Re: [TLS] ECH AAD for HRR
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 01 September 2021 18:44 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A2A3A13D0 for <tls@ietfa.amsl.com>; Wed, 1 Sep 2021 11:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4XxhUXz7X_R for <tls@ietfa.amsl.com>; Wed, 1 Sep 2021 11:44:26 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00112.outbound.protection.outlook.com [40.107.0.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C6703A13CC for <tls@ietf.org>; Wed, 1 Sep 2021 11:44:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aGUKcC8MAqyboYtQ4MbzylQT9YFO67xnJaGWKf0e6nh7EZrUU/E+U+puKEQgkxkWv98x62r9WY7ztCySn9XM4RVCB6L7aMuT7Y0kruQOP3lB4uwsKYO+V9lnebNG4r6YdPwFRwSWfNKGlxXWMoEND6vvCwYYymx2AM5rMcII0fdwdQ1EnwAuMKJpiKV+4RK4dvmsNrHcNNTpzIDD13MIcsoMuPnxez+elf0mNVpeacYWqQMcEnDjsdtk8WetFb+EcPOyITvU5HS60b9K6wcxtty89CVjdVrLlW79jtqELtA51I+0NFgN2yPESWsLqplTmuRU88lTffVHrg8MGJeZ2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sdk/ivSj0vyG+H8DCoqdZs+KFJuEZvMnsOeXVAi0Ijc=; b=CwxDgc6qFambNDOU2by/AzbXd+HS7Dv6smvfwr2LIV7cn5un2WxaYEL0zJj4sy6eFUFT5em8cqVxHsLaeWUlGugylY4Ql+1DK9yfl0I+QV9+zxsax2GdWKGTV1ljWyArqPS8AUlEcwDUvhCyvakcVFXQ5or8Oz34//77l5ysn3xfzjREcUe0DF8MYI94j9cN+ZbocVpw90xo37PBw3IAx9DN/qBND1z59bXdC3Li/IuuBasuWODb4gD63JQmUElwkUGxNsjDZ98zEizCOjoSaN/auicrohzLFOE4ymqenY4SOPvMP9Pr90DhDn1zW6ElUvKJFwXwap/d58YowyugbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sdk/ivSj0vyG+H8DCoqdZs+KFJuEZvMnsOeXVAi0Ijc=; b=P0iaKLxaFHHKaaJKqMegRU2b9alvN4CTuS25z6YRm/tPAzsvMmNtNb36NcnNCJYIpZLLDbixZPurSapMU0r+hKOao6Fa3iS+7WAWT3xiLQFJj1xn3+pVsFU/VLtxh8FgGZmdfmi1xtVVE3y1Z2dDZiCg/ORzu9w69ncDZU+3fZ4OqPTaDXIN5bnN2UV+TYcjfyYiT9mJJVOsdgRtQZbeGf+t5I/NFgh2fEkDilUr9dTBvhqO4L5wTMIDtZ+ffdOpOQ508kyQaL8o+Xt3rmZIvuu4tGVCynF0f9h8NLtLegj/YD2/JWkhZ833g7aPhiIJ1SwqTKJMRLosqELlDFdl7Q==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB9PR02MB7433.eurprd02.prod.outlook.com (2603:10a6:10:243::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.23; Wed, 1 Sep 2021 18:44:22 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272%3]) with mapi id 15.20.4457.024; Wed, 1 Sep 2021 18:44:22 +0000
To: Christopher Patton <cpatton@cloudflare.com>, David Benjamin <davidben@chromium.org>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <07c00cd9-677c-ec35-7dba-0c4eccac35cd@cs.tcd.ie> <CAF8qwaBWndRS5-HAfyTYHeLyM_i-DZwG5tUmnZeWNnOjXHK55w@mail.gmail.com> <CAG2Zi21JiYhXOAJqEfC+vgdJEFMDH1+YvFbxXp1-MD=+coW9qQ@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <4e51eb86-e44b-8706-3369-d1bbf300eb4b@cs.tcd.ie>
Date: Wed, 01 Sep 2021 19:44:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAG2Zi21JiYhXOAJqEfC+vgdJEFMDH1+YvFbxXp1-MD=+coW9qQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="HAugmTx2GZQJfqjvmv9NKU1ogpEQn8fpd"
