IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for ECH

John Mattsson <john.mattsson@ericsson.com> Wed, 13 March 2024 11:00 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37A46C14F6AF for <tls@ietfa.amsl.com>; Wed, 13 Mar 2024 04:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhoWD_YG55FQ for <tls@ietfa.amsl.com>; Wed, 13 Mar 2024 04:00:24 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2059.outbound.protection.outlook.com [40.107.8.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F28EEC14F69D for <tls@ietf.org>; Wed, 13 Mar 2024 04:00:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KjYlwWGDJ93yf3Ipgf3w7KhFP0thmIyJ9/yB1vOZPEnQ2fKcFxOrE73sOPcITSM5/OMXTJDwwIvxhYXsm/EjZ5Pj3mkZeBvsQLdCnpttyiU6HqnMivg6EiyUfFEduPlSw8v5Xii47TTWEuzuVfcnftEcUaKqxOWjbv8bwNwzEP1RabqpNJfQzs6HQ06mOnX9neZKS6S6PwHHZ3KfWio0koyAGp0x+pfcT/bkAE9j3MCvaERyBeZ40U7qPDFMETi27/WW8a3ICNGaOm9hlBcXKrqtQ7+MRAwQDy3oQfaeWSSWZx1z1S9De2mBqYPsw+oiCF6xYiU+YJKOJI2K4/Q4uQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xQC+k2r2OP6XcNYwNSUgQaetoCDOHK2IYNFy/R6pkiI=; b=fSEe4EhEIe7u4ny7XpZ7rrkRDkybJHS7DiKMgPbKsUnG6eJw718odWN5l2d4JaYwK/rohCS8LkTBeLfmIuBDN8/wK3uGObkU878gm0yok04W6QND5KT9c9ifz8LqPc6xDIGx+0EQuZXigopXaWqVar1WKLDDwrUezPDwgFBAKgN7mup16tGVEA5jULRvXfDD3aNWT7ppbY7PDl3toyrTVmQ3/GChCUnW4qCKwLp9n0pYnju2tPGs6OqkAiGlIWCpmHGtTbj3c4oG+HcJqQb+Gbr52Xq6MEYh6PX4muBr0OLSHckuWfNkKY12at5Yas/OyGURmseYIAtsG3m0zAFcKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xQC+k2r2OP6XcNYwNSUgQaetoCDOHK2IYNFy/R6pkiI=; b=fhGimlIRYq196Z0RjNW7w74XgAFUo2sSKGSqTU6JrsiRc5C+4P5Vs/07PCQmuyycTzrhd9T2mbLQBncUrztc1cOiNV4jHMNXQobKrnropYJxjTXQ4HjuduEhmEfSDAj/VIBOA8k2Khij7DZplP6QlVwVJtlumcey24ZKVvT0XqskZkPYsH2zC+tru0UNhejBdWengoQxx6b5vsUEoXHci73Z14ueC3WVk6m1jDXJjWVv2rWdCc4BBlUjP8adI+c/sy3ojYwkFOLgaqkoQcHgJbF8Qcxe/1A2yuzO78fOfgE3hmbSvEpEUnRxq+J5mHDt/healvm8DV36ak0+V3Ou4Q==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AM7PR07MB6659.eurprd07.prod.outlook.com (2603:10a6:20b:1ae::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.19; Wed, 13 Mar 2024 11:00:20 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::b0d0:9785:585a:9568%4]) with mapi id 15.20.7362.035; Wed, 13 Mar 2024 11:00:20 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Working Group Last Call for ECH
Thread-Index: AQHac/+HzOlQxF/qeE6cop250tay/rE1JDWAgAAZfYCAAChNgIAAHPrh
Date: Wed, 13 Mar 2024 11:00:20 +0000
