Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 19 July 2021 16:27 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FA9D3A0408 for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 09:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gK087zbPBskt for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 09:27:29 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80139.outbound.protection.outlook.com [40.107.8.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 801D13A0437 for <tls@ietf.org>; Mon, 19 Jul 2021 09:27:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DiUYSKpZvuMKKlBw6Mj6o7dJTSEsK5XRFBFsmV6xtZq1mPs1ngstnjXhyhMlLXN/17fHcFmqyhPH1if3+mWcTNEJnH2NRYYPM0hfACnaLv0rD9Qi0pnGhGDlPS34Qq6vEFqcMvQi9EsPOiLoMrdPM1YwBYFE7tVdeMRZT7YymXLV4JvTiF2P5+U0/Bv1/75d+AcUDz5yAokH7uPq68fOuLwR2Eo17Jm64QgvO1VB84HERCwk7BDr/wV0Z/5JfyyJgorj0m3gNJ5f2p5LzzXhOMw9O081cGDC66vTAT/Ulaa776mlri1J/1lh1tawktJPGw9uVVExU2irk3IAfyfPRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ih/cqrSYA7vZP09QeM5JRwA15LO8wAsvEWkzXk++npw=; b=B+wYgIATj9wuFM+NxmyCjcCFoaVqHI3mVxAAyLFmqKezhB/X0XAYZKCieSnGoDBMDuBqhFc8zpPotaxXqkuDAtHqTU20ZWzNJlHelkU0cdiAqM/EqUvtmDs3ViXsLoWbzv4XH343g9J0t3DcTODKlWMJuZWd6yobXwkEksV/i2Vj5donNgxVmmvPSvdfeJiRaC2VgePq023MYxAM9YBlEDG0KjQzOA8j2eft2VwbmrYRbLlUASQNJPCZDV4MRNU8d8gG/YyDC4rGKd1TBkFWOMaHCzjPVqQk3r35sCzMDo1k3v7j2pSLbs6PchwSQjqCROCxBLEZhqKKqu9Vzr3KWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ih/cqrSYA7vZP09QeM5JRwA15LO8wAsvEWkzXk++npw=; b=GIumQqkWHa3bT9dfCs4NljuOImkKV3uHZ8Z3Ml/4RxuulcDYDvSXbPYo6B0bj2RXBFn+c59CjgS58RhWecs846BVG8blEM4rnLSMbVZoc5EF2FdbNW5urImIghiqurlhX/LLBNVBTkK83F5xOuERnv774tSgHvHWgh2ZG5AAWFyf9ujq6cSSRdWIPNnj4d4tgtLDJBTOu2Pn4WcA6Tjs34I3UmSicV1xkkEGFuu1GKA8vf3DjGqYyWLFWpnLnW0MAeAld1reNn5rjk63TfSovE7gtb+mmutr5W7K5+JCIASGDiKFK8HGxVB+qU7tajkOYuGscAIBUf57lgMJtTYXgQ==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from AM6PR02MB5112.eurprd02.prod.outlook.com (2603:10a6:20b:90::21) by AM6PR02MB3717.eurprd02.prod.outlook.com (2603:10a6:209:2d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.29; Mon, 19 Jul 2021 16:26:58 +0000
Received: from AM6PR02MB5112.eurprd02.prod.outlook.com ([fe80::c0d5:2359:eae3:f5d4]) by AM6PR02MB5112.eurprd02.prod.outlook.com ([fe80::c0d5:2359:eae3:f5d4%7]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021 16:26:58 +0000
To: David Benjamin <davidben@chromium.org>, Ryan Sleevi <ryan-ietftls@sleevi.com>
Cc: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "TLS@ietf.org" <tls@ietf.org>
References: <0ad354da-5300-4b48-8925-f7ab18cdf235@www.fastmail.com> <5D834B58-7A0C-4701-96EB-31663BC0C2DE@akamai.com> <2c7c53a8-cf47-f51d-f97b-f6cd5a712024@cs.tcd.ie> <CAErg=HE92wz3-aLDSfNWk_qJA35+V-euUvtW07HKA=B7CVB3iA@mail.gmail.com> <CAF8qwaDKScDihLVHTahVGqwZjU3U1OXwpsygR=SXMt_3rEOZpA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <80e47f63-725f-ad39-5add-161e6e299fba@cs.tcd.ie>
