Re: [TLS] Possible blocking of Encrypted SNI extension in China

Rob Sayre <sayrer@gmail.com> Wed, 12 August 2020 07:03 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 156FA3A0C9F for <tls@ietfa.amsl.com>; Wed, 12 Aug 2020 00:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoiyeG73m45K for <tls@ietfa.amsl.com>; Wed, 12 Aug 2020 00:03:53 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C26F63A0C74 for <tls@ietf.org>; Wed, 12 Aug 2020 00:03:53 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id a5so1405571ioa.13 for <tls@ietf.org>; Wed, 12 Aug 2020 00:03:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p1fBDKukOgAv7hhC0IUCtx+tyOzNRmzL1ezC7IZW304=; b=Gklwq/a0x1qhfiVwCsvxxHWU9ExqOqMOlW/TFneb6PX/5/HiASyomzdwzmLdILjlv2 lYXqkPAgGJE/dl2Kj3me8Y/AW5+TsWOtxYfC0FaOr+EiM3FML/qLYYMARzsaTp+UJVg5 /5TVoh57f3z8J2cRT1FRagPoee/rIxa+nbfHEqay7WWgYlxDOxwZ1CKugBQbosk7oRMw /GEEWisPtssy60nFBKC1SsOYo3PBY9ORvQY6x/IdvmkXGV8aVBjz5OkrCxQoTZfQd0rV LPQUz+TKu40+vPy4NzRqKVeuIGKwAysD8CDJxxOlzuRXXZ+1Fi0DFWjQuouEFkvZ/Afx Q0qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p1fBDKukOgAv7hhC0IUCtx+tyOzNRmzL1ezC7IZW304=; b=JXQ2J5ytc4rE7Ty6zGYxPz5UqoMElFM3r84VFtC/2MWnF0+3AjlAV75V94cmoMUgdm 7SrOkkGcrD2g3cF09fNWmuNMQe8Zvilgj/EPI7OWBwnFqulvHrjrr5+oAspeFr1RFDSU ylhvThihSiaQEokh/qtn1FVzoEuFBJf5zEExVT7BVD47AeBDaAhdXN6drmMJELKhhVr7 SoKz0vkXRSPq/vuPYRjwM+NqCnPh7YeycMO/TL0JPmZhGJF7bCCC7C5iBKn1GbAxOU5/ GVoY40i/XG+UQzHs9/GFo0NRu3fW55tpNN6AXTtxi6dAd3hZV41AC3hHhtPEkM8wWyYh OqLA==
X-Gm-Message-State: AOAM531CvJ7oahJT55iHJ9enSaPOhOyN2RZv/hWk5dx39Wv9RLEc4mrS 4bwrPJEklE+cJvxgMD1T8Kp8CVL4JgyOACHJMvMT+gal02Y=
X-Google-Smtp-Source: ABdhPJykEM+gJHRzZdU8QzR2Cb+kDsVgEUDjkoEfj2cMObkKxWc9dyR0DwjeApRL5RagAexiVWpswBX3bw6J2Kx8TwQ=
X-Received: by 2002:a05:6638:25d3:: with SMTP id u19mr29640341jat.103.1597215833107; Wed, 12 Aug 2020 00:03:53 -0700 (PDT)
MIME-Version: 1.0
References: <67d52e25-71ed-4584-b2c3-6a71a6bdd346@www.fastmail.com> <1597119980162.55300@cs.auckland.ac.nz> <b32110f8-c9ba-e8db-f136-7cc60eba54e4@huitema.net> <1597123970590.77611@cs.auckland.ac.nz> <CAChr6SzzuyB7sxXJQ4gNJwa3iaQcC5jGPE3-sgfY_EkB7DoykA@mail.gmail.com> <1597125488037.97447@cs.auckland.ac.nz> <CAChr6SxLAJyweEDHL48-hT3X=d5E6jNrWZheOt+fSydpS=HhQw@mail.gmail.com> <c7e033d9-aa39-1293-2233-4ebb8d1502dc@huitema.net> <1597130085200.4129@cs.auckland.ac.nz> <CAChr6SypqD+J0LjJWxOQNQhXAvR7R4oLZQCKq_0PPbs+xjiSwg@mail.gmail.com> <20200811224203.qysncdptgiwfrvlu@bamsoftware.com> <1597215113998.32406@cs.auckland.ac.nz>
In-Reply-To: <1597215113998.32406@cs.auckland.ac.nz>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 12 Aug 2020 00:03:41 -0700
Message-ID: <CAChr6SwNyeNQihrhFFra4G3D_EMYYyveh0vDmKXA_N07=fzCug@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: David Fifield <david@bamsoftware.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005cb2db05aca8ca93"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PcvR0ct4F9r_w3l87M4jLFLor9M>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 07:03:55 -0000

On Tue, Aug 11, 2020 at 11:52 PM Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> ... in reference to a question someone else asked about ECH and TLS
> 1.3, since it's not defending against anything the censors are doing I
> can't
> see what its presence or absence would do.  Something like ECH seems like
> classic inside-out design, "here is our cool piece of crypto trickery, and
> whatever it happens to defend against is the threat".
>

Censors do use the unencrypted SNI. See:
https://tools.ietf.org/id/draft-irtf-pearg-censorship-03.html#sni

That doesn't mean an encrypted ClientHello will solve all of the problems
we've discussed, of course.

That said, most of the linked papers I've read could be possibly-overfit ML
models that study older TLS versions without ECH.

Their underlying point could be correct, but the data is old, and usually
not public or reproducible.

thanks,
Rob