IETF Logo Mail Archive

Re: updating ECH keys from a web server

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 23 February 2022 01:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD763A0C34 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 17:30:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.461
X-Spam-Level:
X-Spam-Status: No, score=-3.461 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5vMwxYStfsX for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Feb 2022 17:30:39 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1878D3A0C39 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Feb 2022 17:30:38 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1nMgS6-00059o-20 for ietf-http-wg-dist@listhub.w3.org; Wed, 23 Feb 2022 01:28:22 +0000
Resent-Date: Wed, 23 Feb 2022 01:28:22 +0000
Resent-Message-Id: <E1nMgS6-00059o-20@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1nMgS1-00058p-IE for ietf-http-wg@listhub.w3.org; Wed, 23 Feb 2022 01:28:17 +0000
Received: from mail-eopbgr130125.outbound.protection.outlook.com ([40.107.13.125] helo=EUR01-HE1-obe.outbound.protection.outlook.com) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1nMgRz-0004xg-Do for ietf-http-wg@w3.org; Wed, 23 Feb 2022 01:28:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H3LbimgLOhE+yPae39daxhVrPPfLcR9W/IZNiABiT9rMy6Ibz666Q8pTZPZ4WEUjmSSXmq/z2FOiXIc+2+lVIZrU5736PrAcpvwxIdYWhpBsBaEhdiDIN/WO+BmBMkuJyVYTzct8aLLR3FGcfUo9ieI0J7Jx442Swj37/XPKuqVXBCFZkSFDCu+ZCvMHOYQtdZXNKP6Gs3Cfy387/+2Q09uZCU0ZvAT14pRIB53KcoFXrzrMJuelg67jgUCyzB+KMeDVyeGfxWe83yc52FrayEdzldQ6yah4HyR61IjzF73Za/hDf/oXd+809ScOasV/0aTidhP1s+j2fwrRpjTF0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GG7TBZfFmNWyFn9Wsf/dBlWjxzd3CNvML2p+BpycKiI=; b=VSq7/hx7MvPM2+PqRJuM5u2UCadpVSz4OC7kJOD+YKK7doFALB4IzleNlINouMderNYeWgrgWdr+qyqz3J9qjbexCYMkxNAqNqe2MAQeH/19cHXZCjoLoX67giup0IjACFpV+ktS5TiE/StT4p0T4EO7vH3zOrd3TSm1QPQG0Sr4BaNfgiNgqpmCegvlekQW/mh8HwwLpijxN5ZntRPLH7eJuLy98i/r5lxoliNpwMEHb+AlbKeoQktmtRMAndTluUtOI+QcescpGJt6BMp/RY7E3qdG7e8KUzq30Y3jFVTl3aQw4UfSCFbF4JvmNDxr4CNO4F4hvejQVHk9ZW4/Dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GG7TBZfFmNWyFn9Wsf/dBlWjxzd3CNvML2p+BpycKiI=; b=UQMJaHcv+Btrixrbfqkl+5Qq49Rj37vyWbAp+h/cs1Ixlul6thz9LzPQCGhDnndn6IxBrcACah+9sSz9jgXNO8KZnvBmrC0HQMCB0Iu4zDDcEBs0AiZBLJCMeFrDEsgIKIhR3+k1UIJzeE+4O0ZIzbDDMI8LKl5uMwZeCuiidErIahAm5p/fA9bmy7EhFbs+haK+GRp5yo9DpWlUZBwMcwsX8vJkOTE85WDfF9dQ3+BA6Zz43JhxgPRdSncZZhp5MQDkUdnulavMMhB2My857omBWq3r+1VwK14sz8emKAmIESlYJNThwmELDl2a549OGp3y1fDpZ0ivs+xf+cQOAg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM9PR02MB7497.eurprd02.prod.outlook.com (2603:10a6:20b:430::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Wed, 23 Feb 2022 01:28:01 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::e07e:60ee:a20b:5f2]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::e07e:60ee:a20b:5f2%3]) with mapi id 15.20.4975.011; Wed, 23 Feb 2022 01:28:01 +0000
Message-ID: <8cab79d5-ef22-02fc-b4a5-ecec32a94132@cs.tcd.ie>
Date: Wed, 23 Feb 2022 01:27:53 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: Martin Thomson <mt@lowentropy.net>, ietf-http-wg@w3.org
References: <d189021e-77fe-720f-6742-6bab494c0b87@cs.tcd.ie> <3489319b-06b1-44a4-8ba9-65c574a7e494@beta.fastmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <3489319b-06b1-44a4-8ba9-65c574a7e494@beta.fastmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------R0snSs0n0Oa0J3gZmJh1aLe0"
X-ClientProxiedBy: SJ0PR13CA0050.namprd13.prod.outlook.com (2603:10b6:a03:2c2::25) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 76fbefdf-ba43-4c38-26dc-08d9f66bbadf
X-MS-TrafficTypeDiagnostic: AM9PR02MB7497:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <AM9PR02MB7497D743B6DEAF996CA176FEA83C9@AM9PR02MB7497.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 8VKB6hTCZN1ba51P/klSTwq7+twvIe8q+iwlZCNG5cEiO7yWzWwPg/frSHxJ1CFmH8H+Ysay8X1E5RaaHRwvP3XrFanA0b62W6SS5SDW0Q41tbsApWVCZGROiyvPZrllTZR06Exw1yGTsYo9mdl0mqbE1ZO0n6XklcN69lwaQvAgbbNOFV0qViczu65sJRQiXR4aD8X5oPesBf99yR/8oQIlV0/wfJKzWQ+iKxzgN64A9REDPVZ+wjVK5JK6LyDka2EcxMcbVt3glrBWoBEjowABiVdXvcaeAPImezR7JOLIR2QDBA1josPP2v1XwEfgJegcDpBmXYyxxSRbu/CASNJCgeu0uJiJTi+to9lAdrSxSZXE0sGd2Oa+LCEZuaYkTyiKm5PYd11P39axp/B9WdY7Fd96ZOJQWLiLAD1Vw8FYH51eKN86ijWZsyljsg9PW7wE9SiQBkHb5i9RkKtNW38HAtOmOdbHcmvCNFvNLEQKkgLR+ng3L3Nw+RieYMLuNzdogz9iVHwG3RFigawNrLV9QdD4ACiiSYWxHmH8NMUe1aKucpZ4W1YRtHPW4KziNwnalZ9uXmCQfMwWQFCefyGhz8J49KpwOR/k6dX8lyd3DPbSPX5O7Ib4/J64B4PY8SWTHW2q5KE/WRhD/qtDvVETG57fZ8NbccbqAOP67JQ9MIrVfH6ey6mPLSc7DQ+2nsDY3m79m5bqIezLzgtEZo0/w33nykw0zR2+fKMahJlPaM2SuV9YyzJ1y0UQmpD7Q9jpDHyR9pQGcY6HNmQIevrCtVNa5eg5ZO7UgdxWsFtfsr2P1KkoLjH25AtgKzYY
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB7PR02MB5113.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(44832011)(66556008)(66476007)(966005)(2906002)(66946007)(316002)(786003)(6486002)(86362001)(186003)(235185007)(8936002)(2616005)(21480400003)(8676002)(31686004)(5660300002)(26005)(38100700002)(19627235002)(36756003)(31696002)(83380400001)(6666004)(508600001)(6512007)(55236004)(53546011)(6506007)(33964004)(45980500001)(43740500002);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7ePKeCjoWtmQLSR2UgWIiI6rEWl+ZxZ7u8DjhwNaou+usCPvDV8+Atjdksxm/7T1fQpWGf00xVRot/yhmcDIkFzcLxXoVOcBL4axZdO+yihr8o8UXAlaKQaSXFlbUELOJAfz/AtoBoWdZ3RHY7yeUh4b5Y4/4VqhkvbBF1Tm8hnNWCwyWwokKsCm7MnzMLf3gOQ7lmq9Hxw2FxVIMfHA7hYzxPIaV4T8JmDt9V313lbE52uZgvPRl5GOW0UEcmg9g7WbiWYcL1WXdfrq1Hd61irCDR8hlMbGltsOWW6XzGBh7/13gE4CeVR6LCfag+jZq9nDwUxOkEdpM16AB/sKCFj9vkt50P/U64MdPUrcMJPyQKtzWIjIi0fx9WWPF9OSjbWueo+554fxTJxVVjLrEUIl28zl4cEjh3NrauouhWAUGmCdEMDPyVtJ7Hs5bY6cnkLxhsXXJsS/lfnD0ZflhOJIaAGFttzNKDWQmkxKl9zbZ/869Z62R+Q+kNO5xso+s0yZJZ6g/YKMsUACHGIQo1k9iMfTWk5lyz111dEoz5dZcH+3WQZEUaSDY+39KwtlgAbHV63OH+2buriA6cRdfRGkCtst25LUCkQMEqcb3CZsVu70iQxFRVlPbfndXr6cbp6JW+4dT7c67v9K88KefdsIDULNpoXvQgOI3DMroP5D/bWsqpm9J6SlgXuff4GRPppopyDIxCqSTCaNdh33+jUC0G1ETQEwZ4OEM7608fiSj5TAut/XEmEavRA4L5yHYvzRhrxEZyZBDADYQ/dqOBrvKjI01smVqkV6RW0tzmBB8wwXOQUk1SR2gJYCTf4nskNsh8vzhh659vDb1FY//J0QSEolh3R+SPou7QsR6owAgdm4cQmPCfsOnJA3BZDtV5uuGH2VjOesQzeQk5tT4qX7SIrUIFi+QPlqq0mwfU+2jYsTZdVqZFU34oZV45UDAgz+BEkdLWdmKhdAcMuwNoXFhOiErbseWwtKGrOMDY5ZW53xtW+pTJGVJXyJIFDDPh+8joZxAyHlBVpRURccferAsUu+69v0aTrEIY8kHidJVp8/8xp023U8mnoS0FY18urd3iZ2iauAX7+LeFbksIXEkY2Y+p9r76gksUMkDtHtIwveQjdCEyL0yU8RBmL25bzVBZXGpYUnRU36iMPa6GO9q7IEle1pvekxkwOy3prf4Kp5aZ5lgbcqAHbF3oD08J9kr4POXyJLBhp12oAgTaZbNUv90so3vUdUYVOdv43AyHJ3zpljyWRSa1Y/Kh+u1uwP8mVXIZ2SrLQCiKfBVG5fgXzkXkAX7Y9YYbN7bfrUO2VtwsHE7oy1+k/AkdY0wEl9ga+TqWnHX1T//PA2POMzEj5mlZlJdnrkjG7vqOX6zZL+jSvVLBZbQUAOT8AtvoPjaqAiXw/5JiD2uReRz1gGmepKzUoLpzT/KmGCsgTWZ9AK2n+iqF9An1TRl6ahAjs/RQmphAnBKJ95vmpP2e//h6showa2X/I9LWd8SLBSQYqFqwZXObQRbUzk16b07uV4tFqUJ8cz5EKxfsB5LlriCXQbTfkTOXufj+kKrqg=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 76fbefdf-ba43-4c38-26dc-08d9f66bbadf
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Feb 2022 01:28:01.0974 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fjvcFDIXrOeDSjV0E635H2EnKYa9GalKz8v6YgNNZ4yKsXta/Sl7FaoJLF0jwJoy
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR02MB7497
Received-SPF: pass client-ip=40.107.13.125; envelope-from=stephen.farrell@cs.tcd.ie; helo=EUR01-HE1-obe.outbound.protection.outlook.com
X-W3C-Hub-DKIM-Status: validation passed: (address=stephen.farrell@cs.tcd.ie domain=cs.tcd.ie), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.0
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1nMgRz-0004xg-Do 0c378f426b01e29e540d1e5b8eecc62a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: updating ECH keys from a web server
Archived-At: <https://www.w3.org/mid/8cab79d5-ef22-02fc-b4a5-ecec32a94132@cs.tcd.ie>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39855
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hiya,

