[TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings

Raghu Saxena <poiasdpoiasd@live.com> Tue, 25 June 2024 09:58 UTC

Return-Path: <poiasdpoiasd@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2CAEC169438 for <tls@ietfa.amsl.com>; Tue, 25 Jun 2024 02:58:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJIg9BBwf9RQ for <tls@ietfa.amsl.com>; Tue, 25 Jun 2024 02:58:25 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01olkn2182.outbound.protection.outlook.com [40.92.63.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93546C169402 for <tls@ietf.org>; Tue, 25 Jun 2024 02:58:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ai/A7EyE4bzB3hksXQNtV/RYF9Ce9Qx1bPsU3TEZN+3gO38GqIay5l6xpqGOVn/mC68BCSFmabtnReQb862bfV6WmHVj6fClqc7yuwQjzV3O26BwTzacFCihag0+ktaD4iwj6Frp1yZNtYBUEdkAgWAbDH4b4RftNs/cT/yXfs7OHkw7/t2g1BGUCROLGO66ma4DuwlShy8J6VqYcD9SMon+VEJErXvOoD+Db9Z162CAsIUMRHsJMPKLyszv9JpigGuanz7jyXUvvCPnqLQqfVtlfJjst+IGm85IBKLhbUUW8IEzMIG9Hdy4R4r9MifZc6TtBU6sWoMjgENBaaj3Xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e3kZ1q3F6preoWVtHDTQM6vZkLvi/dtPfTiCJSv7uJM=; b=crNLqhdTEkGlspcw51veetJAxHdNUpUP4qfO4gDa19j5njPC3Za07czV1WAJ6kGIoQPQOOeAkRscG49uroJW+dAZxS46m71f0mMNBxjd9/pV1V2nkKz4b3kfOq3wyNyGdwMyFyYXWXrNfNeMyNIEpDzm8sDMSqc81cslrk08MdwE67X8gJS2PD3GzWeYozRb7yjFRfyBnRx67I1mwLbCrZCDHepuA735ngOMof2j/ejyEcFPuHW5xHsGgnY+4WSPPZjCtWrW8mPGp/wioXp63NYLBtaJwz5Pe5zELZgVLjbFGIuyX0BjpoMD7ZDGCRgQemZojX9uCi+B7QIHLXNY0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e3kZ1q3F6preoWVtHDTQM6vZkLvi/dtPfTiCJSv7uJM=; b=Bau/L3mpA63anWjxMYxnVmzgoSjYS7++cY5u07/m3tQus3RDewKoqZyPzDBRf9g5GH8AClbJZjgcxo6Z+ZRNuvDR2TRV/TFRloK4NqP8bflGbjLmqKwcN7bMj8A/5k5CbROB+2claTmr4hHRHgk5wuO/too5QrKdpHqzUKo5OHo8kjvWXwPKKx022lMSAtom/1b0SLTaaSqZPiP1UAC/jRqdV+ajSnn2vdHltG7YgLaS7dMfXbWiwa+4dFqDQECiXlMDy4IBvmQU6eSjgjSVEVfcURhlpd8HW+9CJDA1u7cy/3STftWYPq3pzngzbGSclgIqYKTOkQkqR4P6DsCiyQ==
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14) by SY4P282MB1897.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:cb::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.30; Tue, 25 Jun 2024 09:58:22 +0000
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::2189:d5b8:3ac4:1ffd]) by MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::2189:d5b8:3ac4:1ffd%5]) with mapi id 15.20.7698.025; Tue, 25 Jun 2024 09:58:22 +0000
Message-ID: <MEYP282MB3564274AB0FF5A270FDE29F3A3D52@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Date: Tue, 25 Jun 2024 17:58:12 +0800
User-Agent: Mozilla Thunderbird
To: Mike Bishop <mbishop@evequefou.be>, "tls@ietf.org" <tls@ietf.org>
References: <2216B76E-F2BF-4A33-B465-57185CF60E0D@sn3rd.com> <MEYP282MB3564E31D58FB6BFFAAFC72DFA3C12@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM> <PH0PR22MB3102B98916996B0DD5F7F542DAD42@PH0PR22MB3102.namprd22.prod.outlook.com>
Content-Language: en-US
From: Raghu Saxena <poiasdpoiasd@live.com>
In-Reply-To: <PH0PR22MB3102B98916996B0DD5F7F542DAD42@PH0PR22MB3102.namprd22.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------Fs8hS05UwYbRxMpxNe0GDyW0"
X-TMN: [JydtPjhIx856qNtD/qV7YVPk/23tp0hK]
X-ClientProxiedBy: PS2PR02CA0001.apcprd02.prod.outlook.com (2603:1096:300:41::13) To MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14)
X-Microsoft-Original-Message-ID: <6f0828ed-d786-4ca2-9242-40cb583900ae@live.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MEYP282MB3564:EE_|SY4P282MB1897:EE_
X-MS-Office365-Filtering-Correlation-Id: 4aea91d8-b9ea-497e-0504-08dc94fd58e8
X-Microsoft-Antispam: BCL:0;ARA:14566002|6092099009|461199025|3412199022|440099025;
X-Microsoft-Antispam-Message-Info: v7cRIJx3R6uA8mL64zG6o8Ul2oCqgINWV15Ked2ZXu6aD0kOurccFcn+qCcJJyw9NWwq5TkihIqos7rVCAc8m9a+myU7RH0kmEHYJKbrx0cCm2m2UKfjpU3wuN5y2DHmoZAoRlj8PV/RVw8CaIZ4RvdJiYImmmsTfjfn7zyY7oAVRaKHAJ/Sa1EOLRhabffL27F8cxHCO4NmSEKj3AZ/2cNXQ/YPWB2TspnYmtQbAW1T7inQdR/fU4KgE2ugUpaTeA6ESqGYfuWN30JNRim7VwaX6W7cPHxder3S9TS5fPReCe5FFSKlNiK3EHcj4yJQh1NnBwEDdiQyIppe1KMVWqxZeTGfeCuPikUTJHcnzAJn47hs4GcQuCsMHdA8DGYoZjSWIdQQBMyDx/SJpOmOOKIQdYuVC5ilAfj1KRUcAYXMSy6lL6e0kIKSUYV9jSrZJS1De2432A2hpjDIEmcZGD8CPRSvS/Ljg7ePnz0LYPi/xmnJ6Yb/exVzOZ5X+Dd8uFWYxh71IoVuRv1bHBRRnlQr8VRC4OB+0AzmGalIl9hGqZLhIAW/8M152BK7DERTenc2mekZyT0qriMqelRIc9NOd4YKTOKqd/5q+8bhwU72Xb/GVoe25oD/HDIfzNc2
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: aBxYSF4AMkZ/18fEwBlf8MmX9whRZDlaPpIA2iuKWjjiJqOjSw0NxH/0Yt4CBhh+NvqM//zNjbwohr+VEfEyviDUHewABLtvZJ4Pcj/zP47BFGh+F0x8Epg+OK73Or5FHKSaC4wnFfANo/FKuL1+IIYujCCTSkf/mBZixqzvVz+gUp/s6893iEb3/QfOK55ISU6vxtywhUGf5jy19ZPR6OpDZBNjT//H6fLgzUPmvv5pctEfWRQSE9ZDp13VsPDQC3qt794++uoNDwliUs+adOlOUM/gV7yS1ceD3WbgyRxl3fqbF7JHhSI9r09vmryh8K69vI3OHG2vw2jRYc9xtsLIZdkakLnGO8lIKLLNCBrY2h64HBEc8DBdHsleZBJZt7y2RCdm2wdvmc62Wi6dWkdHGSIf6rloTtN5WX3cCJxl4TTbMhyRoDmoVL996NHNeAN7UFAtxkCsXIq0q0dWzmr6yqvTA9dzQxYNekuBTVem6fCRYBMOcu7n7wRZ4CTA61RslNMf3ko++5TzTxLyMdwAppyojaD6bVti8uBIRh4q3PhAf7yK7jrw6DWb6A6xH+G+lS60kDUAKqTwFJm/WMAKlS1AjfN6uBT9Ow7mzxZiXJb2pAeX/NyvpU0oOqSzPpn38PpDA4xSG0ktkcOORfvcEX4xIXEE6UaDY57B57E4GID4upE9FjkkPr0HW5OB+hmWon2uFDmOFBh+LEUH4vJkGsMk/kxRnV4VGymibo5KcpIvrG9cmXcIxK59YIUucn1YgToD3H33nNxNIY/N59jvC4NmfieiwpxC/dMwxxBI/gHRPkOBB3AZbf2oH9VC8UzO/ODIrjbjGm6SxMKODsc3lRAufFibpga0mSQbQ7UKPGaUtQC/sbl5utsGuvYVSfevVkg/NodiyzhxaP5NZz7R4N2HhFHbuijfhTR/lJvPnwOHldu82MRPNQ498T1f2Kaa/J/TkSb0id+2/g00zN2yvAFpo53eCTxRGXuvRTDxWEefw0ahITtuKuzr2//VOtuduIrw9zp40p+gbWO65QEe3EKThXnmUiyAmJDlrpNJa3xLCIJADkg6RjsFrfEwLybikZY9t1zNOszBFJ5PwxN4NTMeO9BAvviZ/ert7OwGhTiV1fHL9TesN8IWgwahOHlRF4nBHqy+2TkF8FKTKrwnSdqSSodXUUjpb0/CJUab7MZ8fPktGyLrTlaJShXPj32HfJI838gQpLT6m8sKpQ0LIGwam874CaEj4UZO2B4=
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-746f3.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 4aea91d8-b9ea-497e-0504-08dc94fd58e8
X-MS-Exchange-CrossTenant-AuthSource: MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2024 09:58:22.2590 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4P282MB1897
Message-ID-Hash: TIJJFAXBIFN7TV7P4TQ7M6VCSLRDFDA3
X-Message-ID-Hash: TIJJFAXBIFN7TV7P4TQ7M6VCSLRDFDA3
X-MailFrom: poiasdpoiasd@live.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8wBCau6K6xxpjSuIr7SlMw1kBiY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Dear Mike,

