[Wpack] [wpack] Minutes from the IETF105 side meeting

Yoav Weiss <yoav@yoav.ws> Tue, 23 July 2019 22:36 UTC

Return-Path: <yoav@yoav.ws>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 40AE3120956 for <wpack@ietfa.amsl.com>; Tue, 23 Jul 2019 15:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id L6vzfSQKvXnz for <wpack@ietfa.amsl.com>; Tue, 23 Jul 2019 15:36:02 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BA4120352 for <wpack@ietf.org>; Tue, 23 Jul 2019 15:36:01 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id p17so44753019wrf.11 for <wpack@ietf.org>; Tue, 23 Jul 2019 15:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=OvuZPfxFXdgQ/oCkeFE/PT9ySRk0icP67OYQBB5QpYo=; b=x4vZ6low0thgLbsAWvLdmodG8v4buScwG7ImIkYrz8aXB6LMoQaFU2rOZNL05NrhKf EUzDnNltbh8rGub6DEA3iHhZvTYEn4N/dIvd5KQouekjxbbADhs27aJamug8hcIpURZP W1S90W6ZprAl/9OyfRlsGVjMEDnjFl2RVaWABksWR9tfCdB5U/crvEwdS4GeQK4hyIiy 67kfbAFi865GTHqq6BiYNRmv+asdSBRhTdCvLQ5P/QWtUSkn5X27hEVNP71ASenxxghD WsIOreOEFlHUocB9CtfiyU3+KfF/cLf1ZRJki6IQATEhNQ3UKATwwsvxaYX3jXmlhgp5 csww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OvuZPfxFXdgQ/oCkeFE/PT9ySRk0icP67OYQBB5QpYo=; b=H8G5e6Dukbg3rMPPhfn+K+kd2aQiuHt1IAPK34hbcEMjw1OPshQZ3WI4BaQtCV0k4j sTVUndY/erwzqMsH4kkD9SWRNXly4dMRTrJPPnnNHLnp/2XusdiNMoHTi6DbH662UMAk iufwFBFDm9Ntq5xhkYsr+LGzTBSScb8R+c/g9o/Wt6IwXz4oeoyyO/FjHgdjBV6LzUNt 6S2jmWOiOv8R1Mu0NK9ori0Bw2UPxytnsjqU3yfQVUV27nFLmUVKrA2xRRXdDRDHNdcP T+Kj/Sp8oeKqKE/O/Vanl+Y9lhOZfAcF4wIYLWKYszohk547m2cO/BHw92FWOMji8I/N ILMQ==
X-Gm-Message-State: APjAAAVy8Hvp4r1kelHb3CtgZfyo8kZ36VgGoGYsPyW4G82/ES66hxiu SpCRC9DJFvcdJ43TC8x2F5u+YEiP2e+WmLtb8Zau4xkyL0w=
X-Google-Smtp-Source: APXvYqyZIWEgxG2ajfHV70g1b9dKqJpZ79woYVloxsJwWBqqz28r1Bu6hZ3V0Mqj1lZF303fQ2evFvq2KpxKPnNFSCs=
X-Received: by 2002:adf:f94a:: with SMTP id q10mr59815226wrr.341.1563921359618; Tue, 23 Jul 2019 15:35:59 -0700 (PDT)
MIME-Version: 1.0
From: Yoav Weiss <yoav@yoav.ws>
Date: Tue, 23 Jul 2019 18:35:43 -0400
Message-ID: <CACj=BEhSh8o-2LTkzmxGPnPbiXzs7HTXyROhLmtORTxvO_eY3g@mail.gmail.com>
To: wpack@ietf.org
Content-Type: multipart/alternative; boundary="00000000000018e448058e60d115"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/OPwVCRvGrlFQCul-lRQNHwzJg3A>
Subject: [Wpack] [wpack] Minutes from the IETF105 side meeting
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 22:36:07 -0000

