IETF Logo Mail Archive

[TLS] Encrypted Client Hello - SNI leaks via public name?

Raghu Saxena <poiasdpoiasd@live.com> Fri, 06 October 2023 09:46 UTC

Return-Path: <poiasdpoiasd@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D0BC15152E for <tls@ietfa.amsl.com>; Fri, 6 Oct 2023 02:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.203
X-Spam-Level:
X-Spam-Status: No, score=0.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41odU0fbPYRV for <tls@ietfa.amsl.com>; Fri, 6 Oct 2023 02:46:14 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01olkn2143.outbound.protection.outlook.com [40.92.63.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67D9EC14F736 for <tls@ietf.org>; Fri, 6 Oct 2023 02:46:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kFczrk7NcRLvjv1I/495j+BZRKUvxO2qdV4G7DP1E1J3ok/N3esXcYEBZXv/wkkqCm42HFzVVVXiOvK8ECM+dsLV4CTVQs2NOrjwKAy19IrgB+V08L+13qauzI5W/KelfdLfcfhjTlW9Qod2Yt/hdwAx/nR78RlY1tK88XlXWgKgX9WFPqmNcRHesFHUH8gN4g1BmEI/c/TccXhy4Y5iIkFRjLgDO6aSlIVdOAlg10i7GP8yspPve8mPNYwNrgYCA+alqKPeq7i2MT/G4uw4uUAHRpQIHV4miWxiK1ZwUOnJv5HqwJet4z0bk8CWUSb4xBPmSPqbDAy8taItYUhiVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gWAIav8UV5AOfJ81Fw948BnsWziUtlqiIgmiyJDFIZI=; b=Gpv2psjMoWaYX+qBoNws7s9wlU188H5oLRKFK7LUOb6A1lmf4hOLddvw57HZos8OwyDgiiL60w9L8iV48Z5xYgrqtpt5/h0tH5ZuWWfkzqPradVqgoUy01JC94NgYIGxHgBjCHaPwb7eK2+SsPMadvGKqdpu4HVEOg7ONNp+jlICFn5UZt2IKNTwcHC1LhL2gw9hFHrHrV5TvChgI/Cjsc0s16dZvC8PHhZ/NuRx8oV0CTqoiG9JIntLBvZn4nx+pRdJsyiAL4fd+pT65gTJbMCs/75MZhj1LJzHAgxNXLq2i+DWvQkiNo3w14N6+HSV6YtD2RYBPR40ThkBov19Nw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gWAIav8UV5AOfJ81Fw948BnsWziUtlqiIgmiyJDFIZI=; b=rO2GDxruQJp8Lw0DRM6ZsqM4Y9MaIPzoosnxv/Ew9VsQwRE3xtg+MA3tnfrLraHX/1qc10eCrIwKUt12nP8Nl/pmJeNg0Z47OnRnYRCYACGfuqzZansYP4RLSMKem9FIudzN/+Ynn91cT2cGnp+myI2uCFHRCOhyDAkyxziWqrFdIN7qo1IWRkOcS/2ixwgoxUX3G3v2wAGSa/iReT5JLkHI3cPCioLFjzfjt+O1zRlRsfFjG9rleknXydcQIsetIWB71vHSuRsoUsblaLq9yUUNhqXMOAAImr69FcZZf255hYeF+Gxa7N/xgSIWRu7sRnS3HLLCP+DHu0nNQtl4ng==
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14) by MEYP282MB3594.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:17a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.38; Fri, 6 Oct 2023 09:46:11 +0000
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::def6:c33b:510c:db9a]) by MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::def6:c33b:510c:db9a%7]) with mapi id 15.20.6838.030; Fri, 6 Oct 2023 09:46:11 +0000
Message-ID: <MEYP282MB3564BA44154517A56B94B1EFA3C9A@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Date: Fri, 06 Oct 2023 17:45:59 +0800
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: tls@ietf.org
From: Raghu Saxena <poiasdpoiasd@live.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------pOmLrkVLUTzwZv7n6Q5zwFPb"
X-TMN: [B5W8VlU2rUWCa+3haqDuoHxhJk1okYJK]
X-ClientProxiedBy: SI1PR02CA0050.apcprd02.prod.outlook.com (2603:1096:4:1f5::12) To MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14)
X-Microsoft-Original-Message-ID: <59b0dcab-1b54-4054-a3c6-5315eb9e56ab@live.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MEYP282MB3564:EE_|MEYP282MB3594:EE_
X-MS-Office365-Filtering-Correlation-Id: b09f4a5d-b0bb-4208-47ae-08dbc65112ab
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Xx6PuPuPEa4W5ZLNG3dx8Z6ReGif/ySo05jv2Ke5pOaCx6z/j2xhwCMUdP3Bq5PyTIuRFvmLtYTgdg0go9YYF9HZePUD0gF094CpT+1Wmc7kj7M7u8HhV6SGFmJhr8MjlvJyIu3iDaLvJF3lc+Rl35N16/1QpqpC9QFGd8cxIea8NWhh/PfZRHY3Npxmdy94Db1Y0Ni3nmpqyFLc6vwdPxL6G5duoRIsZFNzTX4Uyxs5TuyLR59EZ8RYcLAin442yAEFKu3u4HJwHGRh6RDf0urJ5kOYkvN5m0BrL4Cme+zkAeHbn3b/5CDfv+PfRuEHSHKAwsna03EomkGXSKN5tA6Qg0/ySXb2SAAh6NwM8/h5oYJ2gFYjUbicMRPZ77jgyCE7i6kNcr9D85rv9WUeP8ohODSKZtfGjZOzM8Xx8004OJOJJbz43zqCeaaTO07gr2PgN51kTEXjyNWtE4NaLwblQA+wuXfdUNVElsLyTz6jUBz59tGvNH08u2UY1N/KKi2h160d9jOOZE4cw1ZKvAVkILSdEzD3c+ecJ//b3m9TDVwK7+CQk8TvgIWBzWEP
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: wA5aaeqf7c810p5Yo9GNJ7NKmad3ek51fNW0VUGAyXsImzwdjW19AZhJ+ikEz/0bh/U+FoNZv3O6EGbZndygVEXw3+y9r0B5lUD+KWDxkXY3Y8akGdr0lzbguRvqYKIfEZT7icACcvZcU/9aUQMl2H7dI4sFP0ersoWG5DYTmVUDOHcqQjjs7XYQHIp2isSjwe1ATfLKQqO7Lqm0TgIJz6qY3wZgm3PCWgj0fOq9V9p64HehKub4Bqx31c29zCc+4Q/TJVbJgpSd/qjOzrg3o5ucvc6xeTuZyKvBv19Rx8nm7zvEwQtcu27GvLyGlRj1kw+YsF3kAuGbx/kaopxt7OFiR7p16TVaDx3WvzGHaEulcsvDH0wabEOuQLhwtiw3zHy6XDlagCLC4ff4OOX3b/wkHJHN558y2Uv4Av5Ht/s1GtQfGir1tvLy+hwZg3noPFbjb8aM86c5+jPiI9WyEO4LpaqzvpdGSgHgqShL4yEWJpB2t9amNgK1oSyOzZG4xq976tszoZCTAEfbbWfBAsgEKr6ZvrDzuyBk6mbW2HkoZs8EFcPYNFYD5bteazsBpaYFXn9hngMxKLUO82uKzgA3pDoMtvJ+0n5LG+/DrgwbN4jrqOUKU2/znKn98wDqDvr0ncGXVPjbfJ5XsuF1BrxL3KLtjepOFc0GsVyXU8+cif6sdhOC83lKme3zsL7ih0c7IzvFB+F65JCIilVjBMw9sROAo4x4V5b9B/TylYeBHlrtIT6BnWRFll1YY2J7FKx5dRVh0UJF7MeqjZ7TzL6GGQZELy+CJGAgMMULsRrNlebMcmTToCygQwWfcJaQz0XRCLeUUMR9Qbp6Qasewae7+538dWG25phLA5fQssh9XV/UdFENJ86BZ2vXScCSoUZQ2806LIErirGQozOFvnmYTpy+pQ0nVbLKCdM+s7NxZ6cy2gp7yd2h/8h1ESckmEAKXylY71H/kAQIkFeW/NMski+O2cJL4Dlsk5bH8xH0aQkiYGkYA4UBvW0GAgyCtq1VREdCJi9uNCcO8gf7E0ojW/EH6IsRScczO/KdTS3NmUIWcSrb5IAz87h+5woEyda6+WP9pm5UT5XKXV8mhTh1VVneEWKK/DUZUX/xh39vp4fl6M+E1AHOuyoHSqJ9UzeE4NBBnpqXI/wZF2lc06R/KFjbhbCpnuh/mzmKpufs3UuAu3XaUxyiVZWEjPDJLYG4eFaclO/c4iNL61EhgQ==
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-746f3.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: b09f4a5d-b0bb-4208-47ae-08dbc65112ab
X-MS-Exchange-CrossTenant-AuthSource: MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2023 09:46:11.6010 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEYP282MB3594
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HUG1CU0Q4PorZ7fD0yafVfj7VUY>
Subject: [TLS] Encrypted Client Hello - SNI leaks via public name?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2023 09:46:20 -0000

