IETF Logo Mail Archive

[TLS] ESNI robustness and GREASE PRs

David Benjamin <davidben@chromium.org> Mon, 17 December 2018 23:17 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0713212D4E9 for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 15:17:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.959
X-Spam-Level:
X-Spam-Status: No, score=-10.959 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crcWqEZrqigg for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 15:17:50 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12C42126C01 for <tls@ietf.org>; Mon, 17 Dec 2018 15:17:50 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id o125so8441424qkf.3 for <tls@ietf.org>; Mon, 17 Dec 2018 15:17:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=pJeOZBU7INyX7W+YMwnao+dIB0pKJ0jYPxLsEXqK908=; b=g+q3UUf1azOoJ6JISNIB5sT0YgCi7ewY0av4v9Pu77wF/32xqA1IkfgfhIHAwcnATq HYUk+ReTCMIPUqqx7AtjWbjhTF+y2G4p5MgoglGzQrqqBsBT0Zwa1WX9jSj8xlDOqeHb J9Wme7plo96mo6q4/aWeLZPrAGv6w2RNcp/Bs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=pJeOZBU7INyX7W+YMwnao+dIB0pKJ0jYPxLsEXqK908=; b=seW0vb7hjqgdBZFaRcFpDKzSJkX+B3xpNEZcxu8rpvWWVaaNquMdgIG98+EfvG2ie2 hJ8p/nKI+5inUC8XvDbwz3EaaLeRBsaJgqwZw1W77Nl22PVjIFrrSNuGuC0eatZVDC3a HH4mXUf280GJQ6NnOJYM48e2LOj5Q9QzDxDHeqMB+RLNT2ZND9Gqm5YR5rolAdl33N+W rqdXt5xmi+P/PxwAl2FJGW1AK+fLuG4Ox48n95OZtlX0k2lw6eP4/p8NUfVdurH31NKk n+QPqsasxGBJws2luhCBhzpDdn/rVypIN9+K89xfXLPC4iNdYyOLR1LqTqmq/mDuXAXg 4Igw==
X-Gm-Message-State: AA+aEWZh8B8zAgDp2HLa4ctuqM9JEVWdMlHNfyJLZJftdRnnhhRBq2Dl tILKcEobSpxryJa4A/xCeRvf5Goy1iiTWmdCv6jHWj9SUQ==
X-Google-Smtp-Source: AFSGD/XQxaRNsya+kn44WXWVnfbdAr5IZX1NXBzvlfwzycT7UMgdL2uKRDIlEaxjYGCZaIXuIOM/LGkhaJ/LaCv8jkE=
X-Received: by 2002:a37:2714:: with SMTP id n20mr12553279qkn.349.1545088668711; Mon, 17 Dec 2018 15:17:48 -0800 (PST)
MIME-Version: 1.0
From: David Benjamin <davidben@chromium.org>
Date: Mon, 17 Dec 2018 17:17:37 -0600
Message-ID: <CAF8qwaAh-eCLOR3YX3KoVWPe8=uquO+9wwbiSYpOyxvizBSeEg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Cc: Steven Valdez <svaldez@google.com>, Adam Langley <agl@google.com>, Ben Schwartz <bemasc@google.com>, Brad Lassey <lassey@google.com>
Content-Type: multipart/alternative; boundary="0000000000003f721a057d3ffdcd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UYz5psI2GtHHG_ZeokekTAADHB0>
Subject: [TLS] ESNI robustness and GREASE PRs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 23:17:52 -0000

Hi folks,

We[*] wrote up some proposed changes for draft-ietf-tls-esni that we'd like
the group's thoughts on. The goal is to make ESNI more robust and eliminate
a bunch of deployment risks. The PRs are linked below:

https://github.com/tlswg/draft-ietf-tls-esni/pull/124
https://github.com/tlswg/draft-ietf-tls-esni/pull/125

The first tries to make ESNI more robust. It introduces the notion of a
"public name" which gives the client an authenticated signal to retry with
new keys or without ESNI at all. This mitigates DNS/server mismatches (a
concern on each key rotation), and partial rollouts or rollbacks (a concern
when first enabling it, plus some scenarios with TLS-terminating
middleboxes).

The second recommends clients to send GREASE ESNI extensions when they do
not have cached ESNIKeys available. This better meets the "Do not stick
out" goal. The server behavior in the first PR gives us this for free.

Details are in the PRs.

(The two PRs were originally written up together. I split them in two based
on some feedback, but since they touch the same text, the GREASE PR
includes the robustness PR. If the WG wishes to go with one but not the
other, the text and details can be adjusted accordingly.)

Thoughts?

David

[*] Steven and I wrote the text itself, with input from Adam, Ben, and
Brad, all CC'd.

v2.23.0 | Report a Bug | By Email