The ECH Draft (draft-ietf-tls-esni-18) refers to draft-ietf-tls-svcb-ech 
for "specifics about how ECH configurations are advertised in HTTPS 
records", and acknowledges there may be other ways of distributing the 
ECHConfig (e.g. preconfiguration). Since my point was focused on how 
clients should look up configs, I do agree with you that mandating the 
name construction is not appropriate here.

I'll raise the point separately on the TLS list.

Regards,

Raghu Saxena

On 6/25/24 4:35 AM, Mike Bishop wrote:
>
> RFC 9460 says this:
>
> Protocol mapping documents MAY specify additional underscore-prefixed 
> labels to be prepended. For schemes that specify a port (Section 3.2.3 
> of [URI]), one reasonable possibility is to prepend the indicated port 
> number if a non-default port number is specified. This document terms 
> this behavior "Port Prefix Naming" and uses it in the examples throughout.
>
> As this document is not a protocol mapping, but simply the definition 
> of a SvcParam which could be used by any protocol mapping, I don’t 
> believe mandating anything about how mappings construct their names is 
> appropriate here.
>
> RFC 9460 does use Port Prefix Naming for HTTPS records when accessing 
> an origin on a non-default port; that doesn’t use MUST, but it’s a 
> definition of how the HTTP origin maps to the HTTPS query name.  
> Another protocol mapping might choose a different construction, and 
> that wouldn’t affect anything about how this SvcParam works.
>