X-ClientProxiedBy: DB6P191CA0022.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::32) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.124] (95.45.153.252) by DB6P191CA0022.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19 via Frontend Transport; Wed, 1 Sep 2021 18:44:21 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1d0a36fb-d8d4-4927-c83a-08d96d78835a
X-MS-TrafficTypeDiagnostic: DB9PR02MB7433:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB9PR02MB7433D51FC7C2A35619B6F295A8CD9@DB9PR02MB7433.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1332;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ylcDFrAAiXF03GAJYfO2ZeyGQVieVFNXLoQp9aepO/k9084syfONLdLsJV1dzhjilOyXcCq1NDXJC5zGR3PMVlWXaiHHFFrxlSdjdREWc5Ya76zO49KRwCWCxtof7KHfrQznVcPODxWoBQZj6bxCGJ4/3G9WNDxzXU3C3+Dij7w9oK9lGDYqTsKkUUOz8acyVdrTBds3u1/9f8fK45eTcuW9HB62rkMkBoKyosLjDfM0r+Hz3aJsyLOx66vSlOCcBYEMozV1BBuciyNEqwjjuQt1ZV/iz0XEOGxf0kRAWxdoeSoOvWNEpF6elJJWMjua1T0LJ6JSdiwpgsJigLehiDTf+JQSAF/IJrnGPlcsMi1T13OXEYFuT3TOZe7H6pCwjM4sa7ylzlFcn7k+HToT6sgsJg9mWR/+cSulj5hf6FZ69RtxCrK5bAFOv+cRW0xWtqoxN9vPnbgz8M4mr8ajLRVa5J3tRbBio+hsgC4qwWEuOE1IFpFjSabfYKxG8iuoBUjzx/NUE66pDofkv51gTcMAzI7V+LGOE8Fw7sFYhdAGd+d96H4gO+miIb6zQ1QRGi3VEOVx+vRPfv8yOvw3x3oFxDOGdHBOzqp3Mq4T/c1aoBQPXo0XqA0iyn9Ai/pVarevoO63bJmY+dBcbaKoQvnWONe0vkAoSSx53O48k0I8LXDRTIN/629cQadu+QYOTdmHHOvAmVG4h51mR2xhtJvtft5lwTskUEGtdfZpTetaEC89TL2ikH2obIi03u9W3X17IbIMTXim1C7OpjNzSM/VyabIXOF4xxhs4e2bt8NXYGwH8n+fpuCCCeUvRknR
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(346002)(396003)(39860400002)(376002)(44832011)(235185007)(21480400003)(33964004)(53546011)(478600001)(38100700002)(5660300002)(2616005)(966005)(86362001)(66946007)(8676002)(316002)(31686004)(36756003)(83380400001)(26005)(2906002)(66616009)(110136005)(4326008)(6486002)(66556008)(66476007)(956004)(186003)(8936002)(31696002)(16576012)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: CP7SyKTVW774m+DH1KRcWONotMX8fLt9BeOmdIGCNtrv4DqmToChw20HQzEhXAch9VEJeNS6ydYws7vL21qkxufJussu9qex+sGWrRGDsz2N2zhTugRm6dTZYqBZfEoJUipt+rWkOfPbIBXs6ULGJ8FQ8QYj0AsAyVnXNvNf7KoOethgj/PEzh42v6Lpiic0UR5uXg0P91uSEIzucNapLuKzj+ItYLlGIKANo1XItCafahdxH76oU3WH4s2XpFez6bxNZ+pho8Yju8bMBKHMWnx0bUQjW+OkPj3xkWmC+tlkJ+E3cbMNRIL5fHRt8bcy0XmTllYXAELM1kk1ksKzW3al8OjVcgQLPb/yFCScreF1o2WMkZwiJs/VcOUVuFHOcgH/8KiU0KDHtBOWZHNBGf+wTD1kLmLF71UPnal96PfOs3yUUbtCNVMIud4Q0q4GREREI6cwEREyAd66cTtw0QfWBCV/az9tBM4xhKiaCSevzJVVSEGd4AGvKM8Q/ECLBflH0wPMd0MM3GZpBROK+6J7UbNFVW9PS/Sbo0+3wPQNhq8Z85KL27Ht8bPGeVUdxVp6UQNUyQOFijryw6c5jrMxLmCxjwub3QYZ4bfBXxuvESP+oh0s69zJKHYmI01SxLby/S4Zghxg0Rv/t6sAjHyIYvZxmjfO435BfAc0SxkwENFQoZYBpBDRF+X832tR04O8hJ7D3obqIUbupetQqz2hLduoaqnwMcMGdGfqH4Bzbmb+BDvWidRhTReOoMTBlVrOIiFpz0a4WNwnkmiqvqAJtmZI7FjCkXeEe01ip/8+FTei7wMrRYRTu3+FWpOIznCkGsJ2UICbVonjdteoNW76qZzX8gnSVTF5qGhOsGxIHP+dlhpVa3JM5dwsiJWrlTaDDElW1a0WsPt8cOYGlG3PKe5z8FM/OSIyQ57fXuyr3NO8qxn77sO5rY00BVC2glS7zISnUSwSFRGMP9E0NURXjLhw1B65T9Dh7dLOyQq/dq+Ir1KRwNTjQI4UJR2UVRdIgevv61uY7kd06vTfkrvt1L6yVB5Svpiuh4DvtHpKGBA4wJAAchH3LnHKHGI4FgwVabvL7p9sfUtBLf32I9ZGniIszbEiNF9mxq3lshIpLpTgAlFw1iqMnXNDgIKo8J1mAY7xkB5oZBCpTR/qNGSLnt0LMiGtrUIVuJjZQYITTG/bINlIsBuXA3bIi0NjBfUtJZm4ZonN6Hce2esTs+WfNeXXUKKsmsnaIbNJIxg9JQpmGyydS7kCvQ5z5xpbWHKz45xz9fP47zCudULwQW6Co92i+Evb9yCc/PeR0zZF1xyTqP+9z/YOxh/DeSmR
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d0a36fb-d8d4-4927-c83a-08d96d78835a
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 18:44:22.3300 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: pnnF7b87+7+Pc20vhvEOBf2CfH4ZAPnlI5hv/WyrLbtLtqMc9R3U9AJ8Ju525Aa7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB7433
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FMWwHJHEAsDzBz-EFcLUo7VocvU>
Subject: Re: [TLS] ECH AAD for HRR
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 18:44:33 -0000
Great, thanks both S On 01/09/2021 19:04, Christopher Patton wrote: > Yup, that was my interpretation as well. > > On Wed, Sep 1, 2021 at 10:14 AM David Benjamin <davidben@chromium.org> > wrote: > >> That's right. The AAD and actual CH should be exactly the same, apart from >> the payload being zeroed in place. You don't need to reserialize the >> structure as a server, or serialize ClientHelloOuter twice as a client. >> >> On Wed, Sep 1, 2021 at 1:01 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> >> wrote: >> >>> >>> (Apologies for the acronym laden subject:-) >>> >>> I'm more or less at the "code complete" stage of >>> implementing draft-13 incl. HRR. (If anyone wants >>> to try interop, for now please contact me, but I >>> should have a server up in a few days.) I'm sure >>> as usual I'll have gotten some details wrong, but >>> I wasn't clear about one thing: >>> >>> - When sending the 2nd CH following HRR, the spec >>> calls for omitting the "enc" field of the ECH >>> extension ("enc" holds the sender's public HPKE >>> value that's re-used from the 1st CH). >>> - The AAD for that ECH encryption is the outer >>> CH with zeros replacing where the ciphertext will >>> go. >>> - I concluded that the sender's ECH public value >>> (the "enc" field) ought not be present in the >>> AAD in that case, as well as being omitted in >>> the ECH value, but it wasn't entirely clear to me >>> from the spec (and it'd work either way). >>> >>> So my question is: did I get that right or not? >>> >>> Thanks in advance, >>> S. >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> >
- [TLS] ECH AAD for HRR Stephen Farrell
- Re: [TLS] ECH AAD for HRR David Benjamin
- Re: [TLS] ECH AAD for HRR Christopher Patton
- Re: [TLS] ECH AAD for HRR Stephen Farrell
- Re: [TLS] ECH AAD for HRR Stephen Farrell