Re: [TLS] ESNI GREASE - answer needed?

"Christopher Wood" <caw@heapingbits.net> Tue, 30 July 2019 00:19 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4E012002E for <tls@ietfa.amsl.com>; Mon, 29 Jul 2019 17:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=N2scYxcH; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Zjdu4FaU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hu3xaqISsOPj for <tls@ietfa.amsl.com>; Mon, 29 Jul 2019 17:19:58 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAA5E120019 for <tls@ietf.org>; Mon, 29 Jul 2019 17:19:57 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2568D21F92 for <tls@ietf.org>; Mon, 29 Jul 2019 20:19:57 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute6.internal (MEProxy); Mon, 29 Jul 2019 20:19:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=wIv2eAlZozV4PC8xYhhQ/wJzPOKClfQ hSvLPBIEVP6o=; b=N2scYxcHVcBaOdDGv9SAo2Xm8N/AUc2QZIf6UNMaEdPSoLr SqZgsUWWRq3zD5WJ9ByrAjrVKFo76Kkkx1937Tklhp8Va/l51QornDx4wI6xVY8T ct08A9WfqaBl6V4LeoJyh6N2ieZtq3UZp2WxXn5taoe1fpAoG92vUb41bQ4ebGjn PL5eRwgkeKNBrGMUaNMoXez1qy8IZqOrHI/5SX7Xp+xOIf97px5bZVNG//yUGrXs a0E4DBJVETFCzHjTv1rTZv7iknlI4qCyK37BEFrE47RekPoT+ap1z8+aiNrL6aCU jgorv7nlppzVyo0PPcXtz1XRjcp4UaGcJ5SVQfQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=wIv2eA lZozV4PC8xYhhQ/wJzPOKClfQhSvLPBIEVP6o=; b=Zjdu4FaUsJM76IexM3Pwoa XmtfCveyuEtyFOLd6Pn0XehCIbEigMGdlc456ZcPj+V25vn5l1YwQ4/uUPaW3QQT ynEc4sXqj4olDAmy1J+ZFsCd78ao4b+Fhg9kqqhOM0fCfLIwxatBsIMoCDQwcCVI ACGAzEMzOFN/IabJ+bGC2fEvUBiylZfYKwvQY4ZJpXbG8xq3+0ePoq972HSl393l kj+jp8tMi5pWwE2+xD++kRD36WdN28BQ87YzeQWkOyzAVp+or5Qi+lsZjznn1n/T SaOkxopYMr4a8muk2V768GzJZNSi9ceDzY0aJZ790vQOGKLZ+DnHtcCr9P8UJvQg ==
X-ME-Sender: <xms:LI0_XdYjpuuN1Ben_sDcoNdv6KlbM1NWFUMMXv4tkPJGKRdIfITV0g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrledvgdefvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggrfies hhgvrghpihhnghgsihhtshdrnhgvtheqnecuffhomhgrihhnpehhthhtphgsihhsthhhrg hnkhhstghhrhhishgurghvihguthhlshhmrghilhhinhhglhhishhtthhlshhivghtfhdr ohhrghdpghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucfrrghrrghmpehmrghilh hfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvthenucevlhhushhtvghrufhi iigvpedt
X-ME-Proxy: <xmx:LI0_XQTVOhMn87aFsmcmHt_diKm0KVf84YFIueQM_urTB16oYI9bYA> <xmx:LI0_XbcxMuwBnaJjFkUPcJjrDJSHv0xUZ-FHMBxkHh66cPffZ4nc-g> <xmx:LI0_Xfl-MITS_AEL-GuxXpMXDKgF3v-30cY_f1nKzEotQOTmx1dYNw> <xmx:LY0_XXon_Y0bilIwJMues616J3x84Ednskv7GvgzyuIesZglUHA07g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id A0CF63C00A1; Mon, 29 Jul 2019 20:19:56 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2
Mime-Version: 1.0
Message-Id: <d947e9f9-e68c-45a8-a730-b6fe949be1ec@www.fastmail.com>
In-Reply-To: <CAF8qwaDaO47gC4AEjE6TzD0_j1nv6sTyMovhWf4mcA82kjS8hw@mail.gmail.com>
References: <8c903f04-7605-be98-5813-688d1ef88c55@cs.tcd.ie> <4b2de58d-1957-ca48-59ab-521e7a5b510f@cs.tcd.ie> <CANduzxAZxzniBstSkUdtFz9sv6m2H7Ak+Gqt5TpxO9YqQM5pqw@mail.gmail.com> <67e69531-69a2-24e3-c2e7-d95054a3382d@cs.tcd.ie> <CANduzxCj67Aw9BLA7TkcXgWisE7ERZ4FC3yPW2DrtfQE7c-BEA@mail.gmail.com> <6a678b80-6233-552d-4755-db0d194fc49c@cs.tcd.ie> <CAF8qwaDs-7CTLgq-tC=oE7RErb4y2LTso4Ocq51hupGQThtVVg@mail.gmail.com> <8fef8934-f3cb-0afe-df96-3a1d68524f35@cs.tcd.ie> <CAF8qwaDaO47gC4AEjE6TzD0_j1nv6sTyMovhWf4mcA82kjS8hw@mail.gmail.com>
Date: Mon, 29 Jul 2019 17:19:56 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EHIVpq2cym5LxMR-MyI8qta1FXU>
Subject: Re: [TLS] ESNI GREASE - answer needed?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 00:20:00 -0000


On Mon, Jul 29, 2019, at 5:11 PM, David Benjamin wrote:
> On Mon, Jul 29, 2019 at 8:04 PM Stephen Farrell 
> <stephen.farrell@cs.tcd.ie> wrote:
> > 
> >  Hiya,
> > 
> >  On 30/07/2019 00:58, David Benjamin wrote:
> >  > 
> >  > [*] I filed https://github.com/tlswg/draft-ietf-tls-esni/issues/177 last
> >  > week with a sketch of an idea. Steven or I should hopefully have a more
> >  > concrete PR later.
> > 
> >  Working from there seems like a good path. That said
> >  I don't see that that says how an ESNI-aware but not
> >  ESNI-configured server ought behave. And it seems a
> >  bit complicated, although I agree a 50:50 split is as
> >  or more arbitrary.
> 
> I think either of "do nothing and act like you are ESNI-unaware" or 
> "add some padding to EncryptedExtensions so you have room to be 
> ESNI-configured" is reasonable. Though, yeah, the draft should talk 
> about this a bit. I think the GREASE stuff turned out to have a lot 
> more details to work out than my original attempt anticipated. :-)
> >  PS: I'll note that I didn't know that PR existed as it
> >  hadn't hit the mailing list and I rarely login to the
> >  github web UI and that this isn't the first time I've
> >  had that experience. I don't blame anyone but there's
> >  clearly a bit of process stuff not quite working well
> >  here. I think people raising non-editorial PRs should
> >  bring those to the list.
> 
> Apologies. I filed that during the meeting mostly so I wouldn't forget 
> and so Chris would have something to link to in his slides. The intent 
> was to write up an actual PR later which would certainly be sent to the 
> list for discussion.

+1

It is our intention to bring non-editorial PRs to the list, though sometimes we fail at doing so. Would it help if we had a script to announce GitHub draft work to the list similar to that of QUIC and HTTPBIS?

Thanks,
Chris

> 
> David
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>