Re: [TLS] DNS-based Encrypted SNI

Paul Wouters <paul@nohats.ca> Tue, 03 July 2018 15:41 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72FD130FB7 for <tls@ietfa.amsl.com>; Tue, 3 Jul 2018 08:41:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogsZmKo55qbp for <tls@ietfa.amsl.com>; Tue, 3 Jul 2018 08:41:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7583F130F75 for <tls@ietf.org>; Tue, 3 Jul 2018 08:41:03 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 41KpHd3wrlzCqj; Tue, 3 Jul 2018 17:41:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1530632461; bh=1gZwU97IHQ/lb5a953PrCGgSYlnOeTnQ/a9dAcWcN0E=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=gjNH9oGycnEDf6HlV7zOXuo+5KA7kauoBBR3aYGl4moEVP9pCXYf+4EdlLXTQZ9rJ o6ubJ6n/vpB1mFjbNdtqRZV5DamfJrSm/sRFZt9mljB3iJ4MnIoNTWsn1uLmflq2e3 ueMfczlAJsruEVhaDvczJhrCpaH29Nm3WdnGh/RE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id LVNEQ4y-MBm2; Tue, 3 Jul 2018 17:41:00 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 3 Jul 2018 17:40:59 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 7EE2A3A3EC1; Tue, 3 Jul 2018 11:40:58 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 7EE2A3A3EC1
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7686645755C2; Tue, 3 Jul 2018 11:40:58 -0400 (EDT)
Date: Tue, 3 Jul 2018 11:40:58 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Eric Rescorla <ekr@rtfm.com>
cc: "<tls@ietf.org>" <tls@ietf.org>
In-Reply-To: <CABcZeBNW+c_bvtEEjVaPisJ0Zy8OHQrYkfDMeQLKrak62ms0jw@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1807031135170.7932@bofh.nohats.ca>
References: <CABcZeBMR=5QQjSS68H2mQoyG1cHVa5+Z_5SH0Md07kTBVSr3Sw@mail.gmail.com> <alpine.LRH.2.21.1807022343380.3445@bofh.nohats.ca> <CABcZeBNW+c_bvtEEjVaPisJ0Zy8OHQrYkfDMeQLKrak62ms0jw@mail.gmail.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CI2qzsApviQrYI-hDiUx-d3hFv4>
Subject: Re: [TLS] DNS-based Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 15:41:13 -0000

On Mon, 2 Jul 2018, Eric Rescorla wrote:

>       It is strongly recommended not to use TXT records. Why not use a new
>       RRTYPE? Everything these days knows how to serve unknown record types
>       (see RFC 3597). The only possibly exception is provisioning tools of
>       small players, but this document starts of saying you basically need
>       to be on a bulk hosting provider anyway. They can properly provision.
> 
> See:
> https://github.com/ekr/draft-rescorla-tls-esni/issues/7#issuecomment-388531906

[Can we keep the discussion within the IETF and the Note Well please. We
  also don't know what happens in 10 years with these links.]

quoting from that link:

 	These facts lead to the conclusion that if we choose RRtype as the
 	method, there would often be cases where the DNS record of the ESNIKey
 	and the TLS server would be required to be operated by different
 	entities.

That seems to have confused two things with each other. I did not say
anything about the location of the DNS record, only of the RRTYPE.
Clearly, with the same location, it would be under control of the same
entity, so I don't understand why you bring this up as a reason against
using a dedicated RRTYPE.

Here is another argument against it, besides the generic IETF policy of
trying to not overload things or create kitchen sinks. If you used, or
were forced to use, a DNS under control of someone who can block things,
they might be instructed to block anything related to encrypted SNI,
and they might decide to just block all TXT records, even unrelated
ones, resulting in collateral damage.

Paul