Re: [TLS] ESNI/ECHO updates
"Christopher Wood" <caw@heapingbits.net> Mon, 24 February 2020 03:57 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03DEC3A0991 for <tls@ietfa.amsl.com>; Sun, 23 Feb 2020 19:57:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=TycZKrYJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=A9yuc+f8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oiGECaUblAKY for <tls@ietfa.amsl.com>; Sun, 23 Feb 2020 19:57:47 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2663A098F for <tls@ietf.org>; Sun, 23 Feb 2020 19:57:47 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 7C4BB490 for <tls@ietf.org>; Sun, 23 Feb 2020 22:57:46 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Sun, 23 Feb 2020 22:57:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=83M8O KYdOpv1KeMWnDBSmV/XZ62Y+H0FS0qbdNDzKJU=; b=TycZKrYJ6KVsdqVrDbi5h +BiCQk3v7T6zV6vJLVqbHWpuDZgyIkncp4J06KMkkcLw/yBB0V/PxXb1aRGrrqsQ SPDq7/EzMZkliBJ6LS8SNr4r9u7lirGvDh61/igUG6Vt9x/Z6KDq7lVyDIIO/IBQ ZC83xL6RRJwF/9yfrDxUZ+f7lMfKEcmLQttpMBLVrJxV+QyTOer+obXjzYitF2+J +59uuYa3YJn07CsjDL7jpWL+gIn0JRbYuENsyppXRe45Pj4xhoVxkQksjipzSjqm bnbZNck6LAOR/fp/Q57dFvDFCMeLsrOt7OnfkbUcWfQrCTkjmF+6sPkgOzsgycug A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=83M8OKYdOpv1KeMWnDBSmV/XZ62Y+H0FS0qbdNDzK JU=; b=A9yuc+f8ydciqv4OtH4gIDNFZzynmez2UOopTGmaAgLbK7SyyYECUWkbm c7odBpReBBDxQXs3Mb+yJg/U1loQNxDcVJWvCPRjHqR2vP14lszEfQCbAmesp+i9 n3UTqcNLvZRhJ11aPBo9bLXaTxgrnXzFsHTdKxlegjwaY0ojxn0EOfrVx1c9sXf4 qvZCq/zWKSmzYlHyDKkqz3zmVoCf5s7/qakOkYxq9YdawMMfyRHo+JT7gksR62tD FWF7zGOENiiWyCZRUT2ssuVoGbNIfNZ+up3h7cx3JkqQcFGU+9ARTWKazoxrQMNG Eucv3FeEcYyyU1TYXhxiT4r1MUcgA==
X-ME-Sender: <xms:uUlTXmtROm6D09s6ETMzoi_k-cBWTejIkgDh5NT1CseRmW_xTKVl3Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrkeelgdeiiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucffohhmrghinhepghhithhhuhgsrdgtoh hmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:uUlTXh9CKx43L8SYqOfqnDuHjXXJPMp4So7DHRVL5i4K-MzGxWBweQ> <xmx:uUlTXk-iY-s88lFm0JX7EqX6Valg1cFhMlYPq7MAuLOM3DBpmVUu4Q> <xmx:uUlTXrOqcx6yL8wfj560MdrrxL_nvui8B9SEQte_UMB8QuW0d781oQ> <xmx:uklTXhpdJpshLHKiavexxzCVJWxgIq06is5h1EgU1lmatr7Iamc1nw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C65423C00A1; Sun, 23 Feb 2020 22:57:45 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-947-gbed3ff6-fmstable-20200220v2
Mime-Version: 1.0
Message-Id: <ad38baa7-ab31-4562-a0fe-42ee054720e2@www.fastmail.com>
In-Reply-To: <412affff-54a9-d244-886b-ea44ad972c94@cs.tcd.ie>
References: <CAChr6SzR8jJ2pwfb+SuHSOqP9+nhnypePCJFd5+1p=jL-sTOSw@mail.gmail.com> <412affff-54a9-d244-886b-ea44ad972c94@cs.tcd.ie>
Date: Sun, 23 Feb 2020 19:57:24 -0800
From: Christopher Wood <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3vUhnzN6bV_8ZVworJssLa3C1tw>
Subject: Re: [TLS] ESNI/ECHO updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 03:57:49 -0000
Sorry for the delay in updating you (and others). Here’s the current status. We’re actively analyzing ECHO. As of now, we expect this to complete in March, unlikely before the Vancouver meeting. No red flags have been discovered thus far. However, we are updating the tunnel PR and hope to post (and merge) it before the deadline. That will give folks enough time to update implementations and discuss any remaining issues before proceeding with the document. Best, Chris On Mon, Feb 17, 2020, at 5:00 AM, Stephen Farrell wrote: > > Hiya, > > On 15/02/2020 00:17, Rob Sayre wrote: > > Hi, > > > > Are there any updates to ESNI/ECHO to share as a draft or an update? > > I'm also interested:-) > > > > > It's been a few months, so just wondering (even if there's not much to say). > > I did some initial hacking on a branch of my openssl fork > to see how hard the inner CH stuff might be. [1] Turns > out it's doable but there are some wrinkles with handling > extensions that might be good to discuss on the list to > improve our chances of interop. > > There are some notes at [2] - the ones I think might > benefit from list discussion are: > > - PSKs - I ended up just putting the PSK extension in > the inner CH (with binder calculated over the inner CH) > and putting no PSK extension in the outer CH at all. > That seems right for tickets, but I'm not sure for > cases where the PSK isn't a ticket. Trying to support > PSKs in both inner and outer seems pretty complex and > likely hard to use as well. > > - I'm not sure what to do about the TLS key share > (and supported groups) - in principle it might make > sense for those to vary between inner and outer CH, but > that'd not be very useful today, and could need a lot > more code changes (I've not yet played with it) - if > it made sense to punt on that for the first version of > an ECHO RFC and just say different key shares MUST NOT > be used in inner and outer that might be good, even if > it's a little smelly. OTOH, it might be better to bite > the bullet now, for better support for the split mode > scenario, e.g. if the "front" server had more up to > date algorithms or something. > > - I implemented support for varying ALPN between inner > and outer and that wasn't hard and seems to make sense. > A consequence is that the EncryptedExtensions with the > ALPN from the server then also need (record layer) > padding. Hopefully, supporting different inner and > outer ALPNs doesn't need much list discussion but it > would be a change from earlier drafts. And one might > wanna put something in the HTTPSSVC or ESNIConfig for > this I suppose, not sure. > > - inner CH padding - we're no longer just padding the > (E)SNI but the entire inner CH so the padded_length in > the ESNIConfig kinda makes (even:-) less sense to me. > I'm not sure if padding the outer CH is still needed > for something though. > > Note that I've only looked at the extensions supported > by the OpenSSL build I'm using - there are some more > in the IANA registry that might or might not need a > bit of thought. And there are a bunch where it might > (in principle) make sense for 'em to vary between > inner and outer CH, but where I suspect there'd not > be enough payoff to call for it to be supported. > (Some of those are noted at [2].) > > Cheers, > S. > > [1] https://github.com/sftcd/openssl/tree/encch > [2] > https://github.com/sftcd/openssl/blob/encch/esnistuff/echo.md#extension-specific-handling > > > > > thanks, > > Rob > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > Attachments: > * 0x5AB2FAF17B172BEA.asc > * signature.asc
- [TLS] ESNI/ECHO updates Rob Sayre
- Re: [TLS] ESNI/ECHO updates Stephen Farrell
- Re: [TLS] ESNI/ECHO updates Christopher Wood
- Re: [TLS] ESNI/ECHO updates Stephen Farrell
- Re: [TLS] ESNI/ECHO updates Rob Sayre