Re: [Wpack] On double-hashing (was: Re: About content-based origins)
Devin Mullins <twifkak@google.com> Wed, 01 April 2020 21:21 UTC
Return-Path: <twifkak@google.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2127D3A09D0 for <wpack@ietfa.amsl.com>; Wed, 1 Apr 2020 14:21:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urBlolugcZyX for <wpack@ietfa.amsl.com>; Wed, 1 Apr 2020 14:21:03 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 344023A08DD for <wpack@ietf.org>; Wed, 1 Apr 2020 14:20:49 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id h9so1779960wrc.8 for <wpack@ietf.org>; Wed, 01 Apr 2020 14:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JzmA7iUkmZgIZqbHgxRLpJmUZ5PMlbNvPPhmIEtymaw=; b=JindSICF1wa6BK7jzUq5wZORfbOBfqpR7NBKfBaf72asm7EMviV1Eq400ceDt3mdpn 9j4FAg7c5o4mrYKZUTcY9MoUcdfcK9kngc/MrdzavBG6PrNwU5ijzZ46taCK5+R2FJOK RfuXsZ1qxtk75HkBrCjhSbsMRvIN9Zo6uQsOYP/5TF84HfU1Q/ZwgWMXYRhk2JrcUvFD lt9hp/iEHAM1BSxm2Ljo/m+/H2NmSWqdO/pi32BWQ6FeT5ee1wKykIAFgRwGWObV3WYK MbB8NCf805jUWZwuWRdzfSyITsFFaRUlguPh623upUul0Nys+hdQ6J3/JyTaBfGv4zR9 2sEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JzmA7iUkmZgIZqbHgxRLpJmUZ5PMlbNvPPhmIEtymaw=; b=EzwtMrNAFkPGknj93zrt5qjjEzCxcRmlAhbBjVF6aqdiF9BuJMHgTRQjt4nJic5d3r JHmYHnyK16GNDE3XMTp/W9tHnTYwp9V6MpJwTTt8fruG6fqNg9K/7Ik61QeasfYqX32U WHUjnO6AK78Yyp0HUOAT9xfBQnAFzUHYEaVDgLKWRl8dkJOXaQqD5IKrxrYDW8vqMqpI /1wvtcB4nN7rk10ekLfNFyG6b8/1K0NwlQcwZzBmvdhS9baop7qMPhTqHJwsRndn9The gtGySZXZWBwtcnkTpmCEr+7vfXzhGcc37XxiYDp53Ve2s1HkwAG9mQeA+09l0J0WKZey HNbA==
X-Gm-Message-State: ANhLgQ3BF8aV3qvUamVJKb9qQhl1EzrojLMEYV6y5d0GUpm2hpwjSbz3 xT0BPfvVOrPqkuNTVoCKiyOzVLzq0IHyfnpaML+RCkAT
X-Google-Smtp-Source: ADFU+vtTCdubG5lo7AoJAD0s9KXDpiZhuYMQArtkrG3Km51VGAAdFZj0k6t0opAXy2oFg39jZEj4Fg6Pfdq+sMiFeIo=
X-Received: by 2002:a5d:68c4:: with SMTP id p4mr28320778wrw.308.1585776047366; Wed, 01 Apr 2020 14:20:47 -0700 (PDT)
MIME-Version: 1.0
References: <260dfc2f-8399-483e-859d-08f92821c823@www.fastmail.com> <CANjwSimZAkAC0JJBjUjZr4k0514QRqDxBReOkq_AGTeGJ2OTzQ@mail.gmail.com> <CANjwSiniWmO+pTfFOdxW9tasy_eQiUiGwWvTsWF2KGR8yGtXqA@mail.gmail.com> <32395446-c14e-4bca-9c09-4804934c487b@www.fastmail.com> <CANjwSikybC7tnkWJVYCGcE=mc9ScM5oFBP5HWjwtd8+-e1EPFg@mail.gmail.com> <0ae3f1b1-7133-4d12-bf6c-a1ee2c257218@www.fastmail.com> <CANjwSi=wC7wnyu0Yy6BXScXf9NomeMCaMY49sochEs92icYfEA@mail.gmail.com> <ffa1991d-77fa-4a1e-be93-ec98a2ce591e@www.fastmail.com>
In-Reply-To: <ffa1991d-77fa-4a1e-be93-ec98a2ce591e@www.fastmail.com>
From: Devin Mullins <twifkak@google.com>
Date: Wed, 01 Apr 2020 14:20:21 -0700
Message-ID: <CANjwSimErJURq2j2dcQ2wKpRNA8sBxqmfN1gs2sayer3_P5ptg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: wpack@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ffa37105a241417f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/NtjQJJ2UFwRQFNG2H4CqqcocS_Q>
Subject: Re: [Wpack] On double-hashing (was: Re: About content-based origins)
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 21:21:05 -0000
On Mon, Mar 30, 2020 at 8:44 PM Martin Thomson <mt@lowentropy.net> wrote: > Not really. The push can include the H(Content) and the site can > calculate H(H(C)). So the truncated hash only really limits the > information the client has to include, trading it for more from the > server. Since opening that issue, I'm not convinced that it is worth > pursuing for anything other than that trade-off (which is only a > maybe-optimization at best). > Ah, my assumption was that the UA could limit the number of options the server was allowed to respond with, thus weakly enforcing that others have the same content. The utility of that enforcement would depend on the RPS of the publisher's server, I suppose.
- [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] About content-based origins Ted Hardie
- Re: [Wpack] About content-based origins Ben Schwartz
- Re: [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] About content-based origins Devin Mullins
- [Wpack] Sec-Content-Origin clarification question… Ted Hardie
- Re: [Wpack] Sec-Content-Origin clarification ques… Devin Mullins
- Re: [Wpack] Sec-Content-Origin clarification ques… Jeffrey Yasskin
- [Wpack] On double-hashing (was: Re: About content… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] On double-hashing (was: Re: About con… Martin Thomson
- Re: [Wpack] About content-based origins Martin Thomson
- Re: [Wpack] On double-hashing (was: Re: About con… Devin Mullins
- Re: [Wpack] About content-based origins Devin Mullins
- Re: [Wpack] About content-based origins Martin Thomson