Re: [TLS] draft-ietf-tls-esni feedback

Rob Sayre <sayrer@gmail.com> Mon, 21 October 2019 14:56 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0204F120043 for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 07:56:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8fYaTkyg8ut for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 07:56:01 -0700 (PDT)
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3974120096 for <tls@ietf.org>; Mon, 21 Oct 2019 07:56:01 -0700 (PDT)
Received: by mail-io1-xd44.google.com with SMTP id 1so4918640iou.4 for <tls@ietf.org>; Mon, 21 Oct 2019 07:56:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qWO05rT49YCqytvz2oY2rde4EgJNWaw+APa+rjUEmow=; b=nhOkeOveTXA3J/oecyUFvdT2YSlH5CtQHP2HGVlhchCXaPMIWG0Za6zXqEalQQ6pqa mVkerSpYIQ08vRtgZrPPfNeDjrh+/payGQC1Ko8yWjoI5tfXrc/DiEvFPKdiZfhxrgao u5Sp+9do1eluk8XmWehJtxfjegjV90tnHWj1R1iZ59ZPzyiS0kGJXEEw7qRpYXRdqXv8 EyrslNE+avfArGQJyos7z05yJV9YJNS9XdxWt1rhc3poFIVTjsABVL8+GXvRkfZtx7OE D7ZTX/E3EIiAWiMO0P2hrmKokxzj0ZiFYlyBTyVshYZGXi/UsNYLQ8gdt8GSp6/adjve ThoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qWO05rT49YCqytvz2oY2rde4EgJNWaw+APa+rjUEmow=; b=DcRh4gbYVY2YVcbzMhRRCbVgbX/sI2ARPyVnDdTtX0Ve8AhmM7W3hFSVy8inTKpsrK XrfDr/F6t/Bxxt3U3ulJ8vyJnUKEiCqZoOOTejp3jYGfbY+ufNspdEhPctM8+gU+ypnM ipqlryWfJeLApAY2esTCcyWOfgaq8s6hxZZGDQy2BSlvDGh6vzadDCRuE8GrRqm4vypB Uo+hoJ0b3U+nWReOz70mVEEFVRTn8jH0KMkB0a+kQT8cifSIXFQ3kNsaBG+zlLPAKbSN 2/E5mu3wU+1H8QM+lqBYmB2b1PTS0xWZloLZPwlTHDSc4D98sCNkQ5KSxNR29Y5TSKAw PwhA==
X-Gm-Message-State: APjAAAXI0oMttxNxbTu0kjFBgG02ieJ1J3xg7fQS0ItwZ5gN1Ip8Xebo lxvgUKja5zSUn6Oz4htLqwe26YeokACINx9wUnqNHMRl
X-Google-Smtp-Source: APXvYqwN59URPknCZ/5ME0YjZ7SVCtIo6A72AlW5EDDIv3ot0HVBhP2IF11R2lf2zcKdheBnrv557BANjzTaqYvJq8E=
X-Received: by 2002:a6b:400e:: with SMTP id k14mr9653375ioa.254.1571669760774; Mon, 21 Oct 2019 07:56:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBPbw_KOo_ieSqkksYPeLtb9DufBz628oFPYc_Ue4S9iww@mail.gmail.com> <CAChr6SwB+7Jt2TLJSQh3q=Roizdt2=9jCBa9nq8KRxRo=86uZQ@mail.gmail.com> <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com>
In-Reply-To: <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 21 Oct 2019 07:55:49 -0700
Message-ID: <CAChr6Sz6xHtFWjOKrLp3sp9MpC-SoU9Sx=vk22ditjShA7B=Kg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cb952005956ce1af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QDSrSZAm7C7IL7gt5Hif1It0Yv4>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 14:56:04 -0000

On Mon, Oct 21, 2019 at 7:41 AM Eric Rescorla <ekr@rtfm.com>; wrote:

>
>
> On Mon, Oct 21, 2019 at 7:32 AM Rob Sayre <sayrer@gmail.com>; wrote:
>
>
>
>> Judging by the mailing list archives, the design of the field is
>>>> intentional. It's not clear to me why "zeros" wasn't specified as
>>>> variable-length with a prose restriction, though.
>>>>
>>>
>>> Because then you have a spurious length field.
>>>
>>
>> I don't understand why it would be spurious. In this case, the
>> deserializing implementation needs to inspect every byte anyway.
>>
>
> Because if you set padding to be the length of the maximum value, then a
> length byte makes every message one longer.
>

Sorry if I'm being dense here. Couldn't "zeros" have a length? Maybe you
just mean it would be superfluous. That could be true, but it is dependent
on the value of a field in a DNS record. If it had a length, I could have
used existing payload deserialization code.

Having gone through every message in this draft, I don't understand the
rationale behind the following section and the corresponding
PaddedServerNameList:

"
...
CipherSuite cipher_suites<2..2^16-2>;
uint16 padded_length;

...

padded_length : The length to pad the ServerNameList value to prior
   to encryption.  This value SHOULD be set to the largest
   ServerNameList the server expects to support rounded up the nearest
   multiple of 16.  If the server supports wildcard names, it SHOULD set
   this value to 260."

That's not to say the draft is wrong, but the rationale seems missing. The
rationale may exist in a mailing list message or github issue.

thanks,
Rob