IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-esni feedback

Rob Sayre <sayrer@gmail.com> Wed, 23 October 2019 02:06 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E67912024E for <tls@ietfa.amsl.com>; Tue, 22 Oct 2019 19:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hiSpq0AvGi6I for <tls@ietfa.amsl.com>; Tue, 22 Oct 2019 19:06:08 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D466A120232 for <tls@ietf.org>; Tue, 22 Oct 2019 19:06:07 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id u8so22961245iom.5 for <tls@ietf.org>; Tue, 22 Oct 2019 19:06:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1+0kzFckYlLm3AR/Q8Muv4G12P0E3KUJDXP5JZfcYBI=; b=OpXnIMuNa4GrGXZv+eijhBnw5J58lImKJ1k2NscOQGQD1d04u/YIhaKC/qd1uQdcqO CyO6CTmRRGeaVPoUcvxatJW/EvDLkpJ5Sq+Vk01arPKDzyrCBSAR9crHp7A3fKrsZ+14 fN9qxR1OzefJE5riveGcvnIq7QSbD1ebrWA3yooGsNV+XwdVgY97V+fJgAe23vlQuNCL 7eTtcnaVVja7W0jDPdil/kW8gqTexfXysJBP9gKe2w9fFeKy2DaBbCBDH/H/yCu5kC+O KljGCIVPlkcls2ifHwxPXktNrIkCPL+ESHxvfsaMTAnHlXn8GysVvY9UwNzJniKZirOg xfqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1+0kzFckYlLm3AR/Q8Muv4G12P0E3KUJDXP5JZfcYBI=; b=DtqVZZhWCx1UsyitgTXF+D1S8VpJw7ZttAwH9+2xH5vhZcKD+5YoNGR5ZCf6flUIhJ pn7QZ6qqa8NUJrnYm74AMAESCwzZsesAkwv9IN4uhlWz2Ua8nkL7MYVKYeTqKocMbFTv nrmJe1ugN5Cvhr4I8Bae2jT8DyvP/BXsbnAkogdSBMW8iCuj9x8yVoR1l9QuvK/sIfwv 7ZInB4Qa7IyeB2okZjXiEyisRG9Tt1JWljGSC5FMqpGUYGVzZTCmMokxT1k0Qsp7HaHe AOjqQU6NOokMDFiOfW9fBvQvYfbJklA7afWWg16gdOKGDsJllex8LBDg71jFZCyRMN/P sdwA==
X-Gm-Message-State: APjAAAWfUJoaIztmRFqYJJwcs+AQtZlh5la5LUBeP8OWPAn/cVtfdQyl CnDT34U8qlIhHOcnkCQdQ0ZYIgkWgSbp4lFQ2b7u8+4zL6A=
X-Google-Smtp-Source: APXvYqyLutYncL6uEX1Qx773SanlooIVKdDtQ9u0gC8Zr0GYdmKDbspvlhlxUUdOvhvJk6X9aHBDjRS7sfe3krfKRs4=
X-Received: by 2002:a05:6602:21c2:: with SMTP id c2mr871071ioc.189.1571796366934; Tue, 22 Oct 2019 19:06:06 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com> <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com> <CABcZeBOy8ogJrmFajxX1pqjqgnE61gE=c3CWz+pp34NWHmGKbw@mail.gmail.com> <03e15760-dfce-cd7b-baea-56ac70d92192@cs.tcd.ie> <CAChr6SzmpSn3Q8tBi+Pdc+Bq7stiukbufbh-jDt+AEtrkV8XGg@mail.gmail.com> <f87c2916-d03d-2715-7b36-7b70fead8df4@cs.tcd.ie> <CAChr6SxfT0ed5J89siGX23A0G77BJQWxFRDoJ1w0v7=5O0KERw@mail.gmail.com> <8063bb12-8462-53fa-fa62-1e5abb1a652e@cs.tcd.ie> <CAHbrMsBPJqzaUSa42gGq45MfsTvCVW7t95q3feWEiSYeSN9ocw@mail.gmail.com> <333fde42-76f9-1af3-0f0f-c70914b0222e@cs.tcd.ie> <CAHbrMsA0PFwvu3hvZgXMbe2Buzq9dQHgNJJLOqtyMUzb-qpc0A@mail.gmail.com> <04a5a50a-3268-d9fb-de16-abb9224409ed@cs.tcd.ie> <CAChr6SySVXsH1J7KGDJjjB=wdxhdaCe207pLn2fGFMmDb1q82w@mail.gmail.com> <BE5E7283-6EF4-4113-ADBA-7790A5DFACD8@akamai.com> <e20daa2c-b239-11e0-87e7-beaebb80aebf@cs.tcd.ie> <975963dc-f311-b806-6860-8768f4ec1a76@cs.tcd.ie>
In-Reply-To: <975963dc-f311-b806-6860-8768f4ec1a76@cs.tcd.ie>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 22 Oct 2019 19:05:55 -0700
Message-ID: <CAChr6SyU_ArsKi16Bj47eZWVRMJ8wekFKAzFLENkUB31fSgPKw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "Salz, Rich" <rsalz@akamai.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001c474605958a5ce2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/M4GkSig_z_2ueD9Vz-8zow0FUSA>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 02:06:09 -0000

On Tue, Oct 22, 2019 at 6:30 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> So, at minimum, that'd mean s/32/128/ in my quoted text
> above, and likely more. (Plus, of course, doing the kind
> of due-diligence that lead to [1].)
>

Or, maybe, start at 256. :)

Low numbers might encounter all sorts of well-known cryptographic problems,
and varying the padding of the domain name with any granularity would tend
to narrow the search space for an attacker.

I'm not an expert in these matters, though.

thanks,
Rob

v2.23.0 | Report a Bug | By Email