Message-ID: <GVXPR07MB9678C91891FFDC1231BBB5C7892A2@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CAOgPGoD4iiJ7kivRo4xbe0peiMG3YdzUvmVHC2KvqnMOpm+N7Q@mail.gmail.com> <MEYP282MB35643E2F4A977C0FC051D006A32A2@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM> <CACsn0ckt5k_jJDp_RnWci94Li3AtcBiMfPehuLtdkAN-XoWtdQ@mail.gmail.com> <MEYP282MB3564E419539472CE1B5C5B1EA32A2@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
In-Reply-To: <MEYP282MB3564E419539472CE1B5C5B1EA32A2@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AM7PR07MB6659:EE_
x-ms-office365-filtering-correlation-id: 01d1d4cb-b4a3-403e-00b7-08dc434cc675
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HuUmB7FtLwIobkVhMX10/+0WChBnAs5UeRQNjp+OS53FgH8Z3XX0gMPXYiAQ05VRyeGueC6thH2BUXtBKhxK1lHdguEvBfMLVRvwiMJJ1tp/oAa9PXYWfHSHcii/0a8ZTFKW4J0PG83kx7jUeH59qFhq65PCRMUSxNzd4qtGwdqmxpD8ZpdYRqnlX5pIeetR1EUBlj+MULY/509fnJNtxBOJmPsBtFvi88MDS54FfQAW6f6SyhhoLVeWmn5DO2jkNqNQsz+G+ex1MIUtrPAo6M0P5W9w69GJgS9H3pCW7JNgIIGE6ORlqMPvjfwHOIme6TmCjdiJCjFijkQ8HM7UOX3vVcUhGM1wF2QWgkrVgP57L3HlJjyFr/I4l/nGMu4zJ+EAT31PWszoyRKny6PT5cnq+41ZYQ220eGfcX4mehBJaxqOiAbkEJdZ2n+2Wzhh2/AFP4Hu5dN5ySybIMdgp7aNIGNFe7ItbVav+bqkQvHxMscOo1zzZCE6bVQXvjxsb47Goao1vXuR+eEdKO6AE3HYqoUYVTPg+5EkXgfozvnchmyXHP5+ZhGwDX8hJb+p7SonN7qcjTHP3cefetkx1gZKyjNbewdedncUVHc2HLjU9rJEmx7KDoRA/c8dhwVfj0X5ac9Qyg7Dv5yKmAY5fLNH8zie/9lvo/UbVg61ZP1lWyziJSgqLmchcQBAnzg9+OJWbUDnn1zVCbO8al+lqA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aa7L/CuF7HpK5SMTfTeN29v/OlnsSU33RK8YOuZANmvwl0E02xn2G76ia018KEFjFlCTyI7rHqlFI8AcZvDfAVeWG9Q18VLTpcT+3ZHEzW38u9nsly/3xaZRRa9PJat/NKroQ0yjkk1vpenl0D9ZaVBXg604VWZfMUbPT8v20lvVbgdHKSwu+y+bBRqGy93lA58HO35n4cqdi1BSXkjyGPFDeDhWnTzvmc4ZJJPtzI+HeTK/vwiQAMuDiWUI6JDcK3TyT73RsCTlGahfC0urgwNGluhT0c3j92CUtUMv89SSPJyNJkm57aaOvxAMpEwDsNFAGDOzw/1P1lgYhEgXejqrFf8tDgONgA9spvleLFFcTdFgCBOWou1gCjGe4ux4LEZqHWYy7icV/lxNuap/jmCYBcy4Zw1XgZvLFY7HCXi/zWf/Tlv+6v7zcoSDFyuEpSxwl+srM5ToFOzw/DFrWaBK56YJYlaKHf3CTmUIZLqTRWf0MtMr6obiZqTtkEZIP5/p02CGo5IWtkL/+iRIiu7c/udawN0Kl+ygTSrEUYmR+m+jKhF0oS8cyLBSs4ZjPp6XQhb8Q+cbG/GJLpKxcAciVwKEFIPDR4A1xJvS3H1bK4oEqWd8XpypyzSlSP2zp3iq9RQlCqa7Sf/9Kpe0Z+4dguMhCLQQKjJlO0pB8jVks5RPmXihb800nmdbSkgmisjCoRIpNNAdiKeb5/NRmLVTt81kh9bUn4Q1MyfYkO6cSxoipE0l034L73sQwvmGyZvixBgSAgcgg+ALQGfE4ogMPwNu/jfFkoa4K5099//zQ1ohbY8uqRKMpF1nooqGu0dZo2NQA4soV+Y+1GogTuLB6m6O8Y/U+j+ztDcY2lS0XPJ/ZRQZln1ye5JY6kApmTEhqkugraS0mOKFJ0wEshPRYZX2Z6+rffZTjtffmasXEyDpigwsNXB63YMYYbSSx582baQcyOAjRhBLOdHxMf25uapBUaWEGHz0ydEbdk2cjJfTulEfSTjYQpKPoePwE8N+jpZVeXt0S4jibXYH8eow3YTD9tRA9p7EKJb0R0PeZSP6YY/Pvp1+AbdEQff5ri9LZE7+g3EYnJF7oJHs7zmAx