[Wpack] [wpack] Minutes from the IETF105 side meeting
Yoav Weiss <yoav@yoav.ws> Tue, 23 July 2019 22:36 UTC
Return-Path: <yoav@yoav.ws>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40AE3120956 for <wpack@ietfa.amsl.com>; Tue, 23 Jul 2019 15:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6vzfSQKvXnz for <wpack@ietfa.amsl.com>; Tue, 23 Jul 2019 15:36:02 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BA4120352 for <wpack@ietf.org>; Tue, 23 Jul 2019 15:36:01 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id p17so44753019wrf.11 for <wpack@ietf.org>; Tue, 23 Jul 2019 15:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=OvuZPfxFXdgQ/oCkeFE/PT9ySRk0icP67OYQBB5QpYo=; b=x4vZ6low0thgLbsAWvLdmodG8v4buScwG7ImIkYrz8aXB6LMoQaFU2rOZNL05NrhKf EUzDnNltbh8rGub6DEA3iHhZvTYEn4N/dIvd5KQouekjxbbADhs27aJamug8hcIpURZP W1S90W6ZprAl/9OyfRlsGVjMEDnjFl2RVaWABksWR9tfCdB5U/crvEwdS4GeQK4hyIiy 67kfbAFi865GTHqq6BiYNRmv+asdSBRhTdCvLQ5P/QWtUSkn5X27hEVNP71ASenxxghD WsIOreOEFlHUocB9CtfiyU3+KfF/cLf1ZRJki6IQATEhNQ3UKATwwsvxaYX3jXmlhgp5 csww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OvuZPfxFXdgQ/oCkeFE/PT9ySRk0icP67OYQBB5QpYo=; b=H8G5e6Dukbg3rMPPhfn+K+kd2aQiuHt1IAPK34hbcEMjw1OPshQZ3WI4BaQtCV0k4j sTVUndY/erwzqMsH4kkD9SWRNXly4dMRTrJPPnnNHLnp/2XusdiNMoHTi6DbH662UMAk iufwFBFDm9Ntq5xhkYsr+LGzTBSScb8R+c/g9o/Wt6IwXz4oeoyyO/FjHgdjBV6LzUNt 6S2jmWOiOv8R1Mu0NK9ori0Bw2UPxytnsjqU3yfQVUV27nFLmUVKrA2xRRXdDRDHNdcP T+Kj/Sp8oeKqKE/O/Vanl+Y9lhOZfAcF4wIYLWKYszohk547m2cO/BHw92FWOMji8I/N ILMQ==
X-Gm-Message-State: APjAAAVy8Hvp4r1kelHb3CtgZfyo8kZ36VgGoGYsPyW4G82/ES66hxiu SpCRC9DJFvcdJ43TC8x2F5u+YEiP2e+WmLtb8Zau4xkyL0w=
X-Google-Smtp-Source: APXvYqyZIWEgxG2ajfHV70g1b9dKqJpZ79woYVloxsJwWBqqz28r1Bu6hZ3V0Mqj1lZF303fQ2evFvq2KpxKPnNFSCs=
X-Received: by 2002:adf:f94a:: with SMTP id q10mr59815226wrr.341.1563921359618; Tue, 23 Jul 2019 15:35:59 -0700 (PDT)
MIME-Version: 1.0
From: Yoav Weiss <yoav@yoav.ws>
Date: Tue, 23 Jul 2019 18:35:43 -0400
Message-ID: <CACj=BEhSh8o-2LTkzmxGPnPbiXzs7HTXyROhLmtORTxvO_eY3g@mail.gmail.com>
To: wpack@ietf.org
Content-Type: multipart/alternative; boundary="00000000000018e448058e60d115"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/OPwVCRvGrlFQCul-lRQNHwzJg3A>
Subject: [Wpack] [wpack] Minutes from the IETF105 side meeting
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 22:36:07 -0000
Hello all, Minutes from today's side meeting are now available <https://docs.google.com/a/google.com/document/d/e/2PACX-1vR-CltWycM5kelXF0M-eESSSN_cbOFI-v7no9SsMauL0YGqdgNOOB_Wsra0eJVEUdQy06wMlnqAXRP-/pub> . Copying them here for safe keeping: Web Packaging side meeting - IETF 105 Participants: Brad Lassey (Google), Greg Grothaus (Google), Devin Mullins (Google), Brian Trammell (Google), Ted Hardie (Google), Chris Wood (Apple), Tommy Pauly (Apple), Wendy Seltzer (W3C), Mark Nottingham (aka mnot; Fastly), Martin Thomson (Mozilla), Jeff Hodges (Google), Kinuko Yasuda (Google), Ryan Sleevi (Google), Eric Rescorla (aka EKR; Mozilla), Alissa Cooper (Cisco), Dan York (ISOC), Zahed Sarker (Ericsson), Rich Salz (Akamai), Mike Bishop, Lucas Pardue, Sam something, Spencer (University of Washington), Dan Gillmor (aka DKG; ACLU), Gail? something (ACLU), Ben Kaduk (Akamai), many more….. Jyasskin: Summary of workshop - Publishers were present. Seem like they like the concept of web packaging - Ted Hardie - Rightsmesh - a group in Canada working on peer to peer delivery of applications, not currently signed. Concerned about many of the same things, but come from a different Ecosystem. So maybe we can expand the context, to look at these other use-cases. - EKR - collective action problem - people whose content is being packaged now have an incentive to package it themselves - EKR - they need a mechanism to pickle TLS transactions - Jeffrey Yasskin - presented evidence that users want to share apps - Rich Salz- “not much worry” is overly positive. People were concerned. - Dan York - my takeaway: some people are looking for a discoverability thing, a common format to get your content to distributors. Others want availability (p2p, caching). Charter Discussion - Jeffrey Yasskin - identified a few essential use-cases and some opportunistic ones - Essential - Signed - P2P sharing and privacy preserving prefetch - Unsigned - user created untrusted web page - Opportunistic - Signed as HTTPS - to avoid censorship - Signed - books, security review, cross-CDN serving, Signature based SRI - Unsigned - faster subresource loading, archive, - Dan York - “discoverability” - getting into distribution platform to replace proprietary formats - Daniel Kahn Gilmore - Same as “privacy preserving prefetch” - Jeffrey - depends on which hop is involved. PPP is from client to cache and discoverability if from cache to server - Dan - Not really - Jeffrey - another use case “encrypted caches” - cache can hold non-public info - Ben Schwartz - creating widely-shared secrets is not great. If you don’t have many users, that’s not interesting. If you do, the key is widely shared. Interested in TLS forwarding design that would also resolve the privacy preserving prefetch - I do think the use case is