Standards on Guardian Project

IETF119 Conference Report: Monday March 18, 2024

Mon, 18 Mar 2024 00:00:00 +0000

It’s Opening Day of the 119th IETF meeting in Brisbane Australia. This post commences a daily rundown of privacy and Internet Freedom activities at this IETF meeting. For the rundown on IETF119 Hackathon, see my Hackathon report

Dispatch

IETF meetings don’t often kick off with the open dispatch but this time it happened. Dispatch sessions are meant to help specification authors find a home for their work if a home isn’t obvious. There are two classes of dispatch request:

IETF119 Conference Report: Hackathon March 17, 2024

Sun, 17 Mar 2024 00:00:00 +0000

Hackathon Weekend at the 119th IETF meeting in Brisbane Australia. This post commences a daily rundown of privacy and Internet Freedom activities at this IETF meeting.

IETF’s Hackathon, held at each face-to-face IETF meeting, is designed to encourage interoperability testing of standards under development. See this meeting’s wiki page for a description ofthis year’s twenty-four projects.

The The HTTP Signature Authentication Scheme has been winding its way through the HTTPbis Working Group since being adopted as a Working Group draft in July 2022. This work proposes a mechanism by which HTTP servers can offer authenticated resources without telegraphing they do so (thus resisting probing attacks).

IETF116 Conference Report: Friday March 31, 2023

Tue, 04 Apr 2023 00:00:00 +0000

Day Five of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Four, see my daily report.

With a lot of focus on privacy with respect to Internet protocols, novel new cryptography schemes are an important requirement for new protocol designs. For example, Privacy Preserving Measurement is relying on new cryptography to support distributed aggregation of a wide range of measurements in the advertising domain as well as application telemetry. Privacy Pass is relying on new cryptography to allow web browsing across the broad Internet after a single, lightweight authentication to an authority. IETF Working Groups are encouraged to work with the Crypto Forum Research Group of the Internet Research Task Force (IRTF) to develop, test and refine new cryptography techniques that meet defined security/privacy goals and can scale for Internet-wide use.

IETF116 Conference Report: Thursday March 30, 2023

Thu, 30 Mar 2023 00:00:00 +0000

Day Four of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Three, see my daily report.

The IETF is getting serious about interoperability among messaging services (this might have had something to do with it). The charter for the Messaging Layer Security Working Group (MLS) specifically excluded interoperability, though the group organized a draft that addressed the basic concepts that would allow MLS-compatible systems to federate. In early 2023, a new Working Group - More Instant Messaging Interoperability (MIMI) - was chartered to expand on the MLS federation work. Given IETF’s relatively long and somewhat checkered history with messaging, the Working Group’s charter included this reminder to itself:

IETF116 Conference Report: Wednesday March 29, 2023

Thu, 30 Mar 2023 00:00:00 +0000

Day Three of the 116th IETF meeting in Yokohama Japan. For the rundown on Day Two, see my daily report.

The long-running work on MASQUE - proxying all network-layer datatypes over QUIC (HTTP/3) - is nearing completion, with the specification for Proxying IP in HTTP in IESG review. With these components in place, the original MASQUE concept - a non-probable relay for client traffic providing privacy guarantees - has been revived, now defined within the new framework and leveraging HTTP Unprompted Authentication.

IETF116 Conference Report: Tuesday March 28, 2023

Wed, 29 Mar 2023 00:00:00 +0000

Day Two of the 116th IETF meeting in Yokohama Japan. For the rundown on Day One, see my daily report.

The OHAI Working Group has submitted the core draft of Oblivious HTTP Application Intermediation to the RFC Editor for editorial finalization and publication. OHAI is designed to support transational uses of the HTTP protocol that seek IP address privacy (by means of a relay pair, one associated with the client and one associated with the target resource). The target resource is, thus, said to be oblivious to the requester’s IP address. While the initially-imagined use case for OHAI was access to the DNS service (with some in the IETF feeling DNS-over-HTTP did not go far enough to protect user privacy), the dominant use case imagined today is telemetry - monitoring vendor-, application- or operating system-defined usage parameters on centralized systems.