Hello All,

I've been a huge proponent of ESNI (as a consumer, not developer) back 
when it was introduced as a draft, with firefox support (albeit behind a 
flag), and it being enabled for Cloudflare customers. For me (and people 
I introduced it to), the purpose was to bypass SNI based blocking 
utilized by Jio, an ISP in India. By enabling DoH, ESNI in Firefox, 
several websites previously blocked by DPI would now work. It was 
unfortunate when ESNI was "dropped" for working on ECH, since the ESNI 
trick to bypass the blocks stopped working.

However, now that ECH is nearing completion, I've been trying it out, 
and was wondering - what is the best way (as either a client / a server 
operator), to address SNI leaks? Specifically, I am concerned about the 
"public name" field in the ECHConfig. For services such as cloudflare, 
they can "hide" everything behind a single domain (e.g. 
"cloudflare-ech.com"). However, for someone who just owns a single 
domain (e.g. "hub.com"), what would the "suggested value" be?

Section 6.1.7 implies it should NOT be an IPv4 address. If I do not wish 
to leak the real domain, is it "acceptable" to use something like 
"fakedomain.com"?

If the public_name leaks domain in anyway, I think it would be quite 
unfortunate, at least for bypassing DPI-blocks. From what I understand, 
the purpose of public_name is only if the server doesn't support ECH, 
but if a client retrieved an ECHConfig, why shouldn't the client just 
skip this field? I fear it will become a situation like the initial SNI 
extension - even when websites do not need it, browsers' TLS stacks send 
it anyway, causing leakage.

For instance, in India, a popular website, let's call it "hub.com", is 
blocked via SNI. However, the website itself does NOT rely on SNI, It is 
possible to open a pure TLS connection to it via IP, it serves the TLS 
cert for "hub.com" so the handshake can be completed, and then the 
website will load as normal. I verified this by manually using "openssl 
s_client", WITHOUT SNI. But since Firefox/Chrome will always send SNI, 
the ISPs can block it.

Wondering if you guys have any thoughts about the public name field, or 
perhaps I am misunderstanding it.

Regards,

Raghu Saxena

v2.46.0 | Report a Bug | By Email | System Status