IETF Logo Mail Archive

Re: [Wpack] About content-based origins

Ted Hardie <ted.ietf@gmail.com> Tue, 24 March 2020 17:48 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D85E3A09AE for <wpack@ietfa.amsl.com>; Tue, 24 Mar 2020 10:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9RapdWfQ75t for <wpack@ietfa.amsl.com>; Tue, 24 Mar 2020 10:48:08 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AD623A0915 for <wpack@ietf.org>; Tue, 24 Mar 2020 10:48:07 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id j16so17912723otl.1 for <wpack@ietf.org>; Tue, 24 Mar 2020 10:48:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yBMAaQOHzVPv8SpeD2e+E4EQ03zWqkJm6fRwExYJ1RA=; b=LkpwqAsoQqtKForsKVhORhIT/l4tTRC0z9zNhjsEwi02VFboNABODN0LlmjCiOhwLy uugt5OiMpo2SE1uma8tChYbOitb39MjTWnie4n6UN0I6QB7A6sskKT2IsbhceQn0rc3W +9HL/aXK6rBEyzBx7++Lc6vVHUv4bt8b92I9B0V+Rj5DFMWmZKBe2VvW2O6G0ipIEHcR 4hHJa0NVOWZcq2xnFxYD4mU1F9bowYR824FhkS3jGqQ3ICmKuPn+M7NTvYAVHeD3nPGb zKHGhjNxnjVsjk5UwB9WkI7gj9XGpVYRui51ISaWLc8JYmUJUZGYuBMCXYKWtfMuVOcK S63g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yBMAaQOHzVPv8SpeD2e+E4EQ03zWqkJm6fRwExYJ1RA=; b=BnETH7Sh1v3xplK3YY0V3qVYRqEVhO5N8Hzu7M3/QoEcwMmwr903or0zBiXNKwoZHg wpAYqWFb0Dz+p5nWL5CY1EUKfId8O6c62WdU3Mon14vnc/UJMI4+mkksxGBMQCF2ux7a UYDm+oAUqPLeA0MGIafeEruAoSSye5xV5mNewcS9HXFO9aFzvbYXtC5DClvsGG+szPlm 3vu5Kf7ZKtNufCGtoxfDFc1hVyU0w8dB8wSIMDQqCmpwWsysjVyxt2NLOJ8R1VGDDpBn HCki3V7H6Ag//qO5m8RhJKrjiscLl5IQguN8I0T32asSfZk9e7prIwN3jsTub666Sxq0 26Nw==
X-Gm-Message-State: ANhLgQ37RGjbenfEhKV2XXLTnoRDKRhs2DVLi7tIIc+ERfadkNM5Z1Am z4BVdIPHi73vg/R9YtM5GpWuLzg15J/W9FW7IFhedg==
X-Google-Smtp-Source: ADFU+vvyExpVMu10aTIH3OoCCgK96dA8RWp5abOLn/qTAEBtcfJw8IFeB5vFWx+bY8FeoBOzY0XIfCNrJTXvtz7GDV0=
X-Received: by 2002:a9d:7397:: with SMTP id j23mr12549964otk.269.1585072086912; Tue, 24 Mar 2020 10:48:06 -0700 (PDT)
MIME-Version: 1.0
References: <260dfc2f-8399-483e-859d-08f92821c823@www.fastmail.com>
In-Reply-To: <260dfc2f-8399-483e-859d-08f92821c823@www.fastmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 24 Mar 2020 10:47:34 -0700
Message-ID: <CA+9kkMANYCD6N_kxDfLJtOXj679u1+NGhfDKREMk3P75efm19g@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: wpack@ietf.org
Content-Type: multipart/alternative; boundary="000000000000af13de05a19d5aaa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/AFAguN65bY96Ui4a8iffOUpayuo>
Subject: Re: [Wpack] About content-based origins
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 17:48:11 -0000

Hi Martin,

Thanks for your note.  A question in-line.

On Mon, Mar 23, 2020 at 5:34 PM Martin Thomson <mt@lowentropy.net> wrote:

> Ted's note prompted me to send a much-belated announcement (sorry folks, I
> forgot).
>
> The draft is here:
> https://tools.ietf.org/html/draft-thomson-wpack-content-origin-00
>
> A nicer version here:
>
> https://martinthomson.github.io/wpack-content/draft-thomson-wpack-content-origin.html
>
> This approach could a dramatically different approach to addressing the
> use cases set out in our charter.
>
> In short, this aims to address the core question of how offline content
> might *ultimately* be attributed to a web origin in a fundamentally
> different way.  There are two key concepts:
>
> 1. Content is given its own origin, using a new system for identification.
>
> 2. A target origin can "accept" content and state from one of these new
> origins.
>
>
I note that you did not include "hashing is a key element of
identification" in the key concepts here, despite it being pretty prominent
in the draft.  Is it something you consider fundamental here, or is it an
approach to demonstrate a method of achieving the two desiderata above?



> There are a lot of details here (read the draft), but the major advantage
> I see is that you don't have to make an offline decision about authority,
> and that means you can be offline for much longer (lifting the 7 day limit).
>
> I would personally describe this as a trade-off, rather than an
advantage.  The inability to make an offline decision about authority has
consequences for how different resources available to the client relate to
each other (e.g some come from a bundle and some from a cache).  To take an
unfortunately pressing example, let's assume a local authority has provided
a set of resources to local residents.  A new item is created and
distributed.  For those getting it via direct connection to the local
authority's server, the new item can be related to the other items.  With a
signed exchange and a signature verification, those receiving it
peer-to-peer can as well.  In a content-origin approach, my understanding
is that the new item could be received and displayed, but the ability to
integrate it with the rest of set is not active until the client can go
online and confirm with the local authority's serve that it verifies that
"ni:hashmumble" is the target.   The problem here for an offline client is
pretty serious, as it cannot determine whether the new resource is from the
local health authority or not.  If it updates information like a set of
symptoms or treatments, the consequences are large.

Have I missed something here?  If I have not, then this approach makes a
trade-off that limits its utility in ways that make peer-to-peer usage of
the approach problematic for use cases I personally care about it.  Others,
of course, may make other assessments of that trade-off.

regards,

Ted




> What it does have in common with signed exchanges approach is the need for
> a bundling format, but in its current form it is less dependent on the
> details of the format.  That might allow that to be simpler, but I'm sure
> that the need to mint new identifier types will more than make up for any
> slack there.
>
> The draft is quite rough.  I'm sure that it has the remnants of a few bad
> ideas still hanging around.  Ask questions if you think something is
> unclear.
>
> _______________________________________________
> Wpack mailing list
> Wpack@ietf.org
> https://www.ietf.org/mailman/listinfo/wpack
>

v2.23.0 | Report a Bug | By Email