Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt
"Salz, Rich" <rsalz@akamai.com> Tue, 02 June 2020 18:45 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A2CC3A0CCB for <tls@ietfa.amsl.com>; Tue, 2 Jun 2020 11:45:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSuh4-kZKgh7 for <tls@ietfa.amsl.com>; Tue, 2 Jun 2020 11:45:11 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B2203A0CCA for <tls@ietf.org>; Tue, 2 Jun 2020 11:45:10 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 052IfZuN026007; Tue, 2 Jun 2020 19:44:58 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=Itx4/2DJRU1/gTWakOXSV7XvvB/ONpW9ur9NJw7lcaM=; b=CAa0mgYLwMpqY4HWCQS2jYMlvpJ9rEGyJlkqSz/sfzodIBStDBGrGhqikiUh9dkZY4m7 uWpzOrmv2qltRuwxuYrYFWjXys/6ylC/R/+rJ9i63yTMc8PAXiSOT+PUh5sdNxvk0+Iv lfNz1tq7Dbga3FnqiVz6xKoidKdbc7G0SeYXNqjLHAc3Qf+3IIMetfWLyIBhcp1tVWGv +v8F6pC0nc2ysSVtOSNb1i3d6x8hfKwtVItRmmGAWTS4mr7GMfEhHnK/M83PwUrUwDiV W8B0e5beVR66rkyaHMnHdFLcwhsB7r/vV/ql/0xeMzGj8J7zAUuoyNExGTc8TeV9n/mB zA==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 31d8t19nva-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2020 19:44:57 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 052IXln1026605; Tue, 2 Jun 2020 14:44:57 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint3.akamai.com with ESMTP id 31dv5d0183-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Jun 2020 14:44:57 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.165.124) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Jun 2020 11:44:56 -0700
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.006; Tue, 2 Jun 2020 13:44:56 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Christian Huitema <huitema@huitema.net>, Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-esni-07.txt
Thread-Index: AQHWOEy/hLnzomuOOU2FfdoSPfCkSajFGluAgAB/4ACAAE9wgIAAEW2A///A4oA=
Date: Tue, 02 Jun 2020 18:44:56 +0000
Message-ID: <45EE8BA0-2CC4-4110-9008-45C130C98202@akamai.com>
References: <159104051676.18465.12498199656412028384@ietfa.amsl.com> <af75a707-3b6c-a1af-14c4-6e766cb4e572@huitema.net> <c7a41e95-8b21-4620-806e-db144eac2fa3@www.fastmail.com> <4385bb35-710b-311d-2b7c-fad0eb72c5d3@huitema.net> <eefa3eda-83ec-8237-167a-009a83791629@cs.tcd.ie>
In-Reply-To: <eefa3eda-83ec-8237-167a-009a83791629@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.118.24]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B6CB1863EAF69E4BB4BD3AFFFA1554CA@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-02_13:2020-06-02, 2020-06-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2004280000 definitions=main-2006020134
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-02_13:2020-06-02, 2020-06-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 cotscore=-2147483648 mlxscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 phishscore=0 priorityscore=1501 clxscore=1011 spamscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006020135
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LZC_juHL_3FRY3iHmuvNzCPLf0g>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 18:45:12 -0000
Trial description scares me. Perhaps that's not a rationale fear -- one of the points of CDN support is a large anonymity set -- but I worry about the DoS possibilities. Especially if QUIC picks this up (now trivial to fake "client IP") and if some large mobile manufacturers move to use this as the default as I've heard they are considering.
- [TLS] I-D Action: draft-ietf-tls-esni-07.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christopher Wood
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Stephen Farrell
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Salz, Rich
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Ben Schwartz
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt Christian Huitema