From acooper@cdt.org Mon Jul 15 10:11:34 2013 Return-Path: X-Original-To: architecture-discuss@ietfa.amsl.com Delivered-To: architecture-discuss@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2003011E81A4 for ; Mon, 15 Jul 2013 10:11:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.59 X-Spam-Level: X-Spam-Status: No, score=-102.59 tagged_above=-999 required=5 tests=[AWL=0.009, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Chc9HDx1PHUw for ; Mon, 15 Jul 2013 10:11:30 -0700 (PDT) Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id A900511E8182 for ; Mon, 15 Jul 2013 10:11:29 -0700 (PDT) X-Footer: Y2R0Lm9yZw== Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Mon, 15 Jul 2013 13:11:28 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Alissa Cooper Date: Mon, 15 Jul 2013 13:11:32 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <1C550F59-DB30-4E3A-8766-C134841FA595@cdt.org> References: <20130715162732.20932.41520.idtracker@ietfa.amsl.com> To: architecture-discuss@ietf.org X-Mailer: Apple Mail (2.1499) Cc: Richard Barnes Subject: [arch-d] Fwd: New Version Notification for draft-iab-filtering-considerations-03.txt X-BeenThere: architecture-discuss@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: open discussion forum for long/wide-range architectural issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2013 17:11:34 -0000 We did a fairly heavy edit of this document to try to address the = comments received. There are still a few open issues and there may be = some points that require further development, but we're hoping that the = taxonomy that describes the characteristics of blocking systems and the = evaluation based on specific criteria is more clear than the previous = architectural-principles-based approach. Feedback is welcome on this list. Begin forwarded message: > From: internet-drafts@ietf.org > Subject: New Version Notification for = draft-iab-filtering-considerations-03.txt > Date: July 15, 2013 12:27:32 PM EDT > To: Richard Barnes , Alissa Cooper , = Olaf M. Kolkman , Olaf Kolkman >=20 >=20 > A new version of I-D, draft-iab-filtering-considerations-03.txt > has been successfully submitted by Richard Barnes and posted to the > IETF repository. >=20 > Filename: draft-iab-filtering-considerations > Revision: 03 > Title: Technical Considerations for Internet Service = Blocking and Filtering > Creation date: 2013-07-15 > Group: iab > Number of pages: 26 > URL: = http://www.ietf.org/internet-drafts/draft-iab-filtering-considerations-03.= txt > Status: = http://datatracker.ietf.org/doc/draft-iab-filtering-considerations > Htmlized: = http://tools.ietf.org/html/draft-iab-filtering-considerations-03 > Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-iab-filtering-considerations-03 >=20 > Abstract: > The Internet is structured to be an open communications medium. = This > openness is one of the key underpinnings of Internet innovation, but > it can also allow communications that may be viewed as undesirable = by > certain parties. Thus, as the Internet has grown, so have = mechanisms > to limit the extent and impact of abusive or objectionable > communications. Recently, there has been an increasing emphasis on > "blocking" and "filtering," the active prevention of such > communications. This document examines several technical approaches > to Internet blocking and filtering in terms of their alignment with > the overall Internet architecture. In general, the approach to > blocking and filtering that is most coherent with the Internet > architecture is to inform endpoints about potentially undesirable > services, so that the communicants can avoid engaging in abusive or > objectionable communications. >=20 >=20 >=20 >=20 > The IETF Secretariat >=20 >=20 From touch@isi.edu Mon Jul 15 10:25:52 2013 Return-Path: X-Original-To: architecture-discuss@ietfa.amsl.com Delivered-To: architecture-discuss@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE5AD11E81B5 for ; Mon, 15 Jul 2013 10:25:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 876s82YV9V9B for ; Mon, 15 Jul 2013 10:25:48 -0700 (PDT) Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 7E98F11E81B4 for ; Mon, 15 Jul 2013 10:25:45 -0700 (PDT) Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id r6FHOfWD024799 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 15 Jul 2013 10:24:41 -0700 (PDT) Message-ID: <51E43059.5000303@isi.edu> Date: Mon, 15 Jul 2013 10:24:41 -0700 From: Joe Touch User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: Alissa Cooper References: <20130715162732.20932.41520.idtracker@ietfa.amsl.com> <1C550F59-DB30-4E3A-8766-C134841FA595@cdt.org> In-Reply-To: <1C550F59-DB30-4E3A-8766-C134841FA595@cdt.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: touch@isi.edu Cc: Richard Barnes , architecture-discuss@ietf.org Subject: Re: [arch-d] Fwd: New Version Notification for draft-iab-filtering-considerations-03.txt X-BeenThere: architecture-discuss@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: open discussion forum for long/wide-range architectural issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2013 17:25:52 -0000 4.1.3. Efficacy: How easy is it for a resource or service to avoid being blocked? This section should, IMO, begin with a clear explanation that port numbers are meaningful *only* at endpoints - which is why port shifting works*, and why port-based traffic control or blocking can be ineffective. *FWIW, it's not just shifting all services to port 80 or 443, but just using a different port for a single service, such as HTTP over port 53. Additionally, DPI may be hampered by new protocols, e.g., IPv6 with options, which requires processing the entire option chain to find the transport ports. Section 4.2.3 should differentiate between DPI that interferes with inspecting transport contents (TLS) and layering that hides the transport ports (IPsec transport mode, almost any encrypted tunnel) or makes it difficult to find the port even if it isn't encrypted (multiple layers of tunnels). Joe On 7/15/2013 10:11 AM, Alissa Cooper wrote: > We did a fairly heavy edit of this document to try to address the comments received. There