Re: [TLS] draft-ietf-tls-esni feedback
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 23 October 2019 15:41 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1C0D120AD6 for <tls@ietfa.amsl.com>; Wed, 23 Oct 2019 08:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aA-FvIi9YBZd for <tls@ietfa.amsl.com>; Wed, 23 Oct 2019 08:41:06 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4B77120AD7 for <tls@ietf.org>; Wed, 23 Oct 2019 08:41:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id D2CFE45518; Wed, 23 Oct 2019 18:41:03 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id 5GaovYxT8MBY; Wed, 23 Oct 2019 18:41:03 +0300 (EEST)
Received: from LK-Perkele-VII (87-100-246-37.bb.dnainternet.fi [87.100.246.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id CE30B2315; Wed, 23 Oct 2019 18:40:59 +0300 (EEST)
Date: Wed, 23 Oct 2019 18:40:59 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Bill Frantz <frantz@pwpconsult.com>, TLS List <tls@ietf.org>
Message-ID: <20191023154059.GA471205@LK-Perkele-VII>
References: <CAChr6SwM0cAH4ShJdw6WpV3rwLUPoaqB+imvv61XohLaLiS7jA@mail.gmail.com> <r480Ps-10146i-D05F1D3FC7BC4B899AE60F28D44FDF74@Williams-MacBook-Pro.local> <CACsn0cmhJ5yhZ7h7skgJLdbH9ykcOw6_9D+h7hx8Y8YE69nMaA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CACsn0cmhJ5yhZ7h7skgJLdbH9ykcOw6_9D+h7hx8Y8YE69nMaA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1dY473qABhLqAhdTV4q96zrjpyo>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 15:41:09 -0000
On Wed, Oct 23, 2019 at 07:52:33AM -0700, Watson Ladd wrote: > On Wed, Oct 23, 2019 at 7:35 AM Bill Frantz <frantz@pwpconsult.com> wrote: > > > > A perhaps radical suggestion: > > > > Make the server name field fixed length e.g. 256 bytes. Longer > > server names are not supported and clients MUST NOT send them. > > (Both client and server can't use them because they won't fit in > > the fixed length field.) > > The limit of server name in DNS is 260 bytes, so that limit already > exists. No reason to shorten it elsewhere! Got a reference for the 260 byte limit? According to RFC 1035, the maximum DNS hostname length is 253 bytes: "To simplify implementations, the total length of a domain name (i.e., label octets and label length octets) is restricted to 255 octets or less." This is for wire-form encoding, which has 2 bytes of overhead (initial and terminal lengths), so maximum 253 bytes for the hostname. However RFC2181 says: "A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as '.'." Which could be interpretted as that the final length is not part of the 255 byte limit, and thus DNS name being maximum of 256 octets, corresponding to maximum hostname length of 254 bytes. However, dig utility refuses to send such queries (can send 253 bytes just fine), so I presume that the 255 octet limit is intended to include the terminal length -> maximum hostname length is 253 octets. I can not find any justification for higher limit from any RFC updating 1035 or 2181. And I would expect any such limit to have been significantly above 253 bytes. -Ilari
- [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Christian Huitema
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Patrick McManus
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Christian Huitema
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- [TLS] ESNI padding Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Watson Ladd
- Re: [TLS] draft-ietf-tls-esni feedback Bill Frantz
- Re: [TLS] draft-ietf-tls-esni feedback Watson Ladd
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Christopher Wood
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara