Re: [TLS] TLS ECH, how much can the hint stick out?

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 11 September 2020 13:52 UTC

Return-Path: <prvs=6523dc8f0a=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669403A0A64 for <tls@ietfa.amsl.com>; Fri, 11 Sep 2020 06:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fdf9QUrzRP1t for <tls@ietfa.amsl.com>; Fri, 11 Sep 2020 06:52:45 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B52443A09B1 for <tls@ietf.org>; Fri, 11 Sep 2020 06:52:45 -0700 (PDT)
Received: from LLE2K16-MBX02.mitll.ad.local (LLE2K16-MBX02.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 08BDqTbB047199; Fri, 11 Sep 2020 09:52:39 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=yHLfHoU5wTRBAuAvFn5MNwjEg+P3y5vROg6thMtIqM6nX3rspKxdvD+RXZgyjD1Ha0HW1nJzOWWCpH4K32CACpoJRU5wmCvT1JWfHA5L5Y+3yW4qdPNGyIj+0bO9jbIMCDM05P8bzCROl5qSc13VVMO06UgLqC+Yu6FkRBbx/oO3ZL/gmtl9VdfmEJ0fMCISCAWYKLz7hVEaSD+Z9kmhE6n7hFYYkysqaXRtM8WGZootOMSZcsUDdd2/MACx1bEpTq329vpRFErxd7e/Mbmzn9RKqApXfAiBbT6/r1yJSnranEPHCZ4hNTpwuyJjMyYTLrICzhg+z1dyRg98X2nyUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qSN5NtgURtRHwumTbFCASgjbP9qBBWG/URGN422jBqg=; b=tHzQa2umGJUgImpHQkniGmdsW40/2TFPoYQ7mlhstD9KcaTuEJ6kymP3V6EGd8VIzSB6kyPG4HsFN3fwhEDQBl/tr2gp3wZ7kyy4+mMhEgqJS3muA6YM4u3yIz4F8UUK+YvEGtJO6YGxHUcHXRVIZlIPQrNAOOIfQDMPBpn1qJDnMoLL/9t1u+3SNoL3XRVb2hVzCiH3U8XWIeErUet+C2NbNwMLwWCJ5uZgUUAwVMNAfqtneIyvLAquv5v9WG2WmR0VFSPw6Fd+l1DDmAhrSNeyLR3Iew4tcBVzytkmCY9X5bjizp4s6oeAfQZ+3/yMn2HHYzZmgRxxOkbj7dOlRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, "Christian Huitema" <huitema@huitema.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS ECH, how much can the hint stick out?
Thread-Index: AQHWhfO58nZHN1CgFUWlh42sJM20lKlfDioAgAMs24CAAA5VgIAAVIYAgAATHYCAAMFPgIAAB2YA
Date: Fri, 11 Sep 2020 13:52:35 +0000
Message-ID: <D55FDBC5-3588-464E-816E-160F5EB736AC@ll.mit.edu>
References: <C0F3E691-33D8-401D-8954-90DCD49CD4E2@akamai.com>
In-Reply-To: <C0F3E691-33D8-401D-8954-90DCD49CD4E2@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 43b18362-ad47-45e3-8847-08d85659f05b
x-ms-traffictypediagnostic: BN3P110MB0369:
x-microsoft-antispam-prvs: <BN3P110MB0369D4FD489BFEA33E9E1FE690240@BN3P110MB0369.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(4326008)(2906002)(2616005)(66946007)(956004)(8676002)(8936002)(76116006)(4744005)(64756008)(71200400001)(66446008)(66616009)(26005)(54906003)(66556008)(186003)(66476007)(83380400001)(99936003)(86362001)(33656002)(6486002)(75432002)(498600001)(5660300002)(966005)(53546011)(6512007)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail-062D0CF6-B3E6-42BC-A3D0-F6ABBF2C27E4"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 43b18362-ad47-45e3-8847-08d85659f05b
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2020 13:52:35.5114 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3P110MB0369
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-11_05:2020-09-10, 2020-09-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2009110111
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/05Vm9_aczq39SFul3h6mjFbuIK8>
Subject: Re: [TLS] TLS ECH, how much can the hint stick out?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 13:52:49 -0000

IMHO, Rich is 100% correct here. 

If it’s not deployable (and to me it means **universally** deployable, not merely within the US), if fails *all* of the security goals completely. 

Regards,
Uri

> On Sep 11, 2020, at 09:27, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
> 
> 
> I think we should be careful with the word "broken" ... here we're talking about "don't stick out", which is a deployment consideration only. The main security goal is confidentiality of the ClientHelloInner.
>  
> Perhaps this is just being pedantic, but I disagree with the tone of this. We want deployable confidentiality, and “don’t stick out” is something we believe is a necessary requirement to be deployable.
>  
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls