IETF Logo Mail Archive

Re: [Wpack] About content-based origins

Martin Thomson <mt@lowentropy.net> Mon, 06 April 2020 06:55 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D183A07C1 for <wpack@ietfa.amsl.com>; Sun, 5 Apr 2020 23:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=KOa9nNBc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=cgKFWoJE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nd878QykuHQr for <wpack@ietfa.amsl.com>; Sun, 5 Apr 2020 23:54:59 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E6F03A0794 for <wpack@ietf.org>; Sun, 5 Apr 2020 23:54:59 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 557B35C00F9; Mon, 6 Apr 2020 02:54:58 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Mon, 06 Apr 2020 02:54:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm1; bh=0axUn7LlQ3x6TrT0hTXwGfQpYXgx RW57OLYL5AcH13M=; b=KOa9nNBcaXkwbpuXei1bf1UVmlA5fIv4ZZNubD+DNSpw ghs5VzWuE055Rpthm/JfBjbWf7C8pEuQxyqKhZ3gSTQ4VgVXjcXP2JYRog/y6tWH UjjbCEK9yp/0/B5y+OY1rAjQ6CGNX9qmz5m4w4PIKJcwrzREK8KEl2vgWMR+CYa7 JziEXMG/goR7e22nwQIZQRe7nlz4mI2RFc8e0wrkWGoKDmw2kZkAMn5d4u/ZnOZR LBBM1CSmxyvCTbiCEZYEZcFqHHRoxiIlVme5g8UIAIRAwY7kzb3qLuxaXCYpqucU zsVeNZZ0dQRCZFykl4u8/FQo0g9tQPMNc8pjQ1Lh4g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=0axUn7 LlQ3x6TrT0hTXwGfQpYXgxRW57OLYL5AcH13M=; b=cgKFWoJEQUDhEntOJ9vJ2t Io+3ICaJzLFqULYfTCM9cOVpLmkDf+W4TlGx+u1gN0DXJU9ZZLZ4csEmedQCKB+x wucB7Mibcr+0jBdkZNp8X885PonsYkckgmAKjnEdoryHPDzTKdF+Hfdbp00LEyvE FDKjjXyeK2lGbLfqvKnwwHbO8+hDqe5aBMLU4wv7NhZMZOQADsTrk/LX3NlyKVLU a+55IbK0AYOyiAxrY6PAEmO2bs7e9CRDeOSFR5mFUCq8tHqL+3GtQYXSj+ly4MTD brEXg6ih9NdFt39otcWope9yqMwE+6IPBa+AIiHwyn0wt50SxjrqjP0v3BMH2FeQ ==
X-ME-Sender: <xms:QtKKXparT3tRf7T8RVWPrV3ruFpMPRZ0skWyP4iILOCYDUnrAeGCyA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedruddvgdduudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:QtKKXsbQFDhOUq-SG5tHYUzCYUC57gYvNqtmHhjLWTEerhyh_EuPPA> <xmx:QtKKXuIYukG5vqlSdOvbInR5O1Ayr1NmCyoRVf0179Glhd2bC-bTew> <xmx:QtKKXouEo002QwERDVCTdtXmqITXE8Z7F9jFuiMmVmxSgeSlZsw4Gw> <xmx:QtKKXv5FAyNWN91wmE_FeSBZ6Talz3snYazCULY7ULsbH23zmobOMQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1D551E00B1; Mon, 6 Apr 2020 02:54:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1084-gdc5e709-fmstable-20200406v2
Mime-Version: 1.0
Message-Id: <bf8190a8-5e64-47d7-b527-a65a1ad518af@www.fastmail.com>
In-Reply-To: <CANjwSik10FB4WJDcJvs6usV-Sf7cLkq82jShb+_U3ONMb8_ThQ@mail.gmail.com>
References: <260dfc2f-8399-483e-859d-08f92821c823@www.fastmail.com> <CANjwSimZAkAC0JJBjUjZr4k0514QRqDxBReOkq_AGTeGJ2OTzQ@mail.gmail.com> <defb6ae4-2e3c-4c89-9849-2991ac875049@www.fastmail.com> <CANjwSik10FB4WJDcJvs6usV-Sf7cLkq82jShb+_U3ONMb8_ThQ@mail.gmail.com>
Date: Mon, 06 Apr 2020 16:54:36 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Devin Mullins <twifkak@google.com>
Cc: wpack@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/hL_5A8vVYGu2XPUlhi1U1FWr4uQ>
Subject: Re: [Wpack] About content-based origins
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 06:55:02 -0000

On Sat, Apr 4, 2020, at 09:59, Devin Mullins wrote:
> For experiments, I think the origin would want a way to opt into 
> sharing some subset of its state with this co-extant origin, before 
> Sec-CO response (e.g. for those middle-of-session pageviews). 
> Otherwise, it has to delay rendering or risk generating a session 
> should be excluded from analysis.
> Similar for consent.

There is nothing that is inherent to the design that prevents content from talking to its target origin (or any other origin for that matter).  What might cause that to be limited is policies that a browser might apply to those interactions.  For instance, in the AMP case, the entire point is to prevent that sort of communication because that might allow a publisher to exfiltrate information about the linking context prior to a decision to activate a link.

Assuming that the transfer of state to a target origin is under programmatic control, then any number of things might occur prior to that.  Even if you assume minimal communication, you might allow content to specify query parameters on the request to transfer.
 
> For analytics & origin-based ACLs, their libraries/services would need 
> code changes (either to defer requests until origin is correct, or to 
> accept some alternate attestation of origin). My guess is that, even 
> outside of AMP, these are usually rolling releases [1], and thus 
> changes would be largely achievable. Just a guess.

The deployment question is separate than one you might make about target origin.  Content that is served from A might falsely claim a target origin of B, so you would have to allow the server that applies the ACL to decide not to accept the request.  Assuming with an assumption that this sort of request would be denied might be OK.

For deployment, yeah, I expect that if there is enough demand for this, then the providers of fonts and other such things would be motivated to enable this interaction and could do so relatively easily.

> It occurred to me it may be possible for a bundling service to 
> determine whether a page uses state, with ~0 false negatives.

That seems right; you could probably get a long way the way you describe.  You could maybe also do this empirically: load pages with an extension that shimmed out those APIs that relate to state and log uses with some false negatives.  Browsers could help with this by hooking that analysis into the reporting API, or by supporting CSP rules that constrained use and generated reports on violations.

v2.23.0 | Report a Bug | By Email