IETF116 Conference Report: Monday March 27, 2023

Tue, 28 Mar 2023 00:00:00 +0000

This post begins a daily blog, live from the 116th meeting of the Internet Engineering Task Force in Yokohama, Japan, March 25-31, 2023. We’re focusing on standards activities of importance to the Internet Freedom community.

Since IETF114 (report), the Privacy Preserving Measurement Working Group has been deliberating over two distinct proposals offering very different technical methodologies for undertaking measurement activities while respecting user privacy. STAR offers an approach called k-anonymity - reporting a measurement value only if k or more parties are also reporting the same value. This approach theoretically prevents rare values being used to single-out individuals. Distributed Aggregation Protocol, DAP, uses an approach that distributes individual measures across a set of aggregators, none of which gets to see all the granular measurement data - the fully-aggregated total only seen by the third-party who requested it (who, in turn, gets to see none of the granular measurements). At IETF116 we’re learning about the operational experience with these technologies, with multiple implementations of both running in different testbeds. Performance analysis has also been undertaken.

IETF114 Conference Report: Friday July 29, 2022

Fri, 29 Jul 2022 00:00:00 +0000

Day Five of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Four, see my daily report.

A quiet day today with only the Messaging Layer Security Working Group holding its session. Draft 16 of the MLS protocol completed last-call in mid-July and has been submitted for review after significant technical and editorial feedback from the working group. Are we getting close (again)? The MLS Architecture document was lightly revised and version 8 submitted for review. Two new drafts were presented: MLS Content Negotiation and MLS Extensions. The former has yet to be adopted as a Working Group item, but the latter was adopted during IETF114 (before the MLS session, over the mailing list).

IETF114 Conference Report: Thursday July 28, 2022

Thu, 28 Jul 2022 00:00:00 +0000

Day Four of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Three, see my daily report.

At IETF112 (online) a formal Birds of a Feather (BoF) session was held on the concept of Privacy Preserving Measurement. A Working Group was chartered and, at IETF113 in Vienna, we were treated to an incredibly detailed presentation on Prio, an academic concept for supporting privacy in the context of Internet-scale measurement. Quickly following that presentation was an IETF proposal for a defined protocol for distributed aggregation of measurement data, based on Prio’s core concepts and using a range of cryptographic and system architecture techniques to separate measurements from the identities of the human users being measured.

IETF114 Conference Report: Wednesday July 27, 2022

Wed, 27 Jul 2022 00:00:00 +0000

*Day Three of the 114th IETF meeting in Philadelphia USA. For the rundown on Day Two, see my daily report.

Interest is starting to consolidate on the need for additional definition for serving media over the QUIC transport layer, particularly for streaming and conferencing applications. Following an informal gathering at IETF113 in March 2022, a formal Birds of Feather session met today with a draft charter proposal and two draft documents describing the intended use cases and a protocol. Here’s a more visual overview. There was broad concensus (at this well-attended session) as to the need for this work, but a split between one camp that sought a much narrower set of use cases (not wanting to boil the Internet as it were) and another who wanted to solve this problem once. This will be addressed as the BoF leaders work towards a vote on chartering the effort. Either way, this is substantial work ahead. I mention this here not so much in the realm of privacy as to look towards a future where QUIC’s efficiency and scalability benefits might make media-rich services available to those of lesser economic means or with mediocre connectivity.

IETF114 Conference Report: Tuesday July 26, 2022

Tue, 26 Jul 2022 00:00:00 +0000

Day Two of the 114th IETF meeting in Philadelphia USA. For the rundown on Day One, see my daily report.

Lucas Pardue, of Cloudflare and co-chair of the QUIC Working Group, gave a not-so-tongue-in-cheek talk about the breakdown of the OSI layering model of the Internet. His focus was on the top of the stack, illustrating handsomely what QUIC and HTTP/3 have done (unknowingly to most) to our perception of layers. A key challenge: tools for HTTP/1 are widely available and the protocol and its impacts are widely understood. HTTP/2 and HTTP/3? Not so much (both are binary, not text-based, protocols). Yet, here in mid-2022, the world of the Internet is predominantly (91%!) HTTP/2 and HTTP/3 traffic. Similarly, TLS/1.3 and QUIC represent 87% of traffic. And many of the now-being-standardized protocols for privacy insert several layers of proxy into every transaction. From a sound knowledge perspective, we seem to have taken a rather quick, and rather deep, step backwards.