5JX2ZOsfI7EjEGNkdMUL75CPZenzgfyRg7nNf2QMgW0zDyIcvr+xuF2dbjbfo8q8NvYbNW+uKBKIFJEi50LAC7Ar2TNP5U4pCytolc2HLMPmaG6EemCXUzB+Z2ION1RCwCQ3GWM4u6MC3wr244q3D7DZjxKScRyB9qU/Buggxx3rr7bxEpa2dkQpC/FWz8MNZ/3mnify0wsqWx2JnDe4Ur53Aj1ZqpvgmTSjvAbtb/kqPaJstb9fZHoHkSkbJHqddBPw9DUPl4ac/BqNOyfx3H6dBtyEl/bm1OlxicLF7kR6SQtr7XESzleb7AT4MKXneTA2O5GtVE0Hogf7381y33zkgSyH+o8fH+RL+TlJhOXJrH62FWIEDeMBSV/bs9/kHNLfEnXzHbDJW9OoigBT/rViyWJFYvc2STle5r3IdD08q+UJW/nr/7Tb5crBMt5tuWA1HzGp4+6g3AAwH0a7rvhqoPKWoH5HUmRIKCsHJq5IUJVu5oY0Cdv5uJCCibvunZzSvTVEYzxh10s2JI=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678C91891FFDC1231BBB5C7892A2GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01d1d4cb-b4a3-403e-00b7-08dc434cc675
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2024 11:00:20.5479 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YFEqDyJtj2DZF4Ptu+dE2ZyJH5vdWLy4Ki5QKDilhUJqSzys+HXHi6vOdgSgjpEuVL2p4nzfFX819JPiSC2Ayl+z/Z52Y34FjeW88lUk3xM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6659
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5oKWlf---OqjQf37giXVVzIbPHw>
Subject: Re: [TLS] Working Group Last Call for ECH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2024 11:00:28 -0000

Hi,

   "ECH is not in itself sufficient to protect the identity of the
   server.  The target domain may also be visible through other
   channels, such as plaintext client DNS queries or visible server IP
   addresses.  However, DoH [RFC8484] and DPRIVE [RFC7858] [RFC8094]
   provide mechanisms for clients to conceal DNS lookups from network
   inspection, and many TLS servers host multiple domains on the same IP
   address.  Private origins may also be deployed behind a common
   provider, such as a reverse proxy.  In such environments, the SNI
   remains the primary explicit signal used to determine the server's
   identity."

This text only discusses that the identity of the server may be revealed by
"other channels". I strongly think the document needs to mention that the
identity of the server may also be reveled by the unencrypted information
in the ServerHello. In particular a reused KeyShare is problematic.

Suggested addition:

The identity of the server may also be reveled by the unencrypted information
in the ServerHello. Most of the current information in ServerHello is not unique.
The exception is KeyShare, which if reused provides a unique identifier of the server.

Cheers,
John Preuß Mattsson

v2.31.3 | Report a Bug | By Email | System Status