Privacy difficulties in Blind Caching and OOB encoding

I was reading draft-thomson-http-bc-01,
draft-reschke-http-oob-encoding-12, and some of their dependencies,
and I'm having trouble finding the plan for getting caches to actually
speed things up while at the same time preventing caches from learning
important information about the content their clients are

The core idea of the out-of-band encoding, as described in the drafts
and [ERICSSON], is that the origin server can delegate content
transmission to an edge cache to which the client has a faster
connection than it has to the origin.

When we account for the origin->cache transmission, this should be
slower for the first client and significantly faster for all
subsequent clients. That is, more than one client MUST be able to use
the same resource bytes, which means, if they're encrypted
([RFC8188]), that all clients must get the same key to decrypt them.
That has several implications:

1) For public resources, the cache can trivially figure out what
content clients are retrieving, by pretending to be a client itself to
get the decryption keys. This is an important decrease in privacy
compared to TLS, but I don't see it mentioned in [BC]. It seems to
conflict with calling the caching "blind".

2) For secret resources, the cache may not be able to authenticate
sufficiently to retrieve decryption keys, but it can still trivially
figure out that multiple clients are retrieving the same resource.
This metadata is another decrease in privacy compared to TLS.

3) [OOB] and [SCD] both mention a forgery risk and sketch some
mitigations around [SIG] and [MICE], but that's less relevant for this

Have I missed anything in the documents or the design that hides more
information from the caches?



Received on Thursday, 3 August 2017 18:55:59 UTC