IETF114 Conference Report: Monday July 25, 2022

Mon, 25 Jul 2022 00:00:00 +0000

Day One of the 114th IETF meeting in Philadelphia USA.

With privacy a key consideration in new protocol design, cryptography has become a major focus of IETF activities. The Internet Research Task Force (IRTF) has the Crypto Forum Research Group where new cryptography schemes are brought forward and vetted for use in IETF protocols. Well, new is a misnomer. Much of the mathematics has long been defined, at least at its core, and the work is rather being brought into the IETF context where important engineering considerations apply: use of memory (at rest or in flight), processing required, round-trips required, etc.. Of significance at this meeting, mechanisms for blinding a digitial signature are in high demand given the prevalence of multi-tiered approaches to privacy (that is, approaches that insert one or more proxies between entities in a transaction). Something similar is in the works for cryptographic keys. A number of IETF protocol specifications, still in development, are in line to receive these mathematical gems including Privacy Pass, Private Access Tokens, Oblivious HTTP Application Intermediation and others. An excellent summary of the National Institute for Standards and Technology (NIST) Post-Quantum Cryptography contest was also provided. The topic itself, let alone the solutions chosen, is not for the weak-kneed.

IETF114 Hackathon Report: Sunday July 24, 2022

Sun, 24 Jul 2022 00:00:00 +0000

This post begins a daily blog, live from the 114th meeting of the Internet Engineering Task Force in Philadelpha Pennsylvania USA, July 23-29, 2022 (in-person meetings having restarted in March 2022 after the COVID pandemic abated). We’re focusing on standards activities of importance to the Internet Freedom community.

The Hackathon event kicks off each IETF event, with projects that run the gamut from early implementations of just-emerging specifications to full multi-vendor interoperability testing of nearly-mature protocols. At this event, I sat in on the MASQUE team’s effort to commence work on the new CONNECT-IP specification. With the recent completion of two key specifications - CONNECT-UDP and H3 Datagrams - MASQUE has become IETF’s solution for proxying all types of network traffic over QUIC and HTTP/3, including VPN and other privacy-focused scenarios. CONNECT-IP will complete the trio. But this initial effort didn’t go well. Google and Ericcson (co-authors on the spec) had brought teams who, indeed, implemented the key protocol elements of CONNECT-IP live and in-the-moment but were both stymied setting up testbeds that could deliver raw IP packets for routing by this new code. Wait, you might say, aren’t these network engineers? True, but it was mostly the practicalities that got in the way - only laptops as test machines, working from the open source QUICHE repository on a machine that also hosts an environment for building production code, even deciding what sort of packets could be used for testing and where to route them. These are the frustrations of a first-ever effort.

IETF113 Conference Report: Friday March 25, 2022

Mon, 28 Mar 2022 00:00:00 +0000

Final day of the 113th IETF meeting, in Vienna Austria.

The IETF is looking to make a clear contribution to the problem of hyper-aggressive measurement of user activities on the Internet and the many misuses thereof. To do so, the IETF recognizes that some measurement is important but that many desirable measurements require data most people consider sensitive. It also recognizes that aggregated measurements often provide the most value, rather than individual ones. Yet, today, parties interested in measurement need to collect and store individual records in order to aggregate them, exposing themselves to potential violations of their privacy agreements with users (or governments) and to theft of that data by outsiders. Instead, IETF is looking at ways this aggregation can be managed in ways that protect user privacy while still providing much of the statistical power needed. The Privacy Preserving Measurement Working Group has formed.

IETF113 Conference Report: Thursday March 24, 2022

Sun, 27 Mar 2022 00:00:00 +0000

Day four of the 113th IETF meeting, in Vienna Austria.

