IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-esni feedback

Ben Schwartz <bemasc@google.com> Tue, 22 October 2019 18:45 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 686E4120918 for <tls@ietfa.amsl.com>; Tue, 22 Oct 2019 11:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KAPufTjGECID for <tls@ietfa.amsl.com>; Tue, 22 Oct 2019 11:45:04 -0700 (PDT)
Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 185E0120924 for <tls@ietf.org>; Tue, 22 Oct 2019 11:45:03 -0700 (PDT)
Received: by mail-il1-x12f.google.com with SMTP id d83so7957150ilk.7 for <tls@ietf.org>; Tue, 22 Oct 2019 11:45:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qnGAX3Wq8Tt/4wgL29ze8s56S5o9CwsP5bwdSMlxVQ8=; b=lrYkXzSO+gQQByQDEPZYkGQf0fp6ZB6eRFk69ZIO/Ldj8ZAM2Al2iLMvjBCuOC7YSY LhiJMbOlKeFkBVrfe82Lu7KUdpZBssAHweqvZUy8l1jbkrniAMGpWdyqt0+aIUcjmHa3 s+0YH0M2R9yDZhGiMZWpQy+bF8Z8uQYEodZHSHjBbnZQLfrAMGbnaN6bnHnVDOEYo/9r MsprSM6P37r3gOz7LTCVS2Xz135ob7xSHZ+XbPGoPD7GQ5MmCQc9v3NWKyc3xCLnLVH6 Gq/dva+lK3D+jLrLKxXGJapHAbW8n1m8XOLHqPf7i8FDnEPVJQIWjhCsmft2xl77Abyh Yukw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qnGAX3Wq8Tt/4wgL29ze8s56S5o9CwsP5bwdSMlxVQ8=; b=OMpV0UaTfKyTRMg4iTN5zc6Jz27D0WO8pofQxqPwvDEEG37xlBAE56uwzCwELc/UNz tsQTIi03WKe0ICIj6cOAyF40NuzA8ZqTc/W629i9/XJJkgjlGbSsgZ0/tmFGvbOhejSw tx8MbPM4N4Khwj1ZU7nW3kei26gPwVSaP8hoCBtuLb3UQTGQaBY/f04u6BnaKUKLUC2j JCKZMtW1vopqXMs0DKl6ZZ9kpA/Ia8vUoKDVT4iBC3rSDHou/IUDBxiw8ynbCnrHU5GE ajVP4SRuoi9nBUckX/9EwMAehMV+TGyWrYRKCIPl672v/wFAo5GTnZdM7ond7HB9bULj mebg==
X-Gm-Message-State: APjAAAU1gEsH7f+MmFc5MvSVW476fw8qnKLnGOWBHDfjJ/NU31Oy1+Ix 1jwTSXIfvxPfe8LK0dTXOMsk97xVM6H+co9S9IL6pw==
X-Google-Smtp-Source: APXvYqyekRYPiGhEZGlrdfpWZlYdhY4QsAWuU4Jp99KFa+1CtGXXLgi8G6dhmuYfDgYq5uLdGNomaHzoQ/MsedRU0GE=
X-Received: by 2002:a92:ce0e:: with SMTP id b14mr1912616ilo.153.1571769902697; Tue, 22 Oct 2019 11:45:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com> <CABcZeBOy8ogJrmFajxX1pqjqgnE61gE=c3CWz+pp34NWHmGKbw@mail.gmail.com> <03e15760-dfce-cd7b-baea-56ac70d92192@cs.tcd.ie> <CAChr6SzmpSn3Q8tBi+Pdc+Bq7stiukbufbh-jDt+AEtrkV8XGg@mail.gmail.com> <f87c2916-d03d-2715-7b36-7b70fead8df4@cs.tcd.ie> <CAChr6SxfT0ed5J89siGX23A0G77BJQWxFRDoJ1w0v7=5O0KERw@mail.gmail.com> <8063bb12-8462-53fa-fa62-1e5abb1a652e@cs.tcd.ie> <CAHbrMsBPJqzaUSa42gGq45MfsTvCVW7t95q3feWEiSYeSN9ocw@mail.gmail.com> <333fde42-76f9-1af3-0f0f-c70914b0222e@cs.tcd.ie> <CAHbrMsA0PFwvu3hvZgXMbe2Buzq9dQHgNJJLOqtyMUzb-qpc0A@mail.gmail.com> <04a5a50a-3268-d9fb-de16-abb9224409ed@cs.tcd.ie> <CAChr6SySVXsH1J7KGDJjjB=wdxhdaCe207pLn2fGFMmDb1q82w@mail.gmail.com> <BE5E7283-6EF4-4113-ADBA-7790A5DFACD8@akamai.com> <e20daa2c-b239-11e0-87e7-beaebb80aebf@cs.tcd.ie> <CABcZeBMHnz7t6QhXVu8BfXmA1Q4RU1x06TOpcyqFY2FZJmenGQ@mail.gmail.com> <120231f6-698c-03c0-824e-0077b85b6439@cs.tcd.ie> <CABcZeBML9=9cdA4MV+3tu3_2Tmx4bB5dNPR=DhcZYc-GSmsJnw@mail.gmail.com> <CAChr6SwB8Y9dX2tPu9bkmMF+qHswCkDYwk620ZqiZrFa670+aA@mail.gmail.com>
In-Reply-To: <CAChr6SwB8Y9dX2tPu9bkmMF+qHswCkDYwk620ZqiZrFa670+aA@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 22 Oct 2019 14:44:50 -0400
Message-ID: <CAHbrMsAi2M8Dt8d_8CJQAWgtDxjABCxxEnb1iokNtY=kDgxJOA@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000c3bfce059584327c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8D_Ah9uMrNpd4D9x04eo01c-V08>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 18:45:06 -0000

On Tue, Oct 22, 2019 at 2:29 PM Rob Sayre <sayrer@gmail.com> wrote:
>
>
>
> On Tue, Oct 22, 2019 at 11:24 AM Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>
>>
>> On Tue, Oct 22, 2019 at 11:15 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>
>>>
>>> On 22/10/2019 19:10, Eric Rescorla wrote:
>>> > Uh,why?
>>>
>>> Openness, transparency, enabling the WG to make decisions on
>>> the list.
>>
>>
>> The WG has the chance to make decisions on the list *in response to* proposals in the draft. At this stage of the draft development, I don't think it's problematic for authors to put proposals in a draft with the understanding that they are proposals.. Eventually...
>
>
> This seems fine to me, fwiw. It was a little weird to hear about the decision in this way, but that kind of thing is always happening behind the scenes. :)
>
> It seems to me that the client is in the best position to set the padding, so I’m not sure why there is anything in the DNS record.

Strongly disagree.  If one IP address hosts two domains, short.example
and longlonglonglonglonglonglonglong.example, a client of
short.example has no SNI privacy unless they pad up to the length of
the longer name.  The client can't know to do this unless the DNS
record says so.

>
> thanks,
> Rob
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email