On 23/02/2022 00:54, Martin Thomson wrote:
> Hi Stephen,
> 
> The thing that I got stuck on when reading the draft this time is the
> conditions under which this might provide value.
> 
> For ECH to provide privacy benefits, you need multiple web servers to
> share an ECH config.  That is, there is coordination.
> 
> For each server to independently publish an config doesn't fit with
> that model particularly well.  It's good, in the sense that you might
> be able to *use* ECH, but that doesn't mean that there is any benefit
> arising from that deployment model.
> 
> Sorry, that's TLS-level feedback; 

Sure, it's a valid point. My argument for this is that there
do seem to be cases where a mechanism like this seems needed
and as you say that's independent of the relative benefits
from ECH at different scales. But this .well-known (being a
URL on the ECH frontend) should also work fine at scale, and
that might have a role even for large scale frontends if a
backend web server uses a different DNS operator (be that
split-mode ECH or not).

> the HTTP feedback I might give is:
> you set a desired TTL, but that leads to some interesting
> interactions with the HTTP caching semantics (Expires and
> Cache-Control in particular).  Have you considered driving the TTL
> from the HTTP response freshness?

Nope, I've not. I guess that might work but even so it seems
better to allow for an explicit value in the response body.
In my case I just set the requested TTL to half the cadence
of ECH key rotation, not for any particularly good reason;-)

Cheers,
S.

PS: In case it helps - I've no real attachment to the current JSON 
thing, it's just what I implemented but (if this goes
forward), I'd expect that to change, and that's fine.


> 
> 
> On Tue, Feb 22, 2022, at 12:35, Stephen Farrell wrote:
>> Hiya,
>> 
>> TL;DR: I'm hoping to get feedback from httpbis folks related to
>> draft-farrell-tls-wkesni [1].
>> 
>> The TLS WG is well down the (long;-) road developing the encrypted
>> client hello (ECH) spec. [2] I implemented [3] that and as part of
>> that, to support rotating ECH keys, I needed to implement a way to
>> get newly generated keys into the DNS, within HTTPS RRs (or SVCB
>> RRs) according to [4]. So I implemented [1] which allows a web
>> server to make it's current set(s) of ECH keys available to DNS
>> infrastructure via a .well-known URL. (In my case the web server
>> has no dynamic DNS API, hence the need for something more.) This
>> leaves control of the ECH private values with the web server
>> (admins), which seems desirable in many cases, and control over
>> modifying zone files to DNS admins which also seems desirable.
>> 
>> This was briefly discussed at a few TLS WG sessions, but hasn't yet
>> been "adopted." In part, that's because it's not clear whether or
>> not this is a sufficiently useful way to handle the task, nor
>> whether some web server administrators might be more interested in
>> other tooling that might include this kind of feature.
>> 
>> So, I'd appreciate feedback as to whether this seems like a useful
>> tool to be in the toolbox or whether something else might be more
>> useful, in particular for web server admins who don't have a
>> dynamic DNS API available and for implementers developing web
>> servers that need to support such deployments.
>> 
>> Thanks, Stephen.
>> 
>> [1] https://datatracker.ietf.org/doc/draft-farrell-tls-wkesni/ [2]
>> https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ [3]
>> https://defo.ie/ [4]
>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/
>> 
>> Attachments: * OpenPGP_0x5AB2FAF17B172BEA.asc * OpenPGP_signature
>

v2.23.0 | Report a Bug | By Email