Re: [Trans] Removing the Preventing Tracking Clients section
Tom Ritter <tom@ritter.vg> Thu, 10 May 2018 06:47 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B01E127078 for <trans@ietfa.amsl.com>; Wed, 9 May 2018 23:47:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ritter.vg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BqzYIMA3f96Y for <trans@ietfa.amsl.com>; Wed, 9 May 2018 23:47:08 -0700 (PDT)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9633B126CE8 for <trans@ietf.org>; Wed, 9 May 2018 23:47:08 -0700 (PDT)
Received: by mail-io0-x232.google.com with SMTP id t23-v6so1806141ioc.10 for <trans@ietf.org>; Wed, 09 May 2018 23:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VZCl7VXTpaWTpQaZbtNNxQwF/HPSC0ciK/y18lwRylQ=; b=TgN6M3XihB80kDW2Itrm4bjvLpK33CJwQEoywuU+mXCzyQOo9safErGDbc5SiyqTA6 zNkrWWe8tUuO0DwyKG7A0paSTmuevpQhosdbcN51VBRu7M5Pj7cOFF9xdFJXqjBWQRbY X/cNokXFh5QVawTMevNGu5bZY3/UTuk3jiBiI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VZCl7VXTpaWTpQaZbtNNxQwF/HPSC0ciK/y18lwRylQ=; b=VFOtbRKtWnz2KR9YQ26W7YrikyeHvraC0w2U4dUvQsBw98eXSGSx0jf7RihGLl9epw pKJ4dmDKi0RPy4y8WgyyPTDMtdXxhH8EiZ18WePALWVN+Dw2HGN4MKDjMt1zVhpXBGqI 39WvMOWecqbjYiZGgSsgf5dt23qNsqJihkmrPmB9qhP3ZacCARLxU8YcYNCYQIXykqkv bO9BpEmB4ZBUTD9E14L6T3Jp+sUuWI2mzsr4MKSLpsm6PKsoQYWTY6Q+KGe7irmHbrSx rn9eBVXfI5Cm0PQxNQhKTEV2WXNY/ISaANjgptSyfoAwdPZUATps4GqcwncCOtePUfTv AhbA==
X-Gm-Message-State: ALKqPwd9RNxOuqPb9RzgC1Codp3iJ5UVzbZAWnWVJ/XLr93YuWvI2CEV 3lpjz1/MeQUZRtG2TvI8qGYlM5qzi/x8rKI0+sEgeg==
X-Google-Smtp-Source: AB8JxZqi68S9cI/JGzzdcEj8PNnkn8GAPenlQCliN4DoBtuzE7Uq4zctshcXYYsRUygbzHwYf6tW9YWa+QE2BZDq4xI=
X-Received: by 2002:a6b:1b94:: with SMTP id b142-v6mr187839iob.137.1525934827765; Wed, 09 May 2018 23:47:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:6c46:0:0:0:0:0 with HTTP; Wed, 9 May 2018 23:46:47 -0700 (PDT)
In-Reply-To: <20180424094310.22c8c8c856a3b223becf4b00@andrewayer.name>
References: <433531cf-87c6-f7ff-b476-f2210a681a52@ComodoCA.com> <20180424094310.22c8c8c856a3b223becf4b00@andrewayer.name>
From: Tom Ritter <tom@ritter.vg>
Date: Thu, 10 May 2018 06:46:47 +0000
Message-ID: <CA+cU71=vr_fFe7mu4qsWkUievRiN+P1c3WT1sBLF=AOa3=rXVw@mail.gmail.com>
To: Andrew Ayer <agwa@andrewayer.name>
Cc: Rob Stradling <Rob@comodoca.com>, "trans@ietf.org" <trans@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/A6EKP6TcUohbyok_W6498QHEtaI>
Subject: Re: [Trans] Removing the Preventing Tracking Clients section
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 06:47:11 -0000
On 24 April 2018 at 16:43, Andrew Ayer <agwa@andrewayer.name> wrote: > On Fri, 20 Apr 2018 22:13:54 +0100 > Rob Stradling <Rob@ComodoCA.com> wrote: > >> EKR had some concerns about this section >> (https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-28#section-11.4). >> We (the authors) discussed it and concluded that this section >> should probably be struck from 6962-bis. >> >> PR here: >> https://github.com/google/certificate-transparency-rfcs/pull/295 >> >> Anyone have any objections? > > Yes. Developing a workable gossip solution will require experimentation > to get it right. If log artifacts (STHs and SCTs) can act as > supercookies, it will limit the type of experimentation that can be done > by TLS clients, as clients won't be able to store and transmit artifacts > without potentially violating their users' privacy. > > Al proposes that this section be moved to a gossip doc, but that > creates a circular dependency: logs won't implement an unproven, > experimental gossip spec, but proving the viability of the spec will > only be possible if logs comply with the spec's anti-tracking > provisions. We can avoid the circular dependency by leaving this > section in 6962-bis. This will allow TLS clients to experiment with > different types of gossip without worrying that the log artifacts that > they're gossiping might be supercookies. > > I'd like to better understand EKR's concern with this section, so I can > propose better text. But I don't see any inline comments about this > section at https://mozphab-ietf.devsvcdev.mozaws.net/D13 (perhaps I'm > not using Phabricator correctly?). Also agree; although TBH I don't much care for the section text as is. Especially "Logs SHOULD mitigate this risk" - the risk is that the Log has done something bad - either by design or by accident. The 'mitigation' tries to address the accidental part; but not the design part. To me, it's basically saying "Logs may misbehave, so to avoid logs misbehaving, logs should do one of these two things." It seems like it would be better to say "Logs should not misbehave, and can make implementation choices that (should) prevent inadvertent misbehavior." -tom
- [Trans] Removing the Preventing Tracking Clients … Rob Stradling
- Re: [Trans] Removing the Preventing Tracking Clie… Andrew Ayer
- Re: [Trans] Removing the Preventing Tracking Clie… Linus Nordberg
- Re: [Trans] Removing the Preventing Tracking Clie… Tom Ritter