@Richard that was a _terrible_ joke.
", "time": "2024-11-05T18:01:11Z"}, {"author": "Richard Barnes", "text": "@Jonathan Hoyland i make that same joke every meeting
", "time": "2024-11-05T18:02:49Z"}, {"author": "Jonathan Hoyland", "text": "@Richard, pretty sure that makes it worse :joy:
", "time": "2024-11-05T18:03:07Z"}, {"author": "Shivan Sahib", "text": "Notes: https://notes.ietf.org/notes-ietf-121-ohai
", "time": "2024-11-05T18:03:13Z"}, {"author": "Richard Barnes", "text": "makes it a classic! a tradition!
", "time": "2024-11-05T18:03:18Z"}, {"author": "Ted Hardie", "text": "@Richard Barnes so you are a comic torturer?
", "time": "2024-11-05T18:07:01Z"}, {"author": "Richard Barnes", "text": "i am a connoisseur of bad comedy, and sometimes inflict it on others
", "time": "2024-11-05T18:07:24Z"}, {"author": "Ted Hardie", "text": "(Comic torture is a term of art, for things that start out funny, become tedious, then become funny again by repetition)
", "time": "2024-11-05T18:08:00Z"}, {"author": "Richard Barnes", "text": "oh, in that case, absolutely
", "time": "2024-11-05T18:08:14Z"}, {"author": "Richard Barnes", "text": "unfortunately, i think we're going to close the WG before it becomes funny again
", "time": "2024-11-05T18:09:59Z"}, {"author": "Martin Thomson", "text": "Has anyone used the chat on the mobile version of Meetecho? When my onscreen keyboard Is open, the chat rotates 90 degrees.
", "time": "2024-11-05T18:11:23Z"}, {"author": "Martin Thomson", "text": "It is very confusing.
", "time": "2024-11-05T18:11:56Z"}, {"author": "Alejandro Sede\u00f1o", "text": "Not me; if I'm going to use chat from my mobile device, I go directly to the Zulip client.
", "time": "2024-11-05T18:12:33Z"}, {"author": "Lorenzo Miniero", "text": "@Martin Thomson we recently added a fix for ipad users for rotating screens and I suspect it caused this regression, we'll look into that, sorry for the disruption!
", "time": "2024-11-05T18:13:00Z"}, {"author": "Martin Thomson", "text": "Thanks. It is mostly just amusing.
", "time": "2024-11-05T18:15:58Z"}, {"author": "Martin Thomson", "text": "If you need help, I am happy to share details offline.
", "time": "2024-11-05T18:16:32Z"}, {"author": "Martin Thomson", "text": "The timing attack is entirely possible in eegular ohttp
", "time": "2024-11-05T18:24:15Z"}, {"author": "Martin Thomson", "text": "*regular (typing at 90degrees is hard)
", "time": "2024-11-05T18:24:48Z"}, {"author": "Richard Barnes", "text": "@Martin Thomson you mean bc of chunking in the underlying HTTP?
", "time": "2024-11-05T18:25:06Z"}, {"author": "Daniel Gillmor", "text": "Martin, please explain the timing attack you see
", "time": "2024-11-05T18:26:31Z"}, {"author": "Richard Barnes", "text": "Need a button that lets the chair put Martin in the queue
", "time": "2024-11-05T18:26:56Z"}, {"author": "Richard Barnes", "text": "(note: not any participant, just mt)
", "time": "2024-11-05T18:27:05Z"}, {"author": "Daniel Gillmor", "text": "whether he's logged in as a participant or not
", "time": "2024-11-05T18:27:19Z"}, {"author": "Daniel Gillmor", "text": "oooh it worked
", "time": "2024-11-05T18:27:35Z"}, {"author": "Shivan Sahib", "text": "he gets a ping wherever he is in the world
", "time": "2024-11-05T18:27:36Z"}, {"author": "Richard Barnes", "text": "it worked!
", "time": "2024-11-05T18:27:37Z"}, {"author": "Ted Hardie", "text": "@DKG Isn't that effectively the bat signal?
", "time": "2024-11-05T18:27:41Z"}, {"author": "Daniel Gillmor", "text": "the mt signal
", "time": "2024-11-05T18:27:56Z"}, {"author": "Richard Barnes", "text": "except it's one of those giant australian bats
", "time": "2024-11-05T18:27:58Z"}, {"author": "Richard Barnes", "text": "Incremental: shuffle
\nIncremental: random-gaps
To be concrete, if each message leaks 0.1 bits of identity, then N linkable message links N*0.1 bits. This is exponential in terms of anonymity set loss.
