[TLS] Re: Dnsdir last call review of draft-ietf-tls-esni-23
Eric Rescorla <ekr@rtfm.com> Wed, 19 March 2025 21:44 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 58377F14C52 for <tls@mail2.ietf.org>; Wed, 19 Mar 2025 14:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6qK_5-gkNGN for <tls@mail2.ietf.org>; Wed, 19 Mar 2025 14:44:49 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 55C46F14C2D for <tls@ietf.org>; Wed, 19 Mar 2025 14:44:49 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-6feaa0319d8so847077b3.2 for <tls@ietf.org>; Wed, 19 Mar 2025 14:44:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1742420689; x=1743025489; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TiY2r6h33j8qn8iEAihEzr8CjtJBAPs9+IGJGXkno1M=; b=1GyxWUdt05X6ytMTbGYDGjmGNpwAYBZskmGERmuOg8nkM990qQSxI+cCwD5OdnlIne A1UdmXBjMQW1leTkmw9ooT0h0vW4rbi4dzzx/Ino+jfFjqmWHq1rYuXMTeMM4/ia6bfn c2jFweekPmoLVSzI2XRmbLThwlx3ePnANjk77z5QpSL8nZVN0A2qpsDxdPTaqlTbRXO0 h2bcLrh6NTRNFEF2Cf1x5cVkM37Gctd1LWvwfxSS4JHHeC+g7Rt82UCKmV6q2L/6C80j HXjeKfCaS3y3NGDPVwe7xiETO/2A3TN7AVeBGfxxQOoxIq/HX3L77W2s+XFqJPYInyW0 9E3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742420689; x=1743025489; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TiY2r6h33j8qn8iEAihEzr8CjtJBAPs9+IGJGXkno1M=; b=T8XymlYuv70qKaxkSP40UJ+rr4hyxVv0Na1UnBK5oxM8YgmJD7sT169pFwD5vUrM4b HXpXmvyYUWCssp8SqBasnG+gMs9mpUto/BFLHOPJ7VmtmlmuAUHQgPrGQJSKTX7HZgE8 Wb5BuZdmQZzldh6EnOeDGZ32n8/NE9qDo738Gswh0qguXRcQHe6k8n2RJO1rB6Jkksgr f5mzNvzc5/eg4taRJq3OfDHJqu95pd1a5yqeZPacvb9LrEvDUgDIh5Nik3Py31L8uu1W Ji56mH0gKaJQRih9NZFeAo9fNiH+J1T7/hqtfoSiRhG9JjBV1RquT75Szh3eew3Ssorg iIPg==
X-Forwarded-Encrypted: i=1; AJvYcCWRFdTA+uXGwlk11ixvsKfh0RNwotAGJ7/7eeU2Y55TIhHkNO64buxrkK7rTKNj4FSCTGg=@ietf.org
X-Gm-Message-State: AOJu0Yz85XoxuIfijD+0gMOroX/AHvVQXyhpigDaC6TurDOrfUGtUSoW sfk8oPcDznzp3jdoLkdHvPcEna+0uwX0q1t/LBD3jcu3ZRFIcfDxKMHOxqx/ej8krGV+UJFl30P w/u79N+x7VewX9zTNesp0nE+d7lHhx7QO0rFdMQ==
X-Gm-Gg: ASbGncsfONDPRdxgK7smr7X1z3/W/SxN5guctHua4SmgltwD1qHN381TCYDDUlSks8d 7R85PqoHzKJ/slSvm4oXpDM4TACwTDxkHUYC97PbuU/+/UoenAf3lgiDCFYw+ha0gC53rX4xYi0 QzRZhXbvM4fUK0e1aWyhxFfaS4uv6J
X-Google-Smtp-Source: AGHT+IFgj15G14Jfsl/i+o5K7iK/RNQ17aKwUBU2Zi8fARJAhLudKgymbj1c4q+1+vTNnQxu+1rQBCeK+PKiWoxf/jA=
X-Received: by 2002:a05:690c:c93:b0:6fd:a12f:2702 with SMTP id 00721157ae682-7009c128ab4mr59768917b3.25.1742420688786; Wed, 19 Mar 2025 14:44:48 -0700 (PDT)
MIME-Version: 1.0
References: <174135183112.72717.16931270964241201975@dt-datatracker-775fc5cbb8-824tp>
In-Reply-To: <174135183112.72717.16931270964241201975@dt-datatracker-775fc5cbb8-824tp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 19 Mar 2025 14:44:12 -0700
X-Gm-Features: AQ5f1Jo14mXTMlaMoTNkf3VzZ_ClRGdEylfDUL1ZsOdAzqxKiZOyzpdxncxN2gQ
Message-ID: <CABcZeBPqMCyy87d9kr3PqSivxV55E1S4mhWXTzze=4bMawZW4Q@mail.gmail.com>
To: "R. Gieben" <miek@miek.nl>
Content-Type: multipart/alternative; boundary="0000000000003477e20630b8ee4c"
Message-ID-Hash: AQLE4ZK4LDWWWICU74KOWIJPVBDWHH5J
X-Message-ID-Hash: AQLE4ZK4LDWWWICU74KOWIJPVBDWHH5J
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsdir@ietf.org, draft-ietf-tls-esni.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Dnsdir last call review of draft-ietf-tls-esni-23
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PtjesSqr2gABvFyDkIToLAden28>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Thank you for your review. I have made a PR in response to these comments: https://github.com/tlswg/draft-ietf-tls-esni/pull/646 Detailed responses below. > In section 6.1.7 "Authenticating for the Public Name", this repeats > the a public_name should not have any ASCII dots in the wrong places > and that all labels 63 octects. > > Nothing is said about the overall length of DNS name? I assume the > referenced RFC 5890 references older DNS RFCs about this? But if so, > why call out the ASCII dots and the