IETF Logo Mail Archive

[TLS]Re: HTTPS-RR and TLS

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 21 May 2024 09:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630ACC14F6A5 for <tls@ietfa.amsl.com>; Tue, 21 May 2024 02:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbOMR5DRfe16 for <tls@ietfa.amsl.com>; Tue, 21 May 2024 02:51:40 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2131.outbound.protection.outlook.com [40.107.6.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4234C14F5FB for <tls@ietf.org>; Tue, 21 May 2024 02:51:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CiUe87ZGEXyvRRZwQGun9KoCx7VqzL2RdS0YlM1bTYnTGKhF90+DpPMvClWBhRlnh4npn4Npys9SDULK23eA6YyBxqUpo+BEQFYrYwEUXWz6NC45ol15uadixQjcof1Q3y3lAROCuRykeV7XfyYfyB90djBlx50e5OV6txGB3VlOsoKXFBhb/1ltgHC6N1XFv+G+xAOa+0WB+IfiAQH4meit5UiUAjuXfaGkUPED/l5Ye4a80fUKyHYPMnTB7QRRTUNRDbwUnI3epwjQ2k0x7MlvmAIKVUOe2ju1FGuHT2Bp0iJOf4g/mt/+goNSnd3degYvsRCBjZ5PipMxbB7nvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dPA8FmgcibasD8zc/68QiWYKIgtbYOaTU+g/qHPi2ZQ=; b=jcTOTV3IhDpikwDEsZbNug+12dvamwXZwJFnu4sH+HzwPWWC5cgaNGnpfSJPWSWU54QuIUjZZ9db6mtMPZnDuCR3cpO2TizzHJGdelWEDU9731Gqv9n4Zk+Ecx6CLIHOSOLOaQ+lFE3rnLpWrTdreB4DtrKp4s9tCFdx2wGGrfPZnKXBIg/to2CNeY4W2DepgayiolLPtFsQXOjdhwa7YKTpcmV95Gj0yGZQMSKE8lheUzAe46CWE7N8VPswrnoJcS7oxIK1QT9sTAfDSa93uek3zXi0DdieQMBtxuOa8ba1I5W8bXIEN8I8ISlEPTC/5nTFE0DTDEzBWbxVcz2Dlg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dPA8FmgcibasD8zc/68QiWYKIgtbYOaTU+g/qHPi2ZQ=; b=kWwKigaCceUtkgS4clsA8hXo8PNdccoepxncOEwRyuC0Yai7oEbIhNAL6kZHcyRdPZu5GqvHbKy6JSs2plG9sqTGQ4eGG/i7uqpsLh2Bf+uDixMVr9Uzs+rAPMx8n+ex/M12PgY82/Pvd75XA0nJuKDVMDtDvvkV1DENWwXgCd7MK6JX7fWh5noS7vS7LOGpzoUnKuw7f3bCcqMQxFWFdFf9jgcyQR7OA4HB+1h2hU8Y7LZbxyRHNSfSqzNhapcJZdJGOIxWQdyaqPx3WD8Je2kpC7w+liv+vG6rOvTuXiifVLpSeaPjfo9MdYJw38flvgJw7EWhSWrXZPvZNXQJsA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by VI0PR02MB10701.eurprd02.prod.outlook.com (2603:10a6:800:201::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7587.35; Tue, 21 May 2024 09:51:35 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::c95:5cfc:63cb:324b]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::c95:5cfc:63cb:324b%3]) with mapi id 15.20.7587.035; Tue, 21 May 2024 09:51:35 +0000
Message-ID: <36fe5130-c04e-4731-8835-3269df544481@cs.tcd.ie>
Date: Tue, 21 May 2024 10:51:33 +0100
User-Agent: Mozilla Thunderbird
To: Ilari Liusvaara <ilariliusvaara@welho.com>, tls@ietf.org
