Re: [TLS] Possible blocking of Encrypted SNI extension in China
Nick Sullivan <nick@cloudflare.com> Tue, 11 August 2020 22:40 UTC
Return-Path: <nick@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF0383A0D66 for <tls@ietfa.amsl.com>; Tue, 11 Aug 2020 15:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6cvL8gLhOKrQ for <tls@ietfa.amsl.com>; Tue, 11 Aug 2020 15:40:40 -0700 (PDT)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CA103A0B34 for <tls@ietf.org>; Tue, 11 Aug 2020 15:40:40 -0700 (PDT)
Received: by mail-vs1-xe2b.google.com with SMTP id j188so139398vsd.2 for <tls@ietf.org>; Tue, 11 Aug 2020 15:40:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OzKHP0R5c1hB/dtX1Wv4RLoFxmd5rEQDWPysWV7UXt8=; b=tKTChxgemp6rzNFJe/7Cu/em6fuDHrK5VULLPlv4fI2f0EZtpWW8C2RQqUXfMcst/R ts2YJevPqvFEHhb7OwUq6pPlZxsuLW5wh+ViBCQ0hntpWX5eXEvyfoKBBEqLq0n7G7iQ 1iOpGwSc5KHhFPEoCDt2AjNzKEp/C1o/XvorU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OzKHP0R5c1hB/dtX1Wv4RLoFxmd5rEQDWPysWV7UXt8=; b=LrKE46Ym6MENL4YPJj+N+JsqVHWWNeBvajJSxoBxLYNXy/5FJ2qXLQAX2V32h2UKyg GUebekM47ZZdHbaFQRHVJMMmeDyriqMrXnOB+20LnfIksbzZgZfIltHTybdMuLHEBYd+ zhdQFDHT6+pBmQBQ8UkR3eOhV3FdhtNfiCSf+BRWJNgKrDNJulKfeWJwNawA7pgUNl+a ArrAWH1gKHI87RVhThVV9OG3wifKIUYpAqm4Ckp/eCqvC3dYUcDzkOhsOqB6hUSppKpb 9YLuUwYkg50CuAALunqKEmsA6kAoy7CdbgBGeLuJU3D0+HWrWLas+oEgtrhbrpRILfmI /2oQ==
X-Gm-Message-State: AOAM5312DxqsYT6f5B3tconVQBQBvkbLEp7x2QCxXy2M5Oi2G1+v6HI6 20Ia7TV+5LOulB3SUuMJ1fzCQ7bJjThKcBZSjrayPtDcx2ECNA==
X-Google-Smtp-Source: ABdhPJxxoeUUfgsDmmVWfsWyo/cRoiJQl/ip2ON4vwKt7guSKr5vAGlcMFzap5z3xCJmE+IO+kptLlQ9PE8LcxPNBo0=
X-Received: by 2002:a67:1881:: with SMTP id 123mr25193120vsy.172.1597185638772; Tue, 11 Aug 2020 15:40:38 -0700 (PDT)
MIME-Version: 1.0
References: <uGJxvVQRPcgn2GZKsKuuVN4SyTe7EOiV3iEK3Cq3Izo0ZstAh1LxEzMKrDZ_0VTrLqeYXQb4k1Qy5uJmEy04zNgngoHBONhVZnvddYYybt8=@iyouport.org> <71e4d18d-9ad8-fd72-729c-db5a0cf7593b@huitema.net>
In-Reply-To: <71e4d18d-9ad8-fd72-729c-db5a0cf7593b@huitema.net>
From: Nick Sullivan <nick@cloudflare.com>
Date: Tue, 11 Aug 2020 15:40:21 -0700
Message-ID: <CAFDDyk9F94=j6LQ-EH8vv1ak_JCAto2zzQ3uBc61yuRiJOOnVg@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: onoketa <onoketa@iyouport.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a418fb05aca1c2c3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6cu8QfEZZIfSNmaMXcitnCpMez0>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 22:40:42 -0000
It's important to note that the Firefox Nightly client does not implement GREASE of any form, so only the connections to sites that are known to support the ESNI could be blocked by this method. These connections stick out like a sore thumb among connections from this browser since ESNI is supported by a minority of sites. If ECH is deployed in a client with GREASE enabled, then every client hello from the supporting client will contain the ECH extension whether the site supports ECH or not. The traffic from the supporting user agent would stick out, but simple filters that check for the presence of specific extensions, would not be able to differentiate between connections to sites with ECH enabled and to those without ECH. On Thu, Jul 30, 2020 at 11:18 AM Christian Huitema <huitema@huitema.net> wrote: > > On 7/30/2020 8:45 AM, onoketa wrote: > > Hi, > > > > The Great Firewall of China may have identified and blocked > > Cloudflare's ESNI implementation. > > > > I have found that when using a TLS client hello with ESNI extension to > > connect to servers behind Cloudflare's CDN, the connection will be cut > > off after the whole TLS handshake is done. And then that IP address > > will be blocked at the TCP level for several minutes. > > > Thanks for the report. I think this relates to our ambivalence about the > requirement for ESNI to not "stick out". That requirement is hard to > meet, and designs have drifted towards an acceptation that it is OK to > stick out as long as a sufficiently large share of the traffic does it. > If that share is large, goes the reasoning, it would be too costly for > censors to just "drop everything that looks like ESNI". Well, given > actors like the Great Firewall, one wonders. > > -- Christian Huitema > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Possible blocking of Encrypted SNI extensio… onoketa
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Possible blocking of Encrypted SNI exte… Dmitry Belyavsky
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christopher Wood
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Salz, Rich
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Nick Sullivan
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Carrick Bartle
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield