[TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings

Mike Bishop <mbishop@evequefou.be> Mon, 24 June 2024 20:35 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B074C169408 for <tls@ietfa.amsl.com>; Mon, 24 Jun 2024 13:35:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MBRMSzED0amx for <tls@ietfa.amsl.com>; Mon, 24 Jun 2024 13:35:55 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2128.outbound.protection.outlook.com [40.107.223.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47A7EC1840F6 for <tls@ietf.org>; Mon, 24 Jun 2024 13:35:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jl7IFV9uWRIQahrlJGpidhpVHIC4afWwlmcQI7sWVhR0/FtxmLRGeAzvyx43fypwxxzYEp4z5RGOIPVq2l3g24nBRA5WJlHHZG5G2sJvxCzad+8tWf6GgcFqhAa4h4OIeB4DXvAGxVA8yq3FSwNncCYWhtFVHkCAzLPsNrlORbMLqBoZP03PpxHrxb/MlA9HBMqu+sLZFFQqOkPMCJ+c3AK0xFj4aplrCgQNFOMdwMr8Ju5XP2+OBGIc9zOvZuAvNQefkwtRXTGvelEfXohasrwJNJzJjjHItZxVoNqf+Q302HLbTeHLcY7Jy/cTcPBoZjbxg0zOYY+xqR9Dqbfy+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5+CoYLq2yOxa5z/2XBADn6UDuXzDJLdhbmWNOKvlUmk=; b=RfTO/NHZqQFyGQ/nzWSaEINsxFFhtObNKaPXaAb2l9IT7Lf5k5LvKB4qC8xvocxB7Zq6eCVc7e54sWvlyOH2G/5zUuNxmEcZEEGoP9HVW/bXd8sRmBZqewTuR8nfJbhuxVDXaQoIq6mJKRKwnF5HwT6NwFtjbyHS8Q1tkDJbS+ixmRoNi2ltsNGsqTK12vUvY0ZmH3/rKenC2C2kMCMS+LMdRGQbfuXv62iXDLy+gxSMZEHplViLEK5sunAwDkxBWcoVWDxxz+AcI3HztS4ZX5trhHc9xPwdtVSctfmlfpuFF5TyCjGo6Z6tKWl7i9kfaNfDIqC6QEsiyAlGXT1wQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5+CoYLq2yOxa5z/2XBADn6UDuXzDJLdhbmWNOKvlUmk=; b=d0W2sEqeUFOleGpDcILKc4u88AGYFoXynmt1nQxNs1jqGN3TNtyJu/A2XZomOg2rzBbBHYCN8RlRRCCGiePYXfttlU4lTNCSCB0IIA08ZjA2mAcSVAtWyMXBSOqptItTxIxz0OTGo6OjhqdCWSDr/OCpt7KdJYGUzVv2IQl/y3Q=
Received: from PH0PR22MB3102.namprd22.prod.outlook.com (2603:10b6:510:143::15) by BY1PR22MB5560.namprd22.prod.outlook.com (2603:10b6:a03:4ab::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.29; Mon, 24 Jun 2024 20:35:51 +0000
Received: from PH0PR22MB3102.namprd22.prod.outlook.com ([fe80::1cce:994d:80bf:7942]) by PH0PR22MB3102.namprd22.prod.outlook.com ([fe80::1cce:994d:80bf:7942%4]) with mapi id 15.20.7698.025; Mon, 24 Jun 2024 20:35:51 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Raghu Saxena <poiasdpoiasd@live.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
Thread-Index: AQHavUIz52GHUf41gkmxnZXOVLhmI7HXa+Kg
Date: Mon, 24 Jun 2024 20:35:51 +0000
Message-ID: <PH0PR22MB3102B98916996B0DD5F7F542DAD42@PH0PR22MB3102.namprd22.prod.outlook.com>
References: <2216B76E-F2BF-4A33-B465-57185CF60E0D@sn3rd.com> <MEYP282MB3564E31D58FB6BFFAAFC72DFA3C12@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
In-Reply-To: <MEYP282MB3564E31D58FB6BFFAAFC72DFA3C12@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=evequefou.be;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR22MB3102:EE_|BY1PR22MB5560:EE_
x-ms-office365-filtering-correlation-id: aa1cb507-d141-4d87-7000-08dc948d3cc8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230037|4022899006|366013|1800799021|376011|38070700015;
x-microsoft-antispam-message-info: 4IDoosXy/cAxgGBTJavFDO2wT4QhLha5PojZHw6KZRDSbHRX5j3SURoZPwLOjbtyRF0Td3fZaloCqbHqKckPw7EwIDJLb1DifW7PTljWroGq+rFARCCzlr5OrEeTDVZDhfMXr3qjT309wdlR8O+dnUN+MLUr3eImTywP+owNgYjHIFelr5eWevSnlaUrbeur9lCFfJMiCN/dpnL26wDgvOrU80rSxSa4sxpn9hrV2GUWBvoo4fpSmI0qNnkjNVjfaTQNvD/zrrPnBw6MjWFl9Rdp0yzG72lcCM/uEaw9FIBlq/Y+K0nCekJLKfbBR3MThEzZL6yoNaenaByagUp/8pVBhamLEvaO+omQEqTHXTvvWX1hNfVUc+MRazcv0DCjXJ15TTgig/Qiwu5c9m+QNWAIFuN33zPWfMaMvPjtuJ4t5wEzRN8/CfNMqYoyuhLddF2o4oxkUeMC5zqstxW7ZmswFwKA9yvZiel4SqK7Q5ZJ9GB3jNPSESX8QgSm89BGCvUC8A5wHX3Z1Bkod3DsKwkkqOCOlY7K1UELCjm7SQnYUmhzfv0qHcTC7TT/PMil2qZWJJ4C7w9qgCldAJQW7eIU5oFTBEsejznHdlptDuT7bKOKXsf8TH3+cVBr8DDCTY0OKJIr97LPvOeMZxJz33RRkAKlg4JfXJNHYzcpxdtjJiMIyIwL0D6a1NwKWlo0bsRRLjyXZZUbLY3/9aThpxgYQSYc8CzEXzWN13B7o0DbvY0dnnXbqIq9uJdZbovqu/zgmJmAenzwezhW1IUOenlX8EwsvYJ6vLK2twH2jJI5sSGiNXXIUFeR2AoePcGgGarnK8Yb/EPO9dfOJx32oeoiYZEKCP3p6HbkrBFTnFnnbbLxlL/3DtOe1KuXdsLduj3uqDqTUpJnggNWnEfRkyJJBbAflReM6TAapfv76WL9IzPw/Ks1x5wvRSvtA5Nx64RHg1UxQVk7GtYCbkUoL3bERVA9/pfHc3FxAMly5zZm7gAeDgM0UihhJEls7P4uzHAWM7qSccSK0Zrm5+HJAJ9Dlses1ebUUx8SjxOD929AejuurfWB6BEGXcUo+qngSVPejewfvVZCn5aOGg/45o2U4ZI/JAlxRqH/80jMV7rBuH7LUG8Wbo2+Cn9aR42CtlLUZXogRa0vInI20dLd+tbZBqvArgk86S1e/A85cd7/PTyBh/mtf/f54Y2IrBu7L3VpWtunmZrobHsEqeV8AejZ487bpxjXscLxHOkzZHrI2hsyOpszJolz+i5dMusQdkxWSbg+3oHIXDNXgy1V5oWAivnGxphq0YBfDRTgvdZhpQ0dm4kvMvzIjxcwCrQ6
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR22MB3102.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230037)(4022899006)(366013)(1800799021)(376011)(38070700015);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XySQROLoGR6PLVFxRj5taSA5UInxZ+8/fJP1T6+fMqYND1tHIekRxv2TyHhyNSw9DobE3uDe0QRUBlBfZhOmMd/D5p2eUhPL+eDrXx/emRm5+1u6lU/uPnUfunxUzLcSdi/K64aTzhl3z1gyKdK9g4ZITuMwWBaFAvvOUIhHq0cWirFqM9j1v7KQpBDlsjRmxPwmA3K/Mqo2PmkTz7b6ypMFwSH06hRqaMZ7DWmU8/SmxID787T/WgOLNaWVtuNDO8Rcx3DdktTjhMUyJPqeQh0MbFzmCIEDq71eaRHlsv5+1odjmM3Nrs7YCBTg/OMTrqrmLGP7XUK19hbLueoda8cqsrhTgga82BAX97+VX4s4LPRLmqkTaUscIsCBF3n6MgwSvH72HPSIZgMwV1ayiMz6Pc+TFQbOWLpPrWSrYGXD85r101N5mgtGx+7dX4tX/aVkBOqq/T/Bcq/eIzZVv8nuV7uJp/h4uzPvR5e2AJOao2KDvBPRGeBNlpR+fxqCuOIflmUq1W+/k2aZqFb7IeY8kWTyWg0sJFo+dGC/piDzxEjLjBrdFhRzspoJOkzbZ86mHM4ohZZ/w1t7sJy+9B0U5vzHbvZ4pleQWlC8vUGH0q0r7SNymnWXZXbJN4K4/xVsL0w3bzr2zJm0mksorzbSU1NEz7ex+rLUF/weLEG7Cg0FcYv8z2hoBi275v4zdTaqMC4yzg5EhX4iWE9Hsi9XsfmcbNyZDwy3QBOf2awP2alMGEbXLLY74AReBgK/2r/1E1JxQ4NUhSXQOR17PZy7oHqRZETjtg5WdKmq0aRWOIrgH21LmQ5nf3V64Yd8cOaylIPCNrzlurVk3QVK1TK6/BZAjnHIsnawF4njZesylv3awHoyQpWt6fo8my91mW4sBSg5Clk+FUvKoWeDNayeffIkoL/fGeNAcEAi/9qJW0ymuVonQjsM3wk42UlgzofrX91JGsys7hiqDBWMbMlusGsFzgX5j4hxfQQyvTiWUTSRN0r8ybxWXeI4B7lahuiHoDuNME7J1Rp++l7q7imcMLPZZarhDQwYJRf24NT1E83+jC0uAV+8rVV0MS51A29pFaH+Vb1y360UtKDI90KZ5Cgqu2slPJsLkwABHKRykvcmbP3vPn+zBPjMZjeTuaYhsqI+SSpr2e4ltdVbVt+uVWiAF9UvScNxhIqNAbWA7vEpI1PSgvzlBp+AsKZKXu/UUmnTv5FP52vSmXy8/5y2XYm/dd2Vu9OdArqYbKtrFkzYNe2oaMo+9pBAJlLDOStFEiwz5/75gFt3ZHERjF1uc8gfZ55fbFSH5RhA6OeoxKke13TXvanvR1UXYyMUd62AfxWN75ljfhVNJXeIms1P7QNvaid7rMk6rULIlonnPb3RZZWfioWG+yYJm+i86iAOaELycPkTH8n0qSUl64G+u6EppjtARY/HQK+LUC2zhkkTIz6Eqn3hbmkIh1zw9ZIc1Zrf6LgKGun+tPuCIHbOEEHsGNxHphrnH16VA8z0V9mYFxFeft5GBATz5Vo8agDOX/l/XhopfTNFe0x+ZpJLd2s4hAHa2MKvjWCY1zyQiIxprnD2f4AqmVekqkl57w932d/UY71LScT7A0LTetVXJyWQZBiNloNTkpgYUPy8IjRq0B4Ki6UhWnwgfHTi
Content-Type: multipart/alternative; boundary="_000_PH0PR22MB3102B98916996B0DD5F7F542DAD42PH0PR22MB3102namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR22MB3102.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa1cb507-d141-4d87-7000-08dc948d3cc8
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jun 2024 20:35:51.0285 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eCy5/0ISCA2u4dWyWn8jZJSxzSRJBawBF28y6aBAK99/obpLK5SZ4V+zTsg7mKNLHvJoRFjX8KDNk7FGdhii0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR22MB5560
Message-ID-Hash: A4JLSMR2GIS4TMHQKHZ4Z33IWRWDDRP7
X-Message-ID-Hash: A4JLSMR2GIS4TMHQKHZ4Z33IWRWDDRP7
X-MailFrom: mbishop@evequefou.be
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MvMXUj-qQk3PiNWXbMoh31TnfG4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

