Re: [TLS] Authenticating the client-facing server with an IP-based certificate

Carrick Bartle <> Wed, 21 April 2021 02:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1CEE23A0A34 for <>; Tue, 20 Apr 2021 19:06:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 41nelcRmEs6u for <>; Tue, 20 Apr 2021 19:05:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7435D3A0A2D for <>; Tue, 20 Apr 2021 19:05:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=1a1hai; t=1618970756; bh=AvvqI3XlkDd5ajxVQifn0/XxTCwTku9z37xL1XQdVUk=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=ReL8M4jFQulduPkN7/p2QsJ2E5mPgKUBRA4/9qFQE6sV+P18AwYIre2k2/hdpAV7P 6nsRxvLGulW/cy8pfuWyf7u/J6jeKqlsVAMpNW+iWny+p/4Mpdne5/45Xd35/QEQ5E c6eETFOQ4c+Qp5kfBTpgGjAKNFOKliHcKdSWS174B9pIgS51Y0Bd3OVW1CcmhwGTYg 68jFUBL58wg4/7PZQe6wK+iE7nMgupgq422r64s82zdvOhnDM/MCE/nHD9IbNRoOxV eaQLKM0ELDrfT789sIfQ2Hg//9SORGulkwlRDhpi8gw9pPxDirTsN6nz1Yiwmg9jxW bc3GWfaebWong==
Received: from (unknown []) by (Postfix) with ESMTPSA id 7FE7B4A08B3; Wed, 21 Apr 2021 02:05:56 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
From: Carrick Bartle <>
In-Reply-To: <>
Date: Tue, 20 Apr 2021 19:05:55 -0700
Cc: Martin Thomson <>, "<>" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <>
To: Stephen Farrell <>
X-Mailer: Apple Mail (2.3654.
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-20_11:2021-04-20, 2021-04-20 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2009150000 definitions=main-2104210015
Archived-At: <>
Subject: Re: [TLS] Authenticating the client-facing server with an IP-based certificate
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Apr 2021 02:06:02 -0000

> In general, I'd prefer we get ECH deployed for some major use
> cases and not try fill in every possible niche at this point.

That's fine with me.

> On Apr 20, 2021, at 7:03 PM, Stephen Farrell <> wrote:
> Hiya,
> To answer Chris' initial question: I can't currently think of
> a real use-case where the client would need to authenticate
> an IP address for a client-facing server in the event that
> ECH decryption has been tried and failed.
> And, I very much sympathise with Martin's goal of simplifying
> if we can. (E.g. leave the public_name as-is and as we've got
> implemented, but drop the extensions field entirely - I don't
> think there's a shortage of code points for new extensions if
> the first ECH one doesn't quite do what's needed.)
> But I'm likely not the right person to ask - I'd guess that
> the people who might have a use-case for this are smaller
> hosters where the default listener on 443 is very minimal. I
> don't know how common those are, but I'd suspect they are
> fairly rare. And likely those with certs that have the
> exactly right IP address are even rarer.
> On 21/04/2021 02:48, Carrick Bartle wrote:
>>> I'm not sure what you are implying might be impossible.  Are you
>>> suggesting that it might be impossible to get a name for which you
>>> could get a certificate?
>> No. I'm implying that if we don't allow clients to authenticate
>> client-facing servers with an IP-based certificate, ECH won't be
>> possible in cases where the client-facing server doesn't have a
>> name.
> In general, I'd prefer we get ECH deployed for some major use
> cases and not try fill in every possible niche at this point.
> ISTM the overall win here is that we end up with ECH working
> in many cases, but don't need all cases. And there's a danger
> that we get zero cases if we make it too complex.
> Cheers,
> S.
> <OpenPGP_0x5AB2FAF17B172BEA.asc>_______________________________________________
> TLS mailing list