Hello all,

Minutes from today's side meeting are now available

Copying them here for safe keeping:
Web Packaging side meeting - IETF 105


Brad Lassey (Google), Greg Grothaus (Google), Devin Mullins (Google), Brian
Trammell (Google), Ted Hardie (Google), Chris Wood (Apple),

Tommy Pauly (Apple), Wendy Seltzer (W3C), Mark Nottingham (aka mnot;
Fastly), Martin Thomson (Mozilla), Jeff Hodges (Google), Kinuko Yasuda
(Google), Ryan Sleevi (Google), Eric Rescorla (aka EKR; Mozilla), Alissa
Cooper (Cisco), Dan York (ISOC), Zahed Sarker (Ericsson), Rich Salz
(Akamai),  Mike Bishop, Lucas Pardue, Sam something, Spencer (University of
Washington), Dan Gillmor (aka DKG; ACLU), Gail? something (ACLU), Ben Kaduk

many more…..


Summary of workshop

   - Publishers were present. Seem like they like the concept of web
   - Ted Hardie - Rightsmesh - a group in Canada working on peer to peer
   delivery of applications, not currently signed. Concerned about many of the
   same things, but come from a different Ecosystem. So maybe we can expand
   the context, to look at these other use-cases.
   - EKR - collective action problem - people whose content is being
   packaged now have an incentive to package it themselves
   - EKR - they need a mechanism to pickle TLS transactions
   - Jeffrey Yasskin - presented evidence that users want to share apps
   - Rich Salz- “not much worry” is overly positive. People were concerned.
   - Dan York - my takeaway: some people are looking for a discoverability
   thing, a common format to get your content to distributors. Others want
   availability (p2p, caching).

Charter Discussion

   - Jeffrey Yasskin - identified a few essential use-cases and some
   opportunistic ones

   - Essential

   - Signed - P2P sharing and privacy preserving prefetch
   - Unsigned - user created untrusted web page

   - Opportunistic

   - Signed as HTTPS -  to avoid censorship
   - Signed - books, security review, cross-CDN serving, Signature based SRI
   - Unsigned - faster subresource loading, archive,

   - Dan York - “discoverability” - getting into distribution platform to
   replace proprietary formats
   - Daniel Kahn Gilmore - Same as “privacy preserving prefetch”
   - Jeffrey - depends on which hop is involved. PPP is from client to
   cache and discoverability if from cache to server
   - Dan - Not really
   - Jeffrey - another use case “encrypted caches” - cache can hold
   non-public info
   - Ben Schwartz - creating widely-shared secrets is not great. If you
   don’t have many users, that’s not interesting. If you do, the key is widely
   shared. Interested in TLS forwarding design that would also resolve the
   privacy preserving prefetch

   - I do think the use case is interesting, but not by encrypting the
   cache content

