[TLS] Constraining ECH to HKDF-based HPKE ciphersuites

Christopher Wood <caw@heapingbits.net> Mon, 17 August 2020 21:10 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23EF23A11AE for <tls@ietfa.amsl.com>; Mon, 17 Aug 2020 14:10:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=RbxwIGW3; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=YVuby72K
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hb1ytfB7QIYK for <tls@ietfa.amsl.com>; Mon, 17 Aug 2020 14:10:14 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4358A3A1189 for <TLS@ietf.org>; Mon, 17 Aug 2020 14:10:14 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 7F2E7CAD for <TLS@ietf.org>; Mon, 17 Aug 2020 17:10:13 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Mon, 17 Aug 2020 17:10:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm2; bh=DfkgzCIQdXYPhPT3RGOHarE3jJj4gQnq1Qq8qRO/tPM=; b=RbxwIGW3 ogerUyN31YkA3iaCsx/3h9zkbNNuft2vTJrIinv9RuC3YyDEokb2xbxFcrChRU11 +QxG1FJ8n+Ec2KD+XHJC/Jwsn1T6V+8HhTJaAS7PMe9vgkw7Z4DWe2/ZHyBzyQ8K /tU5ePiQ83JyinVEv5wkwzlrXkcuUaibBAhhIZ0nDKQgrDTtmHlpO7DdSs8x4Tpd 2EOzDw5gdr4mvCTF0MD1W4tF2+i67D35HRwzCt43LjhOuwNam3tYh75w4nCft9V7 0iUcBHdrMe7j2zeCLBc70BWEGt3LsFCLiC/IOax6zPP7E3e0mWBcVorYrFCyButF NVTQR71Ni/296A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=DfkgzCIQdXYPhPT3RGOHarE3jJj4g Qnq1Qq8qRO/tPM=; b=YVuby72KGmzHhhymiH6WJ+Q4XqFuIfONYINkY/Xw04OSx GFxZnt+ga0uOFlSVbUEe5QBG+tx//KH8aiUOr6mHGaxlth5krlCXHTCfnlRsWsvt 4MI/lHSJHq19koR/HuZaXTjFOr3Ula0GVa2DIUzUOn60rILACXBtNhcs5er+UaS2 gvunzO911EPMM3U1t9WmFROBY8wyT3EdOH6/FruD6BPXdp9Uimz61QaaI/tqX3FE 6IrgKJf2WtMCN/6juo1kCkhN2X/ReD2ol22//5A6ZUQWA3YhaL9Ovo35+97v7or0 VHPqHB8S7/xPSQNiNLq7NYZ4Vk3OqQilDH4FssSkA==
X-ME-Sender: <xms:NPI6X8eVzLhUjr0VCK8cN8Ku-ppXq_3F6Ey3wyLNctN0ssnPrXNjig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddtgedgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgifsehh vggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeefleekheeffffhhe eiieejgefgkedtffetjeekledtheffteeukedvtedtfeejgeenucffohhmrghinhepghhi thhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:NPI6X-OrFmsJ5HiMmaZUsRj994ccSGfHbXcCzY6XQmxE_iAlhky50w> <xmx:NPI6X9h5uT3czngCP-3ngYGSVOEd8CHFVjYTjEjWJMIJZeBiU-bbQQ> <xmx:NPI6Xx9ddNPmctHCIVlfHmgfZSXMtNf1myxvbrQwZ-IlrGnnE4Q2KA> <xmx:NfI6X9Naya5gQqWCReBuxnxyN2UPke8Z2K-VzXvfRtYMXFwLFZrqgA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9A9C43C00A1; Mon, 17 Aug 2020 17:10:12 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-192-gd9d7a78-fm-20200816.001-gd9d7a786
Mime-Version: 1.0
Message-Id: <ee8c4bb1-554a-4f45-a1d5-17e49b320562@www.fastmail.com>
Date: Mon, 17 Aug 2020 14:09:51 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <TLS@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RMDKw1Jf2BLNh1hxO7j-dDCHNhM>
Subject: [TLS] Constraining ECH to HKDF-based HPKE ciphersuites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 21:10:16 -0000

HPKE recently removed the Hash() interface from the KDF, which means we need to either (a) change how the config_digest (formerly record_digest) is computed, or (b) constrain ECH to HKDF-based HPKE ciphersuites. This PR takes approach (b):

   https://github.com/tlswg/draft-ietf-tls-esni/pull/271

Please have a look and provide feedback. 

Thanks,
Chris