IETF Logo Mail Archive

Re: [TLS] Alternative ESNI?

Nico Williams <nico@cryptonector.com> Tue, 18 December 2018 03:01 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8725130FD3 for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 19:01:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njkh87IwEAqC for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 19:01:28 -0800 (PST)
Received: from bonobo.maple.relay.mailchannels.net (bonobo.maple.relay.mailchannels.net [23.83.214.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93210130FD1 for <tls@ietf.org>; Mon, 17 Dec 2018 19:01:28 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 22F725C1FC7; Tue, 18 Dec 2018 03:01:27 +0000 (UTC)
Received: from pdx1-sub0-mail-a30.g.dreamhost.com (unknown [100.96.19.74]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id C9F7C5C3921; Tue, 18 Dec 2018 03:01:26 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a30.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.2); Tue, 18 Dec 2018 03:01:27 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Befitting-Belong: 29123d550d492dfb_1545102086971_1856553253
X-MC-Loop-Signature: 1545102086971:608159529
X-MC-Ingress-Time: 1545102086970
Received: from pdx1-sub0-mail-a30.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTP id 760DB80F2C; Mon, 17 Dec 2018 19:01:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=t4miV9NRuBx4te sZKbyRPDjcAh0=; b=KWQT17Hs+k2V0C4GVMg/KDj2gOlrVngNE8edub5WKLRcA8 4u7I+th7wWuqpEAICXpJbhPcopZPObgij08CmdN+LP+e58jT6tzH3fBFubfXcgEZ n9HULQ0GI+l/bcs6lGzKKRaggLRAsrvRa6OoDI+sDLcxnhH6xXoA8WX/ScjwY=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a30.g.dreamhost.com (Postfix) with ESMTPSA id CB6E580EFB; Mon, 17 Dec 2018 19:01:24 -0800 (PST)
Date: Mon, 17 Dec 2018 21:01:22 -0600
X-DH-BACKEND: pdx1-sub0-mail-a30
From: Nico Williams <nico@cryptonector.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: tls@ietf.org
Message-ID: <20181218030121.GM15561@localhost>
References: <20181215025346.GJ15561@localhost> <d297696e-5199-779a-697c-a5c3249555f2@cs.tcd.ie> <20181217233313.GL15561@localhost> <3e297d53-9125-98f8-e4db-ef82640e91de@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3e297d53-9125-98f8-e4db-ef82640e91de@cs.tcd.ie>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrudeigedgheeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GC0UJLDygcL-eo5Yz_o15ksKXTQ>
Subject: Re: [TLS] Alternative ESNI?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 03:01:31 -0000

On Tue, Dec 18, 2018 at 01:58:53AM +0000, Stephen Farrell wrote:
> On 17/12/2018 23:33, Nico Williams wrote:
> > Maybe we do both, the current ESNI proposal and this as an alternative
> > for when ESNI keyshare orchestration is difficult, and in that case you
> > don't get to do split mode.
> 
> Interesting that the above overlaps a bit with the PR davidben
> just posted. That seems promising.
> 
> That said, I'd bet we're all generally unkeen on "do both" but
> maybe the above-mentioned PR avoids that by casting the HRR-mode
> as way to better handle a likely operational failure mode.

I have no dog in this hunt, but ISTM that anything we can do to simplify
deployment will help a great deal.  The ESNI keyshare orchestration
strikes me as a big impediment to deployment, but I understand too that
adding a round trip to every initial handshake is a bit much.  A
combination of options, or some new thing -- it's all the same to me, as
long as it gets us ESNI.

Oh, and not just ESNI.  I also want the PSK identity payloads for
non-resumption handshakes encrypted.

Nico
--

v2.23.0 | Report a Bug | By Email