   - DKG - a different argument, separable from the rest so people can work
   on that as a different project
   - EKR - useful to clarify the purpose of the use case. Purpose is not to
   conceal the request from the origin, but to restore caching that TLS broke.
   Millions of people download e.g. windows updates. Need to restore that.
   - Alissa Cooper (Cisco) - useful for content that’s not widely shared,
   as it can save bandwidth in some scenarios
   - Zaheed Sarker (Ericsson) - blind caching has many benefits, so would
   be good to revisit these use cases. We should look into this.
   - Brian Tramell - Another way to look at Web Packaging is turning the
   model from transport security to object security. Naively you can say your
   mime type is …..
   - Ted - Dan wanted to create a single format. Can we decouple the
   signing from that format?
   - Mike Bishop - had a slide about adding a RTT to get something to
   origin. [encryption] is the only way to enforce that clients do it.
   - Jeffrey - can also force an RTT to regain trust
   - Mike - currently you publish something with an RTT, but CDNs can purge
   it if it has an error. Need the same here.
   - Ben Kaduk (Akamai) - changing from transport to object is a good way.
   But claiming the object is confidential will require thinking, as there are
   many side channels
   - Brian - not easy to do but easy to separate. From a project planning
   standpoint - tying together would give you one way to do caching and
   distribution. A lot of hairy details in the origin signing. And lots of
   them in encrypted caching.
   - Jeffrey - good input to charter discussion
   - Dan - so to understand, you think restoring caches is a separate thing?
   - Brian - this should not be a dependency on web packaging, but the
   other way around might be good
   - Dan - need to see how we do caching in a world of HTTPS? So the
   availability side of this is important. But I do see what you mean
   - C. Su (Hughes) - Discovery of caches is the hard problem
   - Ted - Even if all the content is public, the role here is distributor,
   not aggregator
   - Mnot - stand by the paper I submitted. Caching is not just the
   mechanism, also incentives. Useful for limited cases like OS package
   distribution. If you want to design this so that publishers have a very
   strong reason to do this, you need to design this while considering the
   incentives. Publishers need to opt-in to a system where a random cache can
   serve their content. Forward caching failed because people didn’t know
   whether to trust the quality of the cache. It’s a large hairy ball of a
   - Kenji - Nothing that prevents JS or data fetches from the server
   - DKG - I think mnot said that publishers won’t participate unless they
   get metrics from users, and encryption mechanism are not about preventing a
   ping back
   - Mnot - they’d want to make sure content is served fast, available,
   integrity-protected, generally good UX.  want to know how much was served,
   but not a lot of metrics. so more about quality of experience, unless we
   have something better than forward proxies. Publishers don’t want to think
   about that. Roberto Peon has a proposal (proxy.pac?) that can offer a
   better UX here. But it’s not “if we build it they will come”
   - Wendy Selzer - appreciate focusing on fewer use-cases as the core.
   it’s helpful to focus, rather than grow something that’s big and complex
   and serves none of the use cases very well. helps think about the threat
   model, etc. more clearly.
   - Spencer (UW) - incentives align. People going to TLS, but TLS is also
   used for content that’s not really secret. There’s a world of websites that
   use TLS just to ensure integrity
   - Jeffrey - none of the proposal is for discovery
   - Mnot - a lot of secondary use-cases, but I don’t think we should say
   much about them. not a fan of “hope-based standardization”. Should focus on
   the core use-case. Opportunistic use-cases should be buried in an appendix
   with a large warning
   - EKR - the use case of P2P sharing is required. Want to push back on
   the notion that websites use TLS for integrity. There’s a reason we enforce
   integrity cypher suites and why we think confidentiality is important
   (they’re hard to reason about, and users want confidentiality even if pubs
   don’t).  click-tracking is bad. engineering things that reenforce that
   idiom is bad.
   - DKG - wanted to point out that the interest of the site operator is
   different from the user’s. Web sites operators don’t care about
   confidentiality, but users do. User expectations are not met today “because
   the web is a rolling privacy nightmare”. But it would be nice to meet some
   of them. Brian’s point about moving from transport to object is great.
   Binding the object model into the HTTPS origin scares me. I don’t
   understand all of the web. Much of the web’s security is devoted to
   understanding what the origin is. We built a lot centered on that model,
   and then changing the concept of origin shakes up all the things that are
   built on top of it. Would love to enumerate all the things that depend on
   the origin, and see if those work under object security.
   - Jeffrey - good segue
   - Brian - share the same kind of unease. Throwing all eggs into a single