", "time": "2024-11-05T18:29:24Z"}, {"author": "Martin Thomson", "text": "Getting access to this chat on a phone is fiddly
", "time": "2024-11-05T18:29:27Z"}, {"author": "Martin Thomson", "text": "Ben, you are right, but your concern is pointed in the wrong direction
", "time": "2024-11-05T18:29:46Z"}, {"author": "Valentin Go\u0219u", "text": "@Martin: Should the relay respect the Incremental: ?1 coming from the gateway ?
", "time": "2024-11-05T18:32:50Z"}, {"author": "Ted Hardie", "text": "Has the media type list already reviewed message/ohttp-chunked-req
", "time": "2024-11-05T18:33:31Z"}, {"author": "Daniel Gillmor", "text": "ssh has had timing attacks for years as well
", "time": "2024-11-05T18:33:53Z"}, {"author": "Valentin Go\u0219u", "text": "If the client is worried about timing of chunk delivery, should it also be able to request Incremental: ?0 ?
", "time": "2024-11-05T18:34:05Z"}, {"author": "Luca Niccolini", "text": "@Martin Thomson Did I hear you say \"the relay _has_ to buffer in the non-chunked case\"?
", "time": "2024-11-05T18:34:08Z"}, {"author": "Benjamin Schwartz", "text": "I agree that this is no worse than classic CONNECT. The strange thing to me that OHTTP aimed higher than CONNECT, and this takes us back down into the muck.
", "time": "2024-11-05T18:34:21Z"}, {"author": "Martin Thomson", "text": "Luca, I didn't say that, I said that if you wanted a comprehensive defense against that style of attack, you might think that requiring buffering would be necessary. You would also be deluding yourself, because you still have timing and size side channels that are available for information leakage.
", "time": "2024-11-05T18:35:21Z"}, {"author": "Martin Thomson", "text": "This does make the situation worse, which is something we need to be very clear about, but I don't think that it is so much worse as to make this a complete non-starter.
", "time": "2024-11-05T18:36:37Z"}, {"author": "Martin Thomson", "text": "A richer set of capabilities means a more textured privacy exposure.
", "time": "2024-11-05T18:38:05Z"}, {"author": "Benjamin Schwartz", "text": "For example, if you're requesting a large file, it would be better to fetch it in chunks via range requests in classic OHTTP, instead of streaming it in Chunked OHTTP, because the range requests might be non-linkable (if the chunks are popular and everyone chooses the same boundaries...) but the chunks within a stream are fully linkable.
", "time": "2024-11-05T18:38:27Z"}, {"author": "Martin Thomson", "text": "Ben, your choice of chunk boundaries might be identifiable and linkable.
", "time": "2024-11-05T18:39:06Z"}, {"author": "Benjamin Schwartz", "text": "Yes, but if the clients standardize on 10KB or whatever then it may not be.
", "time": "2024-11-05T18:39:34Z"}, {"author": "Martin Thomson", "text": "Sure: like anything, there are potentially OK options and potentially bad options.
", "time": "2024-11-05T18:40:05Z"}, {"author": "Martin Thomson", "text": "Noting that the chunking thing you describe is far more vulnerable to timing-based correlation.
", "time": "2024-11-05T18:40:30Z"}, {"author": "Richard Barnes", "text": "if folks want to see just how much information leaks to traffic analysis given ML, see the line of work by McGrew and Anderson https://dl.acm.org/doi/abs/10.1145/2996758.2996768
", "time": "2024-11-05T18:41:30Z"}, {"author": "Martin Thomson", "text": "That traffic analysis work is pretty eye opening.
", "time": "2024-11-05T18:41:53Z"}, {"author": "Daniel Gillmor", "text": "and 6 years old. those attacks don't get worse
", "time": "2024-11-05T18:42:22Z"}, {"author": "Richard Barnes", "text": "it's shipping in Cisco products now
", "time": "2024-11-05T18:42:40Z"}, {"author": "Richard Barnes", "text": "https://secure.cisco.com/secure-firewall/docs/encrypted-visibility-engine
", "time": "2024-11-05T18:43:08Z"}, {"author": "Shivan Sahib", "text": "obye
", "time": "2024-11-05T18:45:44Z"}, {"author": "Richard Barnes", "text": "no, that's the next working group
", "time": "2024-11-05T18:45:54Z"}, {"author": "Shivan Sahib", "text": "thanks Sean for notes!
", "time": "2024-11-05T18:46:20Z"}]