RFC 9460 says this:

Protocol mapping documents MAY specify additional underscore-prefixed labels to be prepended. For schemes that specify a port (Section 3.2.3 of [URI]), one reasonable possibility is to prepend the indicated port number if a non-default port number is specified. This document terms this behavior "Port Prefix Naming" and uses it in the examples throughout.



As this document is not a protocol mapping, but simply the definition of a SvcParam which could be used by any protocol mapping, I don’t believe mandating anything about how mappings construct their names is appropriate here.



RFC 9460 does use Port Prefix Naming for HTTPS records when accessing an origin on a non-default port; that doesn’t use MUST, but it’s a definition of how the HTTP origin maps to the HTTPS query name.  Another protocol mapping might choose a different construction, and that wouldn’t affect anything about how this SvcParam works.



-----Original Message-----
From: Raghu Saxena <poiasdpoiasd@live.com>
Sent: Wednesday, June 12, 2024 11:31 PM
To: tls@ietf.org
Subject: [TLS]Re: Working Group Last Call for Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings



I had one comment earlier that seems to have been missed [0].



Basically I was wondering if it may be useful to use stronger language in the draft to indicate a client MUST use Port Prefix Naming when looking up the SVCB record.



Regards,



Raghu Saxena



[0] https://mailarchive.ietf.org/arch/msg/tls/ynRkX60dGq-ofmSW4POhppQcgkY/



On 6/13/24 2:10 AM, Sean Turner wrote:

> This email starts the working group last call for "Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings” I-D, located here:

>

> https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/

>

> The WG Last Call will end 26 June 2024 @ 2359 UTC.

>

> Please review the I-D and submit issues and pull requests via the GitHub repository that can be found at:

>

> https://github.com/tlswg/draft-ietf-tls-svcb-ech

>

> Alternatively, you can also send your comments to tls@ietf.org<mailto:tls@ietf.org>.

>

> Thanks,

> spt

> _______________________________________________

> TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>

> To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>