label lengths? > > At the end of that paragraph other limitations are layed out about the > "numbers" 0-9 and A-F. > > "This avoids public_name... interpreted as IPv4 literals" > > Seeing A-F also being mentioned this is "IPv4/IPv6 literals"? (Then > again IPv6 would be weird, because there should dots in public_name). This text is generally about trying to mimic existing browser behavior for identifying things that might be domain names while excluding IP addresses. I don't believe we need to talk about v6, because those addresses have colons. This text was pretty carefully workshopped and perhaps some of the other WG members who are more DNS experts might want to weigh in. > In section 6.1.8, last paragraph, > > "...comply with any freshness rules (e.g., DNS TTLs)" > > Fair, but how does the application get access to those TTLs? AFAIK the normal > resolving stack doesn't not hand out that information. Many browsers do their own DNS resolution. As you say, if you use the OS stack you may not get that information, but it will handle the TTL for you. > In section 8.1.1. > > "...provided the server is authoritative for the public name." > > What is meant by this? Because in DNS a nameserver is authoritative for a zone > (and thus the names in that zone). Does this mean the DNS name points to this > server (via A or AAAA)? This is talking about the TLS server. I rewrote the text as: The retry mechanism repairs inconsistencies, provided the TLS server has a certificate for the public name. > Section 10.2 > > nit: "Resource Records" -> RRs (I saw RRs already being used in the document) Done. > "ECH records" > > What are those? Are these the HTTPS record(s), mentioned in the beginning? Yes. This is version skew. Changed. > > Further more, > > "... which is 1:1 with the DNS name that was looked up (modulo DNS > wildcards)." > > As a non-native English speaker, I have trouble understanding the "which is 1:1 > with the DNS name". Changed to: replace the IP address, thus blocking client connections, or substitute a unique IP address for each DNS name that was looked up (modulo DNS > Then > > "modula DNS wildcards" > > Why is this mentioned? Because a DNS server (internally) knows about DNS > wildcards, but a client does not (well with DNSSEC you can figure it out), so > I'm not sure why this is said here, seems not relevant and even a bit wrong? I agree. Removed. > Nit: > > "Encrypted DNS" > > Maybe put the references to the RFCs here again? Instead I used the term "encrypted DNS" above. > Section 10.3 > > "... can help mitigate this problem by flushing and DNS or ECHConfig > state..." > > "flushing DNS state" is dropping the HTTPS record information that a client has > and performing a lookup again? Because I don't see how DNS state can be flushed > from, say the local resolving by such client, but I don't think that was meant. That is what we mean. As noted above, many clients use their own resolver. Added. (this may not be possible if clients use the operating system resolver rather than doing their own resolution). > Section 10.10.2 > > "... further limit sharing.... different keys using a short TTL" > > OK, yes, this will help a bit, put this information is being put in public DNS, > so it's as public as can be... which is the opposite of 'limit sharing'... ? What is being shared in this case is the private key that the record contains the public key for. I changed the text to: an IP address. Server operators may further limit sharing of private keys by publishing different DNS records containing ECHConfig values with different public keys using a short TTL. > Section 10.10.6 > > "ECH record" Fixed. > used again. > > "trusted Recursive Resolver" > > I'm unaware of a formal definition of "trusted recursive resolver", so you > might trust the resolver, but as this document also explains that sounds a bit > like hoping for the best? Unsure what to make of this. Or is this the Firefox > TRR thing? Which implies DoH/DoT querying? It's referring to the Firefox thing, but I actually think this is too strong a claim, so I narrowed it to DNSSEC. -Ekr On Fri, Mar 7, 2025 at 4:50 AM R. Gieben via Datatracker <noreply@ietf.org> wrote: > Reviewer: R. Gieben > Review result: Ready with Nits > > Hello, > > I'm the designated reviewer from dnsdir and I've reviewed -23. > > I have a bunch of nits and minor questions, but section 10.2 stood out as > I had > trouble understanding the DNS bits in there. Though I think that those can > be > fairly easy be fixed. > > Note that I haven't read (or can't remember) any of the referenced RFCs or > I-Ds. > > In section 6.1.7 "Authenticating for the Public Name", this repeats the a > public_name should not have any ASCII dots in the wrong places and that all > labels 63 octects. > > Nothing is said about the overall length of DNS name? I assume the > referenced > RFC 5890 references older DNS RFCs about this? But if so, why call out the > ASCII dots and the label lengths? > > At the end of that paragraph other limitations are layed out about the > "numbers" 0-9 and A-F. > > "This avoids public_name... interpreted as IPv4 literals" > > Seeing A-F also being mentioned this is "IPv4/IPv6 literals"? (Then again > IPv6 > would be weird, because there should dots in public_name). > > In section 6.1.8, last paragraph, > > "...comply with any freshness rules (e.g., DNS TTLs)" > > Fair, but how does the application get access to those TTLs? AFAIK the > normal > resolving stack doesn't not hand out that information. > > In section 8.1.1. > > "...provided the server is authoritative for the public name." > > What is meant by this? Because in DNS a nameserver is authoritative for a > zone > (and thus the names in that zone). Does this mean the DNS name points to > this > server (via A or AAAA)? > > Section 10.2 > > nit: "Resource Records" -> RRs (I saw RRs already being used in the > document) > > "ECH records" > > What are those? Are these the HTTPS record(s), mentioned in the beginning? > > Further more, > > "... which is 1:1 with the DNS name that was looked up (modulo DNS > wildcards)." > > As a non-native English speaker, I have trouble understanding the "which > is 1:1 > with the DNS name". > > Then > > "modula DNS wildcards" > > Why is this mentioned? Because a DNS server (internally) knows about DNS > wildcards, but a client does not (well with DNSSEC you can figure it out), > so > I'm not sure why this is said here, seems not relevant and even a bit > wrong? > > Nit: > > "Encrypted DNS" > > Maybe put the references to the RFCs here again? > > Section 10.3 > > "... can help mitigate this problem by flushing and DNS or ECHConfig > state..." > > "flushing DNS state" is dropping the HTTPS record information that a > client has > and performing a lookup again? Because I don't see how DNS state can be > flushed > from, say the local resolving by such client, but I don't think that was > meant. > > Section 10.10.2 > > "... further limit sharing.... different keys using a short TTL" > > OK, yes, this will help a bit, put this information is being put in public > DNS, > so it's as public as can be... which is the opposite of 'limit sharing'... > ? > > Section 10.10.6 > > "ECH record" > > used again. > > "trusted Recursive Resolver" > > I'm unaware of a formal definition of "trusted recursive resolver", so you > might trust the resolver, but as this document also explains that sounds a > bit > like hoping for the best? Unsure what to make of this. Or is this the > Firefox > TRR thing? Which implies DoH/DoT querying? > > Cheers, > Miek > > > >
- [TLS] Dnsdir last call review of draft-ietf-tls-e… R. Gieben via Datatracker
- [TLS] Re: Dnsdir last call review of draft-ietf-t… Eric Rescorla