interesting, but not by encrypting the cache content - DKG - a different argument, separable from the rest so people can work on that as a different project - EKR - useful to clarify the purpose of the use case. Purpose is not to conceal the request from the origin, but to restore caching that TLS broke. Millions of people download e.g. windows updates. Need to restore that. - Alissa Cooper (Cisco) - useful for content that’s not widely shared, as it can save bandwidth in some scenarios - Zaheed Sarker (Ericsson) - blind caching has many benefits, so would be good to revisit these use cases. We should look into this. - Brian Tramell - Another way to look at Web Packaging is turning the model from transport security to object security. Naively you can say your mime type is ….. - Ted - Dan wanted to create a single format. Can we decouple the signing from that format? - Mike Bishop - had a slide about adding a RTT to get something to origin. [encryption] is the only way to enforce that clients do it. - Jeffrey - can also force an RTT to regain trust - Mike - currently you publish something with an RTT, but CDNs can purge it if it has an error. Need the same here. - Ben Kaduk (Akamai) - changing from transport to object is a good way. But claiming the object is confidential will require thinking, as there are many side channels - Brian - not easy to do but easy to separate. From a project planning standpoint - tying together would give you one way to do caching and distribution. A lot of hairy details in the origin signing. And lots of them in encrypted caching. - Jeffrey - good input to charter discussion - Dan - so to understand, you think restoring caches is a separate thing? - Brian - this should not be a dependency on web packaging, but the other way around might be good - Dan - need to see how we do caching in a world of HTTPS? So the availability side of this is important. But I do see what you mean - C. Su (Hughes) - Discovery of caches is the hard problem - Ted - Even if all the content is public, the role here is distributor, not aggregator - Mnot - stand by the paper I submitted. Caching is not just the mechanism, also incentives. Useful for limited cases like OS package distribution. If you want to design this so that publishers have a very strong reason to do this, you need to design this while considering the incentives. Publishers need to opt-in to a system where a random cache can serve their content. Forward caching failed because people didn’t know whether to trust the quality of the cache. It’s a large hairy ball of a problem. - Kenji - Nothing that prevents JS or data fetches from the server - DKG - I think mnot said that publishers won’t participate unless they get metrics from users, and encryption mechanism are not about preventing a ping back - Mnot - they’d want to make sure content is served fast, available, integrity-protected, generally good UX. want to know how much was served, but not a lot of metrics. so more about quality of experience, unless we have something better than forward proxies. Publishers don’t want to think about that. Roberto Peon has a proposal (proxy.pac?) that can offer a better UX here. But it’s not “if we build it they will come” - Wendy Selzer - appreciate focusing on fewer use-cases as the core. it’s helpful to focus, rather than grow something that’s big and complex and serves none of the use cases very well. helps think about the threat model, etc. more clearly. - Spencer (UW) - incentives align. People going to TLS, but TLS is also used for content that’s not really secret. There’s a world of websites that use TLS just to ensure integrity - Jeffrey - none of the proposal is for discovery - Mnot - a lot of secondary use-cases, but I don’t think we should say much about them. not a fan of “hope-based standardization”. Should focus on the core use-case. Opportunistic use-cases should be buried in an appendix with a large warning - EKR - the use case of P2P sharing is required. Want to push back on the notion that websites use TLS for integrity. There’s a reason we enforce integrity cypher suites and why we think confidentiality is important (they’re hard to reason about, and users want confidentiality even if pubs don’t). click-tracking is bad. engineering things that reenforce that idiom is bad. - DKG - wanted to point out that the interest of the site operator is different from the user’s. Web sites operators don’t care about confidentiality, but users do. User expectations are not met today “because the web is a rolling privacy nightmare”. But it would be nice to meet some of them. Brian’s point about moving from transport to object is great. Binding the object model into the HTTPS origin scares me. I don’t understand all of the web. Much of the web’s security is devoted to understanding what the origin is. We built a lot centered on that model, and then changing the concept of origin shakes up all the things that are built on top of it. Would love to enumerate all the things that depend on the origin, and see if those work under object security. - Jeffrey - good segue - Brian - share the same kind