Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 19 July 2021 16:38 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CA133A083A for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 09:38:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NyKOIxX7ftnR for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 09:38:36 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2129.outbound.protection.outlook.com [40.107.21.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E0E3A0832 for <tls@ietf.org>; Mon, 19 Jul 2021 09:38:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nW/YwMMo15UFacXC8NgET4NWLPgR9JfW6F7uLd2ClCes+UvYRW7zf1dCAm18eZxjEbQIo7IL6woBp69CzuUWlAbHpNTol2FIoILEKJ4G8XoJakbv4IMxKJbzl7brc+wRAfiKAStNwYL5PUUMmQZ0xVVByt0Up2R36Zlhw5eZk2zR4KoO/iwlRrMMVKJa56dtrKvctTwuSf3kHYd90gq6l+PeMm6peYgBsW73WmfO+qL5GlMz9NXu4DSFfhnYLwNcLhSPgeozxbHDDwRn0v4m6D2j8lP4ruMzgYJIE3UXQsu6+VE+KcTrdCnutXiqHtdFQzPbPeNgrUG1by0vMeJQqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DA3g6aCFLq/P5oY6Oytt+DOa0D4bzL7hKzKD8qjRw4c=; b=fJfnf11yTIJtvbVdmUS4WeXPUHkETlTIVyceSt1rV4XwxBp/W+m2h8ZNUcnMUlIOXItNoMuit4rYxBF/GxcgxMQeY5sFUXT/ddOTVzrjs2enY4KVSf3EHxhEbGByE76prrxFLzg89vkjIXcnnrYUaDM4l1Xei+LJbB5lB1LSNpO+O+9nhOaxZMh4cXzNI3YlphMWo6FKHedHI9CmPaFYfaRRl2tWmWrpgggUtYVn6Q+DgrvC7iYZmBD6ia/Z6zxBgrc2KJz5lY8VjJwnqclBgQGmsmX8GR626IEgA2pBEf4L4kIddf6b5LBGdGikzS5CnQyypQLoczM4g8QSjFraoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DA3g6aCFLq/P5oY6Oytt+DOa0D4bzL7hKzKD8qjRw4c=; b=X2uVzsXROyV+7OJ5q0yGC+wKwbzQ38pX8bQxOXaG1KFGXoZPAcQyNvmIxhe0cYeilvOyBKdVAQRH6QjpteIOaR+MHewjF53wW1+1obIr3wyEJaCFSwreLKaBlIX8aoE1keFrSXMAMR9eRmMex5OBx9B/0FEcgjae7b4FZxGNeJiSQeLxltqoflU7GDYumyi9opm1Z5ORu2DRdmOfBjlwCic3ZyILCiMvLoEp4MUbGfjYyjCAVQfYoXZFkGUOlcLluKLMTMGXU92HzkXCfxXPybdxm0KyY3gllQi54lViBkgOuipzcMrET+zrh7Q5gjLbZtCb6qq+M0Zgi0NwIx30fw==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from AM6PR02MB5112.eurprd02.prod.outlook.com (2603:10a6:20b:90::21) by AM6PR02MB3719.eurprd02.prod.outlook.com (2603:10a6:209:37::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.30; Mon, 19 Jul 2021 16:38:32 +0000
Received: from AM6PR02MB5112.eurprd02.prod.outlook.com ([fe80::c0d5:2359:eae3:f5d4]) by AM6PR02MB5112.eurprd02.prod.outlook.com ([fe80::c0d5:2359:eae3:f5d4%7]) with mapi id 15.20.4331.032; Mon, 19 Jul 2021 16:38:32 +0000
To: David Benjamin <davidben@chromium.org>
Cc: Ryan Sleevi <ryan-ietftls@sleevi.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "TLS@ietf.org" <tls@ietf.org>
References: <0ad354da-5300-4b48-8925-f7ab18cdf235@www.fastmail.com> <5D834B58-7A0C-4701-96EB-31663BC0C2DE@akamai.com> <2c7c53a8-cf47-f51d-f97b-f6cd5a712024@cs.tcd.ie> <CAErg=HE92wz3-aLDSfNWk_qJA35+V-euUvtW07HKA=B7CVB3iA@mail.gmail.com> <CAF8qwaDKScDihLVHTahVGqwZjU3U1OXwpsygR=SXMt_3rEOZpA@mail.gmail.com> <80e47f63-725f-ad39-5add-161e6e299fba@cs.tcd.ie> <CAF8qwaDzH30--4UE_hA3RHMfcw9V2Z4Hmx-vuQ6AJy3e6BiO3Q@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <9bff5f4d-e2ce-c046-5515-882b45079ef9@cs.tcd.ie>
Date: Mon, 19 Jul 2021 17:38:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAF8qwaDzH30--4UE_hA3RHMfcw9V2Z4Hmx-vuQ6AJy3e6BiO3Q@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="nytcB2ECwWAlwsIwfG7C2H7lLRmn4q9WN"
X-ClientProxiedBy: DB3PR06CA0016.eurprd06.prod.outlook.com (2603:10a6:8:1::29) To AM6PR02MB5112.eurprd02.prod.outlook.com (2603:10a6:20b:90::21)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:a38f:a588:612a:945f] (2001:bb6:5e5e:b458:a38f:a588:612a:945f) by DB3PR06CA0016.eurprd06.prod.outlook.com (2603:10a6:8:1::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Mon, 19 Jul 2021 16:38:32 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7dc8015d-05d6-461f-581a-08d94ad3a567
X-MS-TrafficTypeDiagnostic: AM6PR02MB3719:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <AM6PR02MB371900D02E1203912E5052EEA8E19@AM6PR02MB3719.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1284;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: dFhUpiyifpqGYHjtX1i6FozH0+BrsqzD0Hcmmo2gUOZEK4JalYjwMSnR1wJcFLp43J6bvk5eleqCIfVBKQ34cmpq9l7Z4FQ/T/0+dwwUMEZzx/NwKKcldST5a6WOOLYcwN+USsCTs8ONDbxmch50LUnzAcd7wRITwBjUEI/hZCrEXoQQOmRybHxiLhf2mCzyaiNtawQ8+5EKpmU5RKKWHAFmfkF7LzffCps0wMmBvb+EYTNl07xJo7LH32EpNr6lLQJ448MqCN125P17rE7ndD+0TN/d5Z6ZzXvVzEhlv8NHHpNVLXLfxh8D0bcpcUulL6GKmSUDlrelWzRF61HOxLrmsoYDZ4xm5h8gCkzEFMvv2ZTN2w+cugi3ZR9BDeOFTqwBIeAQTz7Hnwp7h7/meRpYNTvDh1tNLCap8w3HUTJoS4Kb9J9YhvpnrR5w1xdz3RVlr1zB9p2FR0TQFGXDVgTI2l4ZzFT9n0mu+qg6lCmvq4/vfinYkOz3IpP2WomAo2gaw3qwlvC691thIx4qBzMwA2nWUFDwD16v1F0nzElJTdSMThFJobDgEP4Kc5v1dnCurIRfkRmmTUhvwKY3SC2HsoWlMZ/U1q01wCs7IlEBZfZPKeHrw5vPH70Q4p9TGCuJYN87xqQH1pJj0MdEsu2S7q5W3rOlrNXdzYZ3+ut/ZhF7I/2WGaK2/LBUhdj2IfEdefd1bov1bxq5Iur0RDpHt9catS9NdBJo2T63R2U=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR02MB5112.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(33964004)(6486002)(8676002)(786003)(21480400003)(2906002)(4326008)(83380400001)(36756003)(186003)(44832011)(53546011)(6666004)(316002)(31696002)(66946007)(66556008)(6916009)(235185007)(54906003)(31686004)(2616005)(508600001)(5660300002)(66616009)(66476007)(8936002)(86362001)(38100700002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: GKg1LWdzaeT+hByAKYYtymBxa/8DnJiRj9ltWuYonjvprbjjGs9om9aPudnbIawcjik/nUZ+kN2ciocdzvgGbAEuXa+VbaMCOI3k6/fAS3zdSxxUDl/EPC94bB7dsm3B4aOlsdYzLi2dhtYs5Chi3f9LPtG7hCJW6FmvlNkDGh6WNRnbDFwJiuEQ0VwV4R23QFBlhMWTnd5UxABPO25d7ginNzbygIkz/bdhH65VyFTxMTb4Q45S9ojSrXy8xsD/o4z66r5HV59z+oq7mdA0Jv5MJ846SnxPbNBiwEea8ghp7AnBQQcHnxI/4RcsBBnSWiwWBu5vtfy6XkazuF6VZoCuVYvqg3SzxBYp4TxLqSt9x9UYGa2bwBnCojn33GVHs+61+tYIpXZavyCOoYSvR2Zt+JzdFExaoIHGrv+nXksakWxyqmdb3e+aA6yHtk9dQFrgxOMmC0XGXt+N6aWNRp14Rf8Pc8JmLw4Vsz2QdsLIKs4jNO+3JpwMbuQfBP78OSXiXZCmcQ6FNJgk541Td5VpANodYkPKq0B16TlqgBmFvVxXk/8up80h2hPzD3LYbuKcbRwT46fxcJ0k+EmyqpvRMiiXLSS68XoJALJhdN2ttxGz9FXqgwDwnoLKPZscN6C7ZtJrLYXgWf3n0oVSdkPZ2qXFY0uV/vYc7ODHn8vEGH12ezlO+oXRqIgSnWVbwdSobWMYD/Q8JaeA+1BPO1R7hNIpv9MZLQjxZsnyVx9Jr19tLfGbGA7U6aAvvDCKMvpvYLa+/WKqLpf103FrXXQfqSJmF6AraMgo5EPajs0RlmLWUwTL4Y1Gk1kaxfx2hH3jk5UhQmCtIMy8OIyxvwUOGjYhha4o1cAhXNb+X+Da1TuRUFKDrDaU3f2BdrB919bLVTZaSgyiTtaTk5cileeJ9edJZph5BpDPwgj/MyZcdIxBMJwYtlenduMQZsO4iGuV2tHjV5eRi6izdaAInFBzYs+HNuKvZI8BQUfAvWM7R6/PUaAdoM2iozPqg8Y5eDL0l9Ex3jfzhff8p1AnfZKkWWTnPcdJ3ZWout1fmHHEFIe77UDhOB3AV7UMi0qTXJY6hnEAdTBKh5klcsR3NCWZPxPZt+BYKOggqeXGpGA6Wvya0qZZkeNH6EfXTXiYFwmFtOAgEw3h0exf/chqEX/xvDTs6kgo56YZ3vrjXcx9SDU1IOZ7khQ+qAyQQXIPuc2J/EYFYYAWmt+A09Hlzh8aYOLRqjWZXabj8qYYP6Nkn4RPTkEOrzC7487sS0XZLuhM5YjqGM2/CrwbPpDDeCg9IRsoIt46CNU1FTuw7kP79+71lAE+pWHlJnh326jZvjOjWSOvljuBPw+74VE8rYTnuv10gtBuAvk7QHMtM/4Q7rn/eiY9RJvUANGexgXZ
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 7dc8015d-05d6-461f-581a-08d94ad3a567
X-MS-Exchange-CrossTenant-AuthSource: AM6PR02MB5112.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2021 16:38:32.4813 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 9fhs/ZV6hQXDx/paW4cgJId/Bn0cGnfIfjQGs6hdVvmfLwDVJ8bnLJbjHCjGHVdB
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB3719
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Gb-DkoDEa2Kfe_oyFY2VtnPQXTE>
Subject: Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 16:38:42 -0000

Hiya,

On 19/07/2021 17:35, David Benjamin wrote:
> We need to*both*  not add new tracking vectors*and*  mitigate the existing
> ones. Doing either one on its own is not useful. That means if the existing
> mitigation for the existing vector applies just as well to this new
> feature, we have not added a new vector.

I think that clarifies where we disagree, thanks - i'm
not convinced that our existing mitigations for tracking
via the web, or otherwise, are anywhere near sufficient.

S.