are still a few open issues and there may be some points that require further development, but we're hoping that the taxonomy that describes the characteristics of blocking systems and the evaluation based on specific criteria is more clear than the previous architectural-principles-based approach. > > Feedback is welcome on this list. > > Begin forwarded message: > >> From: internet-drafts@ietf.org >> Subject: New Version Notification for draft-iab-filtering-considerations-03.txt >> Date: July 15, 2013 12:27:32 PM EDT >> To: Richard Barnes , Alissa Cooper , Olaf M. Kolkman , Olaf Kolkman >> >> >> A new version of I-D, draft-iab-filtering-considerations-03.txt >> has been successfully submitted by Richard Barnes and posted to the >> IETF repository. >> >> Filename: draft-iab-filtering-considerations >> Revision: 03 >> Title: Technical Considerations for Internet Service Blocking and Filtering >> Creation date: 2013-07-15 >> Group: iab >> Number of pages: 26 >> URL: http://www.ietf.org/internet-drafts/draft-iab-filtering-considerations-03.txt >> Status: http://datatracker.ietf.org/doc/draft-iab-filtering-considerations >> Htmlized: http://tools.ietf.org/html/draft-iab-filtering-considerations-03 >> Diff: http://www.ietf.org/rfcdiff?url2=draft-iab-filtering-considerations-03 >> >> Abstract: >> The Internet is structured to be an open communications medium. This >> openness is one of the key underpinnings of Internet innovation, but >> it can also allow communications that may be viewed as undesirable by >> certain parties. Thus, as the Internet has grown, so have mechanisms >> to limit the extent and impact of abusive or objectionable >> communications. Recently, there has been an increasing emphasis on >> "blocking" and "filtering," the active prevention of such >> communications. This document examines several technical approaches >> to Internet blocking and filtering in terms of their alignment with >> the overall Internet architecture. In general, the approach to >> blocking and filtering that is most coherent with the Internet >> architecture is to inform endpoints about potentially undesirable >> services, so that the communicants can avoid engaging in abusive or >> objectionable communications. >> >> >> >> >> The IETF Secretariat >> >> > > > _______________________________________________ > Architecture-discuss mailing list > Architecture-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/architecture-discuss > From sm@resistor.net Sun Jul 28 02:57:40 2013 Return-Path: X-Original-To: architecture-discuss@ietfa.amsl.com Delivered-To: architecture-discuss@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED7C21F9DC7 for ; Sun, 28 Jul 2013 02:57:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.517 X-Spam-Level: X-Spam-Status: No, score=-102.517 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XN8UZzVZX3zZ for ; Sun, 28 Jul 2013 02:57:39 -0700 (PDT) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB3E21F9DCA for ; Sun, 28 Jul 2013 02:57:36 -0700 (PDT) Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r6S9vBYQ029212; Sun, 28 Jul 2013 02:57:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1375005437; bh=T2m56txabJ4T5WlGyEkrFKlAHqS+N8jdfopYgHj3KHo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=3Ob+RFZ4IZfpEaNSii61shUMyBXWp921o8sr8oieKfZJMkMr6v8RNBx4ayWPitKG5 SNyjdcLhTU95d4S823QNgskOu0dddnN4J3ChPinv5U5WYR04WcJGtyjyFMlBfhXuCf b1VHBLg0GrLPIdSNzJm80rR3zGqjFKMGr1r5aUvA= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1375005437; i=@resistor.net; bh=T2m56txabJ4T5WlGyEkrFKlAHqS+N8jdfopYgHj3KHo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=1k9X++AyQZycmH0fVCJZhsjZF7XTVWRhJr0MEB3vXfq/luOSckTV5xksCtE+BMTvT iwWobeEZT9W0hoiOUjOfuxbumnhUN+yg4UKw5E228xV0a5T0brC4klcyeg0mZqHgZS BP8QD6P3Mw4qhIE9WoDxY6nZgYpK9mXC6VKMJmik= Message-Id: <6.2.5.6.2.20130728021627.073c3470@resistor.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6 Date: Sun, 28 Jul 2013 02:56:35 -0700 To: Alissa Cooper , architecture-discuss@ietf.org From: SM In-Reply-To: <1C550F59-DB30-4E3A-8766-C134841FA595@cdt.org> References: <20130715162732.20932.41520.idtracker@ietfa.amsl.com> <1C550F59-DB30-4E3A-8766-C134841FA595@cdt.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Richard Barnes Subject: Re: [arch-d] Fwd: New Version Notification for draft-iab-filtering-considerations-03.txt X-BeenThere: architecture-discuss@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: open discussion forum for long/wide-range architectural issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jul 2013 09:57:40 -0000 At 10:11 15-07-2013, Alissa Cooper wrote: >We did a fairly heavy edit of this document to try to address the >comments received. There are still a few open issues and there may >be some points that require further development, but we're hoping >that the taxonomy that describes the characteristics of blocking >systems and the evaluation based on specific criteria is more clear >than the previous architectural-principles-based approach. There was an interesting comment during the IAB Privacy tutorial about the policy angle. I would label it as the bigger picture out there. I read previous revisions of draft-iab-filtering-considerations and I was basically okay with it. I read draft-iab-filtering-considerations-03 and read about the dotless stuff after that. This prompted me to step back and think "we got it wrong somewhere". I then thought "we are saying stuff and the policy people have ignored it". There is currently a discussion about Country X trying to block content which a lot of people may consider as objectionable. As a point of trivia the issue was actually raised over a year ago and nobody paid attention to it. I'll argue that people are not ignoring the technical stuff. It is just that the technical side does not pay attention to the issue until it is too late to do anything about it. The IETF trots the line that "this is harmful to the Internet". The draft argues that endpoint-based blocking is the least harmful. What does harmful mean? What are the possible problems if blocking or filtering is less granular? Which audience is targeted by this draft? Regards, -sm