Date: Mon, 19 Jul 2021 17:26:55 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAF8qwaDKScDihLVHTahVGqwZjU3U1OXwpsygR=SXMt_3rEOZpA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="02bGLOzq5x1SxHKi44Ay6DUDJN4uP6kUg"
X-ClientProxiedBy: DU2PR04CA0049.eurprd04.prod.outlook.com (2603:10a6:10:234::24) To AM6PR02MB5112.eurprd02.prod.outlook.com (2603:10a6:20b:90::21)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:a38f:a588:612a:945f] (2001:bb6:5e5e:b458:a38f:a588:612a:945f) by DU2PR04CA0049.eurprd04.prod.outlook.com (2603:10a6:10:234::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Mon, 19 Jul 2021 16:26:57 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e4946408-4235-4246-e2ba-08d94ad20781
X-MS-TrafficTypeDiagnostic: AM6PR02MB3717:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <AM6PR02MB3717E94082008B61C5B19954A8E19@AM6PR02MB3717.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:2512;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FNcqCN5srK/dR/Zmihtx8HS4llxivDPnDTTthxIJtWAuLKbpnJR+aj31WqpFkin7XYR/rKcEo2oomssfDlC6fcvLmW9WvE4j5Cz98KAI7RPo8PZpeBJ0AJmL7bhV+tYupPghdO3usSiAuyG0L4qoPfFPO5zsZXCBF+dzzk9V5ITAEdMclkgt+YBN+JUqSGPmQFTLzPH5DHiHRLg6D2H8WXO6ccgn5mO4UMWl96WDrK8Iuei9wIlqNvAbhOLjYUD+9yX0OErE+zKDm3RxhuRsjedDrDz8PF0ri6Cbt9GYm6lsoNP9rN8QVFIayRVGVkOnrsCBA/Ybgreo0EWqYdORjErgUSE5sWiEUOiegw4pAOqnfPS9YaTWvyo8PXDkt2zf3CS1tF2RGa7NR3MicXwi52LH1wAKjiTz4hX34NXgx48iuUDb+Y6ynlwUAtSJ9EzS7r/RvgFE1YCKZ+wmIXp4ywLvBJF2+z/8iaffcSbgLAmt71J+57x0ErxmlnEY3+B61M4ulO8yUptm4PHANMb7NyD8gHTjLDE0jH0BQIVbRQ0eSMPoC/RRM/i/SQ/AAfFjmJxN7yiQ+IG8slK5sT7dQ9gdU5aoL7fbaghqRljic/YYJ939Lji2L0H9SNsT85aukKGxwYoAGCKN2Ikh2mYE1hBhDwCOU2Pf1uljX+M6YsW0dV8uQIJfKnd1y3GzXDrjGkWjU1ya4PvXo9/yYhWtesJOO6WgI3sYZNvi/CXdQaU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR02MB5112.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(366004)(346002)(396003)(39850400004)(2906002)(2616005)(21480400003)(66616009)(44832011)(66556008)(66476007)(66946007)(5660300002)(235185007)(6486002)(36756003)(31686004)(83380400001)(38100700002)(31696002)(86362001)(54906003)(110136005)(4326008)(786003)(316002)(186003)(478600001)(33964004)(53546011)(8936002)(8676002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?K3JpM1Faems2R1FiSVYydWxMcW9mL0I0MjE5aEczWjVpNEVvNG9UV0xJYzJT?= =?utf-8?B?WGlud0VvWHZWSGRBUXo1NHV1QlZYQUg3TUZNVHkwamREUFVJcFFBSVJocDBX?= =?utf-8?B?MC9oQTFGUk9yaXlVWVA5dW5DK3pUZUpSUGZUVGpEazV1WGpVNU5VWXpNSHlK?= =?utf-8?B?bFJsTHJHdU1ramNFK0gyQXRoMDNtQ0FEZkFmNjlIV0NVdUd4WnVRY0NEb0ov?= =?utf-8?B?dXRiVU91L2pEQklzQ3hYakZFOHJwbk5vRU1xQjdVb095eXpTamZLQlhBUitq?= =?utf-8?B?cHVpNC9HS3lEclNNNGdtK3ArZFdLK1N4VE5xTmNZYURhWjNOZHZKcm1yZ1I5?= =?utf-8?B?U1VKQWRRNHF1T3I4M1ZETnExVEFJMC9EbW9xQnMzSTMzOC9wLzV1OC9kNCtt?= =?utf-8?B?L01XbFR4YzU0ZFYyYXAza05xWlZXaW1vVGVLdjY3OUpGODFoL0Q2eG9HdnM4?= =?utf-8?B?TlJicHhKOTJqRW1FUU1YNys3dzVQeUVjY0gzL21lS1dNa09QMkgzcTVkSUVH?= =?utf-8?B?Z0haS2NXaW4ySGc4OFI5OHVEWTMyQlEzTmtkRnRJeENiSk9La0JpZmhlR0Qx?= =?utf-8?B?azdqaVJrQkhhZk9BN1BSb240ZTdsZEsxZDRVVEFmUWVIVmY0c0NoVnVXaVcy?