of unease. Throwing all eggs into a single basket. Signing bits of data with the origin and them moving it somewhere else doesn’t seem too complex to reason about. It’s work that needs to be done, but should be in scope for the working group (he WG, unless it turns out to be super researchy). it needn’t be a precondition to starting the WG. - Mnot - is that a gating factor? - Brian - Not a gating factor, but some analysis is required, like TLS 1.3 - Brian - reasoning about encrypted caching is a lot harder. in signed exchanges, data & metadata move with each other. tracing the metadata through an encrypted caching system requires tracing where the key’s been and how it moves. potentially very many actors involved in key distribution. - MT - To go back to user expectations of privacy. There’s a massive degradation right now, that we need to stop. Click tracking is an emergent property of the web that some of us are unhappy about, and very difficult to remove. But taking a tilt at this use case wants to enshrine that in the architecture. Taking a property that has negative consequences and nail it down and commit to it. This makes me nervous. Up until this point I’ve been ambivalent about this, and this tips the point. It creates a new surface area for security issues. Up until now I was fairly confident that we’re not making things much worse, but this change that. - Ted: Interesting to think of side-meetings as dystopian selection mechanisms. I don’t think we have that much power to choose our dystopia, or else I wouldn’t get out of bed in the morning. “let’s make sure we keep current dystopia”. We can however understand our current model. Click tracking is a good example. We were talking about a mechanism to change security properties from transport to origin. But the mechanisms were also a combination of transport and application (headers). So we have to take the pieces from both transport and headers to move it here. That’s why we’re talking about signed exchanges and not a mime type that does the same. “Secured by a combination of an object and its origin, where origin doesn’t require transport”-ish… - EKR - Agree with Ted. Currently security model is a 5-10 year attempt to construct something out of an even worse dystopia. Almost understandable now, but it’s a very brittle system. - Jeffrey - when do we try a BoF. Too early would be a waste of time. Some questions that the bof presentation needs to answer. Want to find questions people think need answering - Mnot - start to form an opinion that this will be two BoFs, we need indication from Area Director. A BoF in Singapore would draw out questions that ADs need to answer and then we do a. . second one - Rich - saying “no” is not a waste of time; it’s scientific method. Also, Asia gets less attendance, so better participation if it’d be North America based... - Ben Schwartz - my impression is that there are different people with different use cases, each of them is complex with multiple components, one of which could be web packaging. Feel like nobody sketched those out in great detail - to compare packaging vs. no web packaging. Missing here to explain the net value of web packaging. e.g. community-based local caching; what it would take to be widely-used and viable. Would like to see that at the BoF - Alexey: tried hard to avoid the mic. You’re already effectively having a BoF, with a very constructive discussion. Let’s go for a BoF, and maybe we’d need to do this twice e.g. to narrow scope. Also, if not in Singapore, it won’t be my problem. (so don’t delay till Vancouver) - Alissa Cooper: Agree this is far more mature than most things we receive more most BoFs and WGs. There’s a lot of people who would be interested in that and are not in this room. Time to open to a wider audience. Publisher input: good to get that feedback on the list in the next 4-5 months. My sense of the workshop: more detailed questions about web security model; publishers don’t have a nuanced view on them. - You can get input from publishers on the list for higher level questions, and that’s fine - Mnot: agree. Publishers won’t show up but can comment on the list; would be nice to solicit more input. What Ben said, looking at other solutions and compare them, that would be a huge effort, so it’s not realistic to block on that. But e.g. blind caching is something people looked at it, so we can compare here. The solution there had many of the same tradeoffs. We decided not to do it, and it was a more mature proposal. So we can look at existing unsuccessful proposals. But it could be just implementer interest, but would be good to understand. - Dan - should move ahead. Main question is scoping and what we should focus on. Because there were so many use-cases we discussed. - Ben Kaduk - Heard interesting and important questions, but questions that don’t need to be answered before a BoF. But we need to recognize that these open questions can end up in a “no” - Sam - proposed non-goals? - Jeffrey - encrypted caches, math mesh - Jeffrey - heard strong advice to go for Singapore, so will start working on a draft charter