dQkg8zpnMFVF1jjWSiw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=UfSVaZvKdLHYR6Yqy/6yQy0lIxzdkOpNaB5GrXY0U AY=; b=bg//VElZ8dut/4hVEu+a1WkeCDWe4nNTVaWdsSFaVhhB6YT4wem4+lSXo E+MD6T6FIkcUliF3eQ4PljzQnDg/BUr51kVvw1BDqHV757lGM3D4Ni1XR04jqoN8 nwn6b65RPE8YcS23kjh9y/+GiBAle+i0Dkl7TYy7H4uBE92xwcl06cZFrOES01rB kV2RTA88uNsQa0k+zSChQZFzpEYZbBVY3ZRoTXQWI1c9Q1hW1JLiQ8b6WaIEjrlQ +GGkpUGqn9JIEGnxE/RDAQ7k33LtrI3wZT2DiNs4obGTKQzd5oGMxTakP9+4db/p qtypumNHgcJnTyr9IGJEji5S9C/NQ==
X-ME-Sender: <xms:qzE5Ys6EZI6UqW6fWJUrFfYnZoYNTVlcx81KQkbxG-6R6NTXUs0hVg> <xme:qzE5Yt67-0keQ19FmzfMS0VfnqQrmThydh0OhwuNOaB2RDClqj1C7IAb93fBwRXnu W19zOGmHR5aTgtyEQ>
X-ME-Received: <xmr:qzE5YrfJAFdDCp1ftSeF0XYW0o3lfcWSZKmr8e5w7uFrgx4lTZmKRgWoZjAVqf5FKFaG4U9erwnrYvV6ohzOySocWKzLHZMtoIilMbP_Mp8C5BqvJKQ1m3oh>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeggedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtjeenucfhrhhomhepofgrrhhk ucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeduhfdtudegfedtfeekveevgefhveevffetjeefkeehteeglefhvdfhffdvfefh gfenucffohhmrghinhepihgrsgdrohhrghdpihgvthhfrdhorhhgpdhmnhhothdrnhgvth enucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmnhho thesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:qzE5YhK5J6wJ-ZzXGcMN3hRAGXPJ8E-cFBL6Tu3P1Lut7rDlSTDVdg> <xmx:qzE5YgK9C3Jy9iYP8fQo-xujnUW7vBCvROzTmH6vyKCKMrDV3GYRoA> <xmx:qzE5YizijZWdAJCGTLuM0zcVc_8tq_bhdZ817ynmxXS-pmU5kyJYfw> <xmx:qzE5YnWo_EnSl6AlMW70N4B6NIB8F-g_Lx-jhD13eO_mCp-M4-uVEw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 21 Mar 2022 22:17:13 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <LO3P265MB20920BC976D371AFDD3FFA1FC2129@LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM>
Date: Tue, 22 Mar 2022 13:17:11 +1100
Cc: David Schinazi <dschinazi.ietf@gmail.com>, "secdispatch@ietf.org" <secdispatch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <29ED5EBE-D5B5-435A-B32D-10BE19513A25@mnot.net>
References: <LO3P265MB209260DA72D1A8383FD64BBAC2119@LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM> <CAPDSy+5X_SmRi026tLHrQU3Zc+oUPPOqwSJ+9HoGuMSd4wvQ=Q@mail.gmail.com> <LO3P265MB20920BC976D371AFDD3FFA1FC2129@LO3P265MB2092.GBRP265.PROD.OUTLOOK.COM>
To: Andrew Campling <andrew.campling@419.consulting>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/jdtTaO8HTw1s8soe-iWwDkcJqf0>
Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 02:17:24 -0000
I'm not going to be at SECDISPATCH, so I'll make my comments here. First, a general comment. Andrew, you seem to be forming a habit of relying on 8890 to get air time for your arguments. That RFC's focus is on encouraging the IETF community to consider the impacts of its actions elsewhere. The only place it privileges those already active here is when it talks about civil society organisations' ability to act as a channel for engaging the broader Internet community. I don't believe you're acting in that capacity here. I.e., your arguments should stand on their own -- invoking 8890 doesn't reinforce them. Now, regarding the draft -- draft-campling-ech-deployment-considerations seems to assume that the *only* viable way to scan for viruses, impose parental controls, or control access to resources is by having a network element impose it without coordination. Your draft supports this by noting that transparent proxies are used because they're easier to administer than on-endpoint software -- a viewpoint which privileges administrator convenience and cost over user safety, and ignores other options. The underlying problem is that such "transparent proxy" services are unauthenticated -- they rely on the user understanding that the network is going to perform these services, and accepting their imposition. They're also disproportionate, giving complete access to all data flows and capabilities on the connection. Performing these tasks in this fashion allows not only legitimate authorities to impose them, but also illegitimate attackers. As such, they're inappropriate for deployment on the Internet, and that's why we're seeing efforts like ECH -- use of this data and the associated control channel without explicit user authorisation is not "permissionless innovation" (as your draft states), it's an open door to abuse. Put bluntly, you (as a network operator) don't have a right to "innovate" with my data (as a user) -- especially without my permission. This doesn't reduce the urgency of meeting those goals for some users, but it does mean that they need to be met without endangering security and privacy for all users on the Internet, even if that has historically been the path of least resistance. It also doesn't mean that the path forward will be easy. What's required is a discussion and implementation of interfaces for offloading these functions from operating systems, applications, and