Privacy Pass - originating at Cloudflare in 2017 as a solution to user frustration with CAPTCHA - has been in full swing as an IETF activity since mid-2020. Privacy Pass allows a client to solve some form of validity check (a CAPTCHA, a puzzle, a user-pass authentication) to then receive some number of tokens to be used at websites accepting Privacy Pass, thus eliminating the need to do a CAPTCHA at each site. Sites hosted on large CDNs like Cloudflare benefit (Cloudflare provides the service for them) and users get a more convenient experience. Users accessing the Internet through Tor are even more positively affected since they are most prone to CAPTCHA. Privacy Pass is now in Version 3 and working to support a multi-issuer environment to provide another uplift to the user experience (tokens can be validated across issuers). Just prior to this IETF meeting, a standardized mechanism for exchanging Privacy Pass tokens was adopted by the Working Group - The Privacy Pass HTTP Authentication Scheme. Both request and response mechanisms are provided so that use of (or demand for) the token can be either server- or client-initiated. Going forward, it will be interesting to see if Privacy Pass benefits mostly the web browsing environment or finds its way into applications using HTTP as a substrate for richer styles of interaction.

IETF113 Conference Report: Wednesday March 23, 2022

Sat, 26 Mar 2022 00:00:00 +0000

Day three of the 113th IETF meeting, in Vienna Austria.

Messaging Layer Security (MLS) is (finally) closing in on Last Call at protocol Draft 14 and architecture Draft 7 (which will be taken forward together). Sometimes referred to as the TLS for messaging systems, Messaging Layer Security creates a uniform secure group discussion protocol, scalable to very large groups and providing similarly uniform security guarantees across providers. The near completion of the architecture and protocol drafts, and commencement of interoperability testing has prompted the Working Group to dust off the Federation draft as the next object of their affection. Will I be able to connect my Wire client to the Facebook Messenger server? Don’t hold your breath, but in the meantime you’ll be able to enjoy the manifest benefits of secure group chat (with security guarantees as high as the industry knows how to produce) on your own network.

IETF113 Conference Report: Tuesday March 22, 2022

Thu, 24 Mar 2022 00:00:00 +0000

Day two of the 113th IETF meeting, in Vienna Austria. The crisis in Ukraine is on everyone’s mind, lending immediacy to the work of the Global Access to the Internet for All (GAIA) Research Group. While past and continuing work has focused on Internet access for the world’s population (especially those disadvantaged by economics, distance, mobility, and social constraints) the situation in Ukraine resulting from military activities give cause for both concern and hope. While communications access points have been obviously targeted, the inherently decentralized topology of the Internet infrastructure in Ukraine has afforded surprising resiliency, increased by the willingness of nominal competitors to patch the communication systems back together for the good of all. Few will remember that this resiliency from military attack was the raison d’être for ARPANet, predecessor to the Internet. Perhaps, in this era of increasing centralization (hardware and software), the crisis in Ukraine will give us the impetus to consider changes to the trajectory of consolidation we’ve allowed to occur. We’ll follow up on this topic tomorrow after the Human Rights Protocol Considerations (HRPC) Research Group who will take up the topic of Regional Internet Blocking.

IETF113 Conference Report: Monday March 21, 2022

Mon, 21 Mar 2022 00:00:00 +0000

It’s opening day at the 113th IETF meeting, the first in-person meeting in two years due to the COVID pandemic and being held in Vienna Austria. We’re focusing on standards activities of importance to the Internet Freedom community.

New work is brought to the IETF via Birds-of-a-Feature sessions and also each technical area’s Dispatch Working Group. The Application area often sees the most unique and interesting ideas and this meeting was no exception. The [Open Ethics Initiative] (https://openethics.ai/) introduced its idea for an ethics disclosure or transparency protocol to help promote trust among users and service providers in a way similar to nutrition labelling on foods. Two new drafts have been written related to the format of data exchange among messaging services. I know what you’re thinking: “but messaging services don’t interoperate”. Exactly. These drafts are a push to get that to happen, initially in the context of the Messaging Layer Security (MLS) effort. Along the same lines, a plea was made to liberate messaging from the confines of the encapsulating (and in some cases proprietary) protocols, to be used as first-class network transactions on their own via the Event Streaming Open Network. And, the team doing Encrypted Client Hello (ECH) introduced an idea to liberate ECH’s host configuration information from the DNS to which some folks believe it is inextricably bound. Well, they didn’t present it quite that way, but… Liberation was the theme of the event, it seems!