   basket. Signing bits of data with the origin and them moving it somewhere
   else doesn’t seem too complex to reason about. It’s work that needs to be
   done, but should be in scope for the working group (he WG, unless it turns
   out to be super researchy). it needn’t be a precondition to starting the WG.
   - Mnot - is that a gating factor?
   - Brian - Not a gating factor, but some analysis is required, like TLS
   - Brian - reasoning about encrypted caching is a lot harder. in signed
   exchanges, data & metadata move with each other. tracing the metadata
   through an encrypted caching system requires tracing where the key’s been
   and how it moves. potentially very many actors involved in key distribution.
   - MT - To go back to user expectations of privacy. There’s a massive
   degradation right now, that we need to stop. Click tracking is an emergent
   property of the web that some of us are unhappy about, and very difficult
   to remove. But taking a tilt at this use case wants to enshrine that in the
   architecture. Taking a property that has negative consequences and nail it
   down and commit to it. This makes me nervous. Up until this point I’ve been
   ambivalent about this, and this tips the point. It creates a new surface
   area for security issues. Up until now I was fairly confident that we’re
   not making things much worse, but this change that.
   - Ted: Interesting to think of side-meetings as dystopian selection
   mechanisms. I don’t think we have that much power to choose our dystopia,
   or else I wouldn’t get out of bed in the morning. “let’s make sure we keep
   current dystopia”. We can however understand our current model. Click
   tracking is a good example. We were talking about a mechanism to change
   security properties from transport to origin. But the mechanisms were also
   a combination of transport and application (headers). So we have to take
   the pieces from both transport and headers to move it here. That’s why
   we’re talking about signed exchanges and not a mime type that does the
   same. “Secured by a combination of an object and its origin, where origin
   doesn’t require transport”-ish…
   - EKR - Agree with Ted. Currently security model is a 5-10 year attempt
   to construct something out of an even worse dystopia. Almost understandable
   now, but it’s a very brittle system.
   - Jeffrey - when do we try a BoF. Too early would be a waste of time.
   Some questions that the bof presentation needs to answer. Want to find
   questions people think need answering
   - Mnot - start to form an opinion that this will be two BoFs, we need
   indication from Area Director. A BoF in Singapore would draw out questions
   that ADs need to answer and then we do a. . second one
   - Rich - saying “no” is not a waste of time; it’s scientific method.
   Also, Asia gets less attendance, so better participation if it’d be North
   America based...
   - Ben Schwartz - my impression is that there are different people with
   different use cases, each of them is complex with multiple components, one
   of which could be web packaging. Feel like nobody sketched those out in
   great detail - to compare packaging vs. no web packaging. Missing here to
   explain the net value of web packaging. e.g. community-based local caching;
   what it would take to be widely-used and viable. Would like to see that at
   the BoF
   - Alexey: tried hard to avoid the mic. You’re already effectively having
   a BoF, with a very constructive discussion. Let’s go for a BoF, and maybe
   we’d need to do this twice e.g. to narrow scope. Also, if not in Singapore,
   it won’t be my problem. (so don’t delay till Vancouver)
   - Alissa Cooper: Agree this is far more mature than most things we
   receive more most BoFs and WGs. There’s a lot of people who would be
   interested in that and are not in this room. Time to open to a wider
   audience. Publisher input: good to get that feedback on the list in the
   next 4-5 months. My sense of the workshop: more detailed questions about
   web security model; publishers don’t have a nuanced view on them.
   - You can get input from publishers on the list for higher level
   questions, and that’s fine
   - Mnot: agree. Publishers won’t show up but can comment on the list;
   would be nice to solicit more input. What Ben said, looking at other
   solutions and compare them, that would be a huge effort, so it’s not
   realistic to block on that. But e.g. blind caching is something people
   looked at it, so we can compare here. The solution there had many of the
   same tradeoffs. We decided not to do it, and it was a more mature proposal.
   So we can look at existing unsuccessful proposals. But it could be just
   implementer interest, but would be good to understand.
   - Dan - should move ahead. Main question is scoping and what we should
   focus on. Because there were so many use-cases we discussed.
   - Ben Kaduk - Heard interesting and important questions, but questions
   that don’t need to be answered before a BoF. But we need to recognize that
   these open questions can end up in a “no”
   - Sam - proposed non-goals?
   - Jeffrey - encrypted caches, math mesh
   - Jeffrey - heard strong advice to go for Singapore, so will start
   working on a draft charter