IETF Logo Mail Archive

Re: [TLS] ESNI GREASE - answer needed?

Steven Valdez <svaldez@google.com> Mon, 29 July 2019 22:32 UTC

Return-Path: <svaldez@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BDF21200B9 for <tls@ietfa.amsl.com>; Mon, 29 Jul 2019 15:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N_DWNMPKypsl for <tls@ietfa.amsl.com>; Mon, 29 Jul 2019 15:32:21 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F4B81200B1 for <tls@ietf.org>; Mon, 29 Jul 2019 15:32:21 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id q20so64171076otl.0 for <tls@ietf.org>; Mon, 29 Jul 2019 15:32:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JmqsXRNakTsoBrT+BWdf3NDSkzSWHZeHufIvNgYQY58=; b=uRotqM2TsLFXVYv4Gq+RutnXHQARrts2RTwylmA20qqOxG884XBfiHnBIKj7UQvDCw sg4kdzdxAVDY69h4lseHvRAHjXXWDDn6G0qXeYST+Zc3etUOqisvGW2alKhAl4dqKtEr xyJ7IvmCbgXlXObHrJbdzhmN6A9Ho75MwjuPfXW615Amz5zW+P3JZrohrt8o+ZWrF6kf cPdCbqrUwBov8CA9fYT+8dKk0JX3aefCOyyNubypOQFUjibiafehwy41cKdB0uhG+Vd9 cobL5EGL9hqZT4Tb//ID1OpLj/27DGayfdGarcrJLzPlZcKq6naLoOu6RvQXtN28ugiT A+Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JmqsXRNakTsoBrT+BWdf3NDSkzSWHZeHufIvNgYQY58=; b=HchbXiHg8Eet7U19g4FiZbtdl+r4FjMH4305T94WO28MEdOD1UpUU2eey4nfoKlSUh bNdg8onypC4QfQmkM8GOjIRSKIL340ewUCweT2KVhjfZQHMTu+wLnPWjnuZEwllQAbRr X+WFlWoB5FXjgbTJ3BHdX0bzJYqjk9VQi312kSmJWe58tLIk2LflMCsKGgxHaghxoJuR Zf9mm0ar2XGaFGhwvgEUrDNQAIlvmTTdXWNPcYVQc23b/8Nv4XmmoaVaAPFE8Txg5wUt CvnXk9Cbf5LHR0nAz3OrlpKdQ9CNZwFEXgYyz5qz29luQTq400cJdoS0AoaIAiqnbDNb y72A==
X-Gm-Message-State: APjAAAXAbvZ61C2FpKF2P8mcTWIzFJhLXkKzZqOf+i5qP8WbA2bxH29C LydHmmAvJasG4Mjd1KDZfhayRg6eodKwxK0I/87Wn25V
X-Google-Smtp-Source: APXvYqyfevPdXQNrklJtK/hYkQeJ9f5LbHLFvZZdQ0uuGhHwG5AePcdPL2ua3DSY1DHsLOpFW14MbXF6zehaSaL6n0o=
X-Received: by 2002:a9d:744f:: with SMTP id p15mr3201940otk.287.1564439540713; Mon, 29 Jul 2019 15:32:20 -0700 (PDT)
MIME-Version: 1.0
References: <8c903f04-7605-be98-5813-688d1ef88c55@cs.tcd.ie> <4b2de58d-1957-ca48-59ab-521e7a5b510f@cs.tcd.ie>
In-Reply-To: <4b2de58d-1957-ca48-59ab-521e7a5b510f@cs.tcd.ie>
From: Steven Valdez <svaldez@google.com>
Date: Mon, 29 Jul 2019 15:32:09 -0700
Message-ID: <CANduzxAZxzniBstSkUdtFz9sv6m2H7Ak+Gqt5TpxO9YqQM5pqw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000191c82058ed977ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/K-m5uZwddpk3UWPpedolhR7iT4M>
Subject: Re: [TLS] ESNI GREASE - answer needed?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2019 22:32:24 -0000

I don't think the server needs any special logic in the GREASE case?

If the server doesn't support ESNI, it won't respond with an ESNI extension
and the client will continue the handshake as normal.

If the server does support ESNI, it will send an esni_retry_requested with
the retry keys (since the client's record_digest is bogus) and then the
client will continue the handshake as normal.

A server that doesn't have ESNI keys configured shouldn't be responding to
ESNI and should instead just ignore the ESNI extensions (as if it didn't
know what it was).



On Mon, Jul 29, 2019 at 12:14 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> (Non-stylishly responding to myself, but sometimes you
> gotta...:-)
>
> I think I understand this better now and while I still
> figure a change is needed I'm not 100% sure exactly what'd
> be right.
>
> The issue I think is that draft-04 doesn't cover the case
> of a server that implements ESNI but has no ESNIKeys setup,
>
> In that case I think the right option in response to GREASE
> (or what may be a real but misguided attempt at ESNI) is to
> randomly return either a 16 octet value or a value that is
> sized to be like a fake ESNIKeys, with e.g. 70-100 octets or
> so. (That could be encoded into TLS presentation syntax in
> various ways so I'll not suggest one exact way for now.)
>
> (Before I waste time coding that up:-) Do we think the
> above is correct?
>
> Thanks,
> S.
>
>
> On 26/07/2019 18:31, Stephen Farrell wrote:
> >
> > Hiya,
> >
> > I've started coding up the GREASE stuff from draft -04.
> >
> > Aren't we missing some answering octets in EncryptedExtensions
> > to make it harder to tell if the CH had a real or GREASEd ESNI?
> >
> > Maybe something like:
> >
> >       enum {
> >           esni_accept(0),
> >           esni_retry_request(1),
> >           esni_grease(2),
> >       } ServerESNIResponseType;
> >
> >       struct {
> >           ServerESNIResponseType response_type;
> >           select (response_type) {
> >               case esni_accept:        uint8 nonce[16];
> >               case esni_retry_request: ESNIKeys retry_keys<1..2^16-1>;
> >               case esni_grease:        uint8 grease[16];
> >           }
> >       } ServerEncryptedSNI;
> >
> > Cheers,
> > S.
> >
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>


-- 

Steven Valdez |  Chrome Networking |  svaldez@google.com |  210-692-4742

v2.23.0 | Report a Bug | By Email