IETF Logo Mail Archive

[TLS] publishing ESNIKeys under a .well-known URI...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 26 June 2019 10:20 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47550120280 for <tls@ietfa.amsl.com>; Wed, 26 Jun 2019 03:20:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 795AC8KtwV_a for <tls@ietfa.amsl.com>; Wed, 26 Jun 2019 03:20:55 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE79F120077 for <tls@ietf.org>; Wed, 26 Jun 2019 03:20:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 768ABBE24 for <tls@ietf.org>; Wed, 26 Jun 2019 11:20:52 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-GkFicBbM_l for <tls@ietf.org>; Wed, 26 Jun 2019 11:20:52 +0100 (IST)
Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2F976BE20 for <tls@ietf.org>; Wed, 26 Jun 2019 11:20:52 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1561544452; bh=WmsDU1FuAz4PTGRZqvtyjeTyUvHdi7UH9wTmDwRHDKc=; h=To:From:Subject:Date:From; b=Vadoi8W0NLdk/YN5wh2cg0EhWYVn3IGUqe6cj1cMq4+ic+h7fwhw9vsepQ99zWhXA kSu+TTWwy36dhjDiNw/1x6XzxpEEywes5BWvMVNG+hmX9keycjTTl9BacG2zxLxoWE tnIt1U7R44Y3Ecb9rMZ17bCkJcp0n9QsMDXerAoQ=
To: "tls@ietf.org" <tls@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <7374648a-d684-87be-0807-219bc10793ac@cs.tcd.ie>
Date: Wed, 26 Jun 2019 11:20:50 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Od3b3HfeYWO5ArtcdqvVhctDBe1spTBkF"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-uPw5vNopHqJnNH79kWhVVQLZJ0>
Subject: [TLS] publishing ESNIKeys under a .well-known URI...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 10:20:59 -0000

Hiya,

I'm wondering if a thing I did when setting up a web
server with ESNI might be generally useful for some, but
not all, implementers.

My web server doesn't have an API it can use to update
ESNIKeys in the DNS. Many implementations/deployments may
have such an API but in my case, the zone file that
includes the ESNIKeys RR is on another machine and the
web server doesn't have write access to that. I do
control both machines as it happens, but I still don't
want to give general write-access to the web server.

So what I did was create a .well-known URI on the web
server that allows our "zone factory" to poll for changes
to ESNIKeys RRs. In my case I have the web server
generate new ESNIKeys each hour and publish those at
.well-known URIs; the "zone factory" polls for those
(also hourly) and when it sees new values, it checks that
those work, and if they do it updates the zone file and
re-publishes (DNSSEC signing, sending to hidden master
etc.) There are some more details below that could easily
change if we wanted to standardare this.

Anyway it all seems to work ok and could be useful for
others in a similar situation, or for web server
implementers as a generic way to make ESNIKeys available,
so I'm wondering if this'd be a useful PR for the ESNI
I-D, or if a separate I-D would be useful, or maybe not
enough people would need to do this to bother?

Cheers,
S.

Details:

- Web server generates new ESNIKeys hourly at N past
  the hour via a cronjob
- ESNIKeys are "current" for an hour, and published with
  a TTL of 1800 for no particularly good reason
- Old ESNIKeys are still usable for 3 hours, again for no
  particular reason (just 2 should do:-)
- Web server has a set of "hidden" sites ($HIDDEN) and a
  "cover" site ($COVER)
- The cronjob creates creates a JSON file for each hidden
  site at https://$COVER/.well-known/esni/$HIDDEN.json
- Each JSON file contains an array with the ESNIKeys RR
  values for that particular $HIDDEN as shown below:

    [
        {
            "ESNIKeys.version": 0xff01,
            "desired-ttl": 1800,
            "ESNIKeys": "/wH5QHc...="
        },
        {
            "ESNIKeys.version": 0xff02,
            "desired-ttl": 1800,
            "ESNIKeys": "FF02897...OA"
        }
    ]

- The specifics of the JSON structure are just what was
  handy for me, I'm sure it could be better, and would
  change as we go if we standardise this
- The values above with ellipses are the RR values we
  want to eventually see in the DNS
- On the zone factory, a cronjob runs at N+3 past the
  hour, it knows all the names involved and checks to see
  if the content at those well-known URIs has changed or
  not
- If the content has changed the cron job attempts to use
  the ESNIKeys and for each $HIDDEN where that works, it
  updates the zone file and re-publishes
- Possibly interesting unintended consequence: after a
  TLS client had first gotten ESNIKeys from the DNS for
  $HIDDEN with the draft-03 ESNIKeys structure containing
  the public_name field, the TLS client would know both
  $COVER and $HIDDEN and so could later probe for this
  .well-known as an alternative to doing so via DoT/DoH.
  Probably not something a web browser might do, but
  could be fun for other applications maybe

v2.23.0 | Report a Bug | By Email