IETF113 Hackathon Project

Sun, 20 Mar 2022 00:00:00 +0000

This post begins a daily blog, live from IETF113 in Vienna Austria, March 19-25, 2022 (first in-person meeting after six remote-only meetings during the COVID pandemic).

The Hackathon event kicks off IETF and, at this meeting, we picked up work originally done by one of our teammates implementing version 5 of Internet Draft HTTP Transport Authentication. HTTP Transport Authentication is designed to authenticate such protocol flows in a manner that does not reveal any information to an attacker during failure cases. Therefore, applications using HTTP Transport Authentication are resistant to active probing by network adversaries.

IETF: Year End Review 2021

Thu, 23 Dec 2021 00:00:00 +0000

In terms of potential impact on Internet Freedom, it’s been a banner year at the Internet Engineering Task Force (IETF). QUIC (featuring the improved privacy and security of TLS1.3) reached Proposed Standard status, with implementations and rollouts from every major vendor on both server and client, and with multiple open source toolkit options for developers. Encrypted Client Hello for TLS1.3 gained traction via the DEfO project that, through pull requests, makes a huge privacy enhancement easily available to the major security library (OpenSSL) underpinning the Internet’s most important service engines (nginx, apache, lighttpd, haproxy on the server, even curl on the client). IP address privacy got new attention with a working group formed around Oblivious HTTP Application Intermediation (OHAI), as did Privacy-Preserving Measurement (PPM) which seeks to drastically reduce the amount of personal information swept up in the pervasive monitoring of all public Internet activity. Meanwhile, the Internet Research Task Force (IRTF) has focused on developing new cryptographic techniques to serve these rapidly-evolving privacy-focused activities. IRTF also fosters work on truly-global Internet access and, in a sense, serves as the IETF’s conscience through it’s work on the human rights implications of protocol design.

IETF112 - Meeting Update (November 2021)

Wed, 24 Nov 2021 00:00:00 +0000

The 112th meeting of the Internet Engineering Task Force (IETF) took place November 8-12, 2021 - as a virtual event for the sixth time in succession due to the COVID-19 pandemic. Here’s a summary of the work I found important to the Internet Freedom community.

Privacy Preserving Measurement

While we often (rightly) focus on unwanted surveillance of targeted individuals by nation-states and other bad actors, the Internet’s surveillance economy presents a major threat to personal privacy and freedom for all users of the Internet, as Mozilla so aptly describes on this wiki page. Since IETF significantly boosted its focus on privacy at IETF105 (July 2019, where privacy was the plenary topic), participants at both research and engineering levels have begun to address this problem - initially with research studies and statements of requirements, and then with proposals. Later we’ll discuss proposals that try to offer more anonymity in the way users access the Internet. But new at this conference was a Birds of a Feather session formed around the idea of Privacy Preserving Measurement (PPM) and led by Mozilla’s Eric Rescorla who has collected significant thoughts and technical ideas here. This thinking would insert a layer of protection between end users and the data collection infrastructure in a way that would significantly impact the bad (for privacy) practices of current-term measurement tools - over-collection, under-protection and deep-interlinking. An architecture for PPM was proposed and, as there was significant interest from IETF attendees, a Working Group is being established to undertake the technical effort. There is a future work effort here to understand how this work overlaps or dove-tails with CleanInsights.

The IETF and Internet Freedom

Mon, 18 Oct 2021 00:00:00 +0000

It seems useful to clarify the relationship between the near-term work of keeping the Internet open on a daily basis - work that dominates the efforts of the Internet Freedom community - and the long term work of the industry on crafting operational standards for the same network.

Those involved in Internet Freedom are typically focused on the “problems of today”, creating solutions using existing technologies offering immediate effect. Often, it’s hard to tell if Internet standards are helping, hurting, or just in the way. However, looking back at the (roughly) 15-year history of Internet Freedom work, it’s useful to recognize the many times we’ve said to ourselves “Gosh, I would have done that differently if I’d had a chance to think about it”.