= =?utf-8?B?OXE0dmRKVmI5MXFoL29DWEs1L1RWdGs1MmV2MVFkOXNkSzF3a3JBelZhaE1n?= =?utf-8?B?ZTh1R2Y5OERoSlh3OG12VFlPU0tJbGVMN1BpYnVpMFcyUzR0K3I0YjBuc2dW?= =?utf-8?B?Y2NhMFNPVUJ1VStYZkxqT3ZYdTBieGNCbnZmbU9NZSthY05OM09GckRTdUN5?= =?utf-8?B?dnl4OWRSOWt5MTBKdDFmejIvcUZEWWI3OXRRcFFqdEtSY1piVnVNNkprTURC?= =?utf-8?B?aFY1eSs5MHo3YVhlekVzeTdVT21oNHJzYldBNm9ZRWN4ZGZMMXNUeG9Cc3FD?= =?utf-8?B?aks3TDZWelAzbWZwTVdieFBkWWFweEJqa0RTSFJiNEhHeHM4MHcwNWxFQnl4?= =?utf-8?B?QkJ1OHRwSDNaMS9iY1FBN0dSendObDRUbUdScVRWZ3Fnam9pRXVFOHJFVUtQ?= =?utf-8?B?WmlsNFBGL2VCQWxiMkptakl5YmMzNlIwU0ZrOVZwc1d1bUhtTzVEbEh6SXpL?= =?utf-8?B?QTFzQkptbTJ0QUpvcGdBcXBQM3Y0KzFGQTE1LzJ2alRqdk9pMC9CNHlIbjFh?= =?utf-8?B?MmhFcmhiYllma1FHVllWR1grZ2dyb3lNaDZZTFZIMy9tSEg0RnBiYUhpelJE?= =?utf-8?B?ck5PMFJxeXd4Slp2Z3JFOEQzNXJEY2YvK3JTYWZBRXBtQlR2ZC80MUk0TEtL?= =?utf-8?B?YjVVZ0xSeDIyUDV5bm56RFJRSXN0c1VkQkxKK3NoVDM5MDNsQ1d3VHRVK25M?= =?utf-8?B?N1gwOG0vaWpXNDBhUFhCbGs4NVFsMHgvN2dUQlJ0aFB0K2NBN21GV2VzVldF?= =?utf-8?B?UEI3VzBTM2kvd1VSOEdXNU9ENFdQOC9ROEtzaW1wVGhxQXBzZnB5b25taFc3?= =?utf-8?B?eUFnR2NyYUsyVzl4R05nWm8vOXoreXYxaFJmUTk5VDRMQ0N3U2NwUFB4cCtD?= =?utf-8?B?U2NxMkd5L2tQNDVMZDIrYnNEcXgwRzZoWHN5L0l3eWlQV1pXUDNTdU1SVGFP?= =?utf-8?B?SzZnKzVYRXQ3M29DUktWdlgvWklJMG1kejRYYVIxdjZhQWFMK21hMlJNakl6?= =?utf-8?B?Rld1N0duUHVzcnEvOHF5UVhpRDRZRCtRK1VRS3dnOERrc2lUekJrdmRsdUZX?= =?utf-8?B?QnFQUGowZnpRM2RIQ0tWTkdpYUs5dTBOTDFXN3VjUldWdVhGMGYzaSs0bGwz?= =?utf-8?B?QkZ3S0tzN1BrcHJlaCtXOGMwZ2h6MGkySCtrN0hUMFJicnJ2MTZVbTBFa2ZD?= =?utf-8?Q?jryoVqhJZ6QE5?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: e4946408-4235-4246-e2ba-08d94ad20781
X-MS-Exchange-CrossTenant-AuthSource: AM6PR02MB5112.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 16:26:58.1135 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fU4eZDKGnZHWUcxj3IPOXpLrtT7+OSrWG8OOe1aGVC8JTomr1dcVdlXNL2jXvysn
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB3717
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F_lyaFz7FVn3cb4hNkRnq98aIJw>
Subject: Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 16:27:35 -0000

Hiya,

On 19/07/2021 17:17, David Benjamin wrote:
> I'll add that, in the context of cross-domain tracking on the web, this
> draft is a red herring. Remember that web pages have subresources. That
> means looking at the destination domain isn't useful because two different
> pages can embed a common destination domain. So the same concerns exist
> with RFC8446 (TLS resumption), RFC7540 (connection-reuse, same- and
> cross-domain), and RFC7230 (connection reuse). That's why we need a
> holistic answer like network partition keys from [FETCH], that apply to
> *all*  network state. That answer applies equally to plain resumption and
> this draft.

That's true but isn't that also the old "adding this
one new way to track doesn't make it worse because it's
already horrible"?

My preference is to not add new mechanisms that can
enable cross-domain tracking as this one does.

Cheers,
S.