IoT devices -- potentially to somewhere else on the network -- in a way that maintains users' autonomy, privacy, and security, and in a proportional way (i.e., only as much access to data as required to fulfil the task). That is difficult not only because of the inherent user interface subtleties and potential for abuse/hijacking, but also because there is little current coordination or convergence at that layer. The IETF has a very clear responsibility to assure that the protocols it ships are secure -- hence, ECH. It *could* have a role to play in responsibly offloading these functions, especially where the work intersects protocol design. There is also other work to be done that's squarely outside our scope. I'd suggest that you and your co-authors focus on assisting those positive, forward-looking efforts rather than trying to stop ECH deployment. Cheers, > On 17 Mar 2022, at 7:38 pm, Andrew Campling <andrew.campling@419.consulting> wrote: > > Hi David > Thank you for your interest in the draft. You’re right to highlight the benefit of privacy but, as you will see when you read the draft, we highlight a range of issues that can reasonably be considered as being in the interest of end users such as security, cost and complexity. > > Focusing specifically on privacy, it is of course more complex than encryption. For example, as noted in the draft, by removing an indicator of compromise (the SNI data), a user may be at greater risk of attack from malicious content or simply by surveillance by badly behaved client software. > > RFC 8890 highlights the importance of multistakeholder input in order to understand the potential trade-offs between competing factors that may impact end users. This is an instance where such engagement would be beneficial as it will no doubt highlight other considerations to take into account. > > As you conclude, let’s discuss it at Secdispatch but I believe that debate will be more useful if we avoid using such a narrow interpretation of end users' interests. > > Andrew > > From: David Schinazi <dschinazi.ietf@gmail.com> > Sent: Thursday, March 17, 2022 1:01 am > To: Andrew Campling <andrew.campling@419.consulting> > Cc: secdispatch@ietf.org <secdispatch@ietf.org> > Subject: Re: [Secdispatch] Request for a slot at the Secdispatch IETF 113 Session > > Hi Andrew, > > (I'm writing as an IAB member, but not representing the IAB) > > Your understanding of IAB document RFC 8890 is incorrect. Encrypting the TLS Client Hello is performed to protect end users. In particular, it is an example of Section 4.2 "Creating User-Focused Systems" as it brings control over information sharing closer to the end users. Additionally, ECH was the product of Section 4.3 "Identifying Negative End-User Impact" as we have seen abuse of user information caused by networks observing the SNI. That section additionally references RFCs 7258 and 7624 which clearly lay out the dangers of cleartext information and the user benefit of encryption. If you'd like more information on the IAB's position on this topic, we also released the following statement: <https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/>. > > You're welcome to raise your concerns about ECH, but they are in the opposite of the spirit of RFC 8890. Let's discuss your draft at secdispatch, but I can't imagine it progressing with such a clear misunderstanding of RFC 8890. > > Thanks, > David > > On Wed, Mar 16, 2022 at 9:15 AM Andrew Campling <andrew.campling@419.consulting> wrote: > I would like to request some time to dispatch draft-campling-ech-deployment-considerations at IETF 113. The draft is intended to inject additional detail about deployment considerations relating to Encrypted Client Hello by including observations on current use cases for SNI data in a variety of contexts. In the spirit of RFC 8890, we believe that end-user needs to be taken into account in protocol development and we hope that this document is one small step in that process. > > > Andrew > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch -- Mark Nottingham https://www.mnot.net/
- [Secdispatch] Request for a slot at the Secdispat… Andrew Campling
- Re: [Secdispatch] Request for a slot at the Secdi… Kathleen Moriarty
- Re: [Secdispatch] Request for a slot at the Secdi… David Schinazi
- Re: [Secdispatch] Request for a slot at the Secdi… Andrew Campling
- Re: [Secdispatch] Request for a slot at the Secdi… Mark Nottingham
- Re: [Secdispatch] Request for a slot at the Secdi… Kathleen Moriarty
- Re: [Secdispatch] Request for a slot at the Secdi… Salz, Rich
- Re: [Secdispatch] Request for a slot at the Secdi… Eric Rescorla
- [Secdispatch] dispatching draft-campling-ech-depl… Stephen Farrell
- [Secdispatch] about draft-campling-ech-deployment… Michael Richardson