References: <CAOgPGoA8-t_x7WLOjZ7kWaoPn9n2m-RM3VGUFaVttBiFrbjZHw@mail.gmail.com> <26143ff1-1c0c-4baf-9054-2f2b10cee90a@cs.tcd.ie> <CAF8qwaBQaM7q22nWqzWjbwXVbPPUU3TrwSHvTXxbwqCKmw1j8Q@mail.gmail.com> <CACsn0cn4fy2Lese6wNzu+UCqJfLAPMdDKHivERLMxwjifOmrkQ@mail.gmail.com> <CAF8qwaAQG9y0Ri8LcwbQushNL4T_XDkawdqo9PNL3xxxFw2Ghg@mail.gmail.com> <048ec036-9c73-40f0-8c5b-6c5288e65da1@cs.tcd.ie> <ZkxS3gA8P0TV_LYO@LK-Perkele-VII2.locald>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <ZkxS3gA8P0TV_LYO@LK-Perkele-VII2.locald>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------pMeHNSlbCOEK4q6f0O3Y4U4I"
X-ClientProxiedBy: DU7PR01CA0034.eurprd01.prod.exchangelabs.com (2603:10a6:10:50e::9) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|VI0PR02MB10701:EE_
X-MS-Office365-Filtering-Correlation-Id: 03d3b71a-02de-4ac3-757f-08dc797b9a5a
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230031|366007|376005|1800799015;
X-Microsoft-Antispam-Message-Info: pQe+1+2KbU6m1wQ//H+jLb8P5CfwgUfHoq8wLUumjmvRCtS1RLfD/N4o5P7tJ33h/0LY5zaWb9jBHAftYfW4s4LCmZ8Pr/R79RkwnU+gxi0AkCiWz2QVT1WU9nNR0lKfFDMGrQ8x/EvCGB7ix21Kl5/7JWkmDSieY8603MrNTTl5RPvAXaZwSh0FWKQTxjov/7X7sCZh2QH4GGDGuw7OiC7mfqaOI95WpTDZ3VCysHT2SUV+TOuniLtu1yTuBf8E37N+r0+QwtK33kT20zD2taynDzo9HdoYhuv51J4ZATsxH3jen0nSQLIFgSsfl1DLHZbv7RcbyXcCAP5P7KhMd2EhaTS7EJ273XEfQ2YNg583iLD5VhCOsNW7tbVL3DLg3QV3P1PFSUnHnCWmnFtqGhU5Ekt7nERPMHlIaa0jZ27YHZvpUuWNfVo4w54nOaVHt4Ut4aQeC+BA7rlw+jx5FIzdJPLKiQBcrfrE+uQfuarjKaY7EH9QyDgBb/9Y6ox/U4uNeG8blYDieuUkB5FXf5Uf4OqJfaQ+JlCS2rKcA5C0y/fKidOrpIaXKOk35eA6WrLLl5iKYtCdpjbnxvUMe48qi3VUY2ZC+e9h+DRcZbBUeFoK9DR2kSrgLfp5x0byLeDvCjDj4bO6jDmPe16lzAmAckxCpT6SP6t7TAxsdpfJ0VuJ8nldiIZqMLtSEzXyq3gnF5aF7m0fuMEz6YxDtVPvut2aDk/2sFdN1yZrmxlEjpdMMpzPYSAM+L9a9UxX2BZ3q805xUgHAJ+0FJlQiEKzpvOjfCBDUywhWDp4BS03w37q2N8qjBzPoy34tyjqMpuLXmyG+ZOlXC5wAHZhBs60C78y/7B9OhHAQU2uVSU4FfSpUlbnnd+xORnTf4xsAWOuiFiTl6D4bW26BAE9hIoL1VWkRUn3qOjBcCG74qo4RT/8joPdT9rvykZ18Q4/k2/XxnrtSydnegXNUdfJsdZ2vy47+bW/dPNAWSnP/svd3aYUXZObu4GKQtEiQWz2K0PiDzQUfJaP83VCwaDo3K8bbgvtXGXpdJWNZVeNBFshzmaNU2fTq9DTg3S2XYEfJIinDPbdK77Blx3Uyp2ThlLzjTbbiepuikMucK5bwuL+8LyxOd2+HjXgpWEk3WITwxU2kTWxLibFPv7iVBs6IfBW6jpoqoVZuZeFi6I+7yNEtJyou5qC7BNjrd1SowNpCXcPx/apKouVUSEY7dPiXxkjgMtKXv/flhbFVZcr19LPzoRfSjxHzrJf/JOVtPB8yPFPE1SgibMqmSyjhshzDg==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB7PR02MB5113.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: nigkxOKe/fudNtt2BfrfNjquZ7RP37kMX2P3MpXUJB0ASvFBo4eiW/0GOwNhvbuhHaE2xKCmSOOlECePv+Kc2jMXuTyoJ//DlWT9ELDiZ4JMsaLKeHMeg8yKKgPtOjSkk5t1loy8GzzkQo5ses948sys7pS8eixB5/P6wipjhNhZ4PzNTupm0egqyEe6YOmkkew8/Dd2wTP/SvG+3SsGb4coDaD4D/IsT8GBS7+83gHWZzCMtFnhnUf/nsidXTWSTTP2aIiJymxC0ue6+uL9p+Yn/tq2nrgx8Nmq2RGE/PxRbU3TmQDhDEMLoumdJTe9NgG4Q4C385yAP8VBzSihZOMmBgfALT3zVjBQI1lyKI/qj7elZSxrKZ6ZnI9Z7iBb1zAqlEwYgWldT4fI5KzLP4MT6nDmEYE/UhxyX2+oJyzdugb7iGyorYF71bjTc+jtSgkbG5X3/1pcetCKDDMavCe3LKD5SzYeVIXDVeGmxqF5o7/AdVhrKHkObrvPBi6FJ6BGtmEkN5A1vGGK0gtYcNikdecros4cTREe2zMHFWW01nuZuC8P89hmM5DhrBgz+YiOcf9D9lvHUbaIEki0B/lQfO4c+/Pzhxyw5NaRBolkrOPX+opyK72Z21uk8uKBiKewIWkcVDClm6aR+ASzW5+76waOyXZOhLnvBNXj46NAlCpPaupoyhFShwR46/yOHOZYhbygu2yQ1VdMr9ofrOS4RcHsOhOt8YNL8DCCFsJfcoCyrmM/bVTCOqxlGFbP5DMPyT1/zj+BTCYvW1sIpXl6sNzpdraTmCN7cg2kStCYUbrUt4G9ZnWNRQaZZOPNZqh59OrGkkTc6QACbJWVeV5U2ickHdrYlReUw51QC5dgQjxt6iiqQPtFS0ItxTr8fnEMX30JoSzaBFBqReiawakCWWRov03qjFiy+t4POMqFj37GrO8O+NPN/1zHKrpZpL9wsf6G4zA8isYg+xP7jcSZwUR8XNmDr4wU3eG02G4spYMDpXW3hxzGcTe1fF/u0ky6bvNvszB9+sfl6OB4jMykXrkjLJBQaKDikiu+KvBBjv2IyZNwPr648bRhJ5bS8spvtu4UOrKIqo+AG2dQWj0qCYCrVfFnAhSFIiovsmMKSTHMoYLZHZuyEbIHvlWdBerWtQCRiLqdU/9bOXBJpJCRkau+j5O/zL21nj7erxH6uLFo/7y8PQI2qKM7EAZPRrZoRqgZA0ggQ2YvfClFfFMhH+CY9QnUmdyI+4TlYUyNynIKSQy1XNadthegw6CZaudJBpERBeYd5/9OvCwn+EbXKEzbRGAVqKxZDhc2SyXs3jxBYlmxA+ODtomqDSgq6zBDicq+hN3Kr823RY76tkOu+99oBzBzGXWV0SUKT3Iyu0+UVJDCHJDMZyIup3how8DJvc0TaGzzql0XifcmSYn0DaZ25nusI+GzOrhoW6uHUUcWrxz51fpCL2A/vqASvjeHpT4VikQ/n7dKqXHjKYwHQFsUyhHqN5VwifbrSFoE7Rg/ZAiUdqjof2bgqLh+wuNGH+KQ1MPLRlKY6q7WI//hpABgF0e8A8bMbUT+qR1/6zFbqELxyVImE7kWqaqLcPpP2VJK9FAO99nZOTbMqArY1KK7+F16ROCHwob22hfIWljfzs5DVQ84O+Phl6ES
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 03d3b71a-02de-4ac3-757f-08dc797b9a5a
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2024 09:51:35.8168 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: pnTp3oq0//emik0YrL9JbMkmktbXUVxxhlHZ1wGx0UDpbA5cMf2yZ/yvsGyznV3f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR02MB10701
Message-ID-Hash: IQXIOVNQSQD5PXQC5EKUZEDHM7A42FF5
X-Message-ID-Hash: IQXIOVNQSQD5PXQC5EKUZEDHM7A42FF5
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: HTTPS-RR and TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PzVwJlQ5aFXVZHPYbThbYVKYGtM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hiya,

On 21/05/2024 08:53, Ilari Liusvaara wrote:
> Then there is possibility that IPv4 has gateway but IPv6 is direct-
> routed. Then HTTPS entires need to be duplicated with potentially
> different alpn values (filtered for IPv4, full for IPv6). HTTP/3
> requires IPv6 in such setup (as opposed to not working at all with
> server entirely behind gateway).

Do we have any info on tests with esp browsers where there
is >1 HTTPS RR published for the same name? Last I checked
(but it was a good while back), browsers didn't handle that
well, though hopefully that's improved since.

Ta,
S.

v2.30.2 | Report a Bug | By Email | System Status