[TLS] ESNI robustness and GREASE PRs
David Benjamin <davidben@chromium.org> Mon, 17 December 2018 23:17 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0713212D4E9 for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 15:17:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.959
X-Spam-Level:
X-Spam-Status: No, score=-10.959 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crcWqEZrqigg for <tls@ietfa.amsl.com>; Mon, 17 Dec 2018 15:17:50 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12C42126C01 for <tls@ietf.org>; Mon, 17 Dec 2018 15:17:50 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id o125so8441424qkf.3 for <tls@ietf.org>; Mon, 17 Dec 2018 15:17:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=pJeOZBU7INyX7W+YMwnao+dIB0pKJ0jYPxLsEXqK908=; b=g+q3UUf1azOoJ6JISNIB5sT0YgCi7ewY0av4v9Pu77wF/32xqA1IkfgfhIHAwcnATq HYUk+ReTCMIPUqqx7AtjWbjhTF+y2G4p5MgoglGzQrqqBsBT0Zwa1WX9jSj8xlDOqeHb J9Wme7plo96mo6q4/aWeLZPrAGv6w2RNcp/Bs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=pJeOZBU7INyX7W+YMwnao+dIB0pKJ0jYPxLsEXqK908=; b=seW0vb7hjqgdBZFaRcFpDKzSJkX+B3xpNEZcxu8rpvWWVaaNquMdgIG98+EfvG2ie2 hJ8p/nKI+5inUC8XvDbwz3EaaLeRBsaJgqwZw1W77Nl22PVjIFrrSNuGuC0eatZVDC3a HH4mXUf280GJQ6NnOJYM48e2LOj5Q9QzDxDHeqMB+RLNT2ZND9Gqm5YR5rolAdl33N+W rqdXt5xmi+P/PxwAl2FJGW1AK+fLuG4Ox48n95OZtlX0k2lw6eP4/p8NUfVdurH31NKk n+QPqsasxGBJws2luhCBhzpDdn/rVypIN9+K89xfXLPC4iNdYyOLR1LqTqmq/mDuXAXg 4Igw==
X-Gm-Message-State: AA+aEWZh8B8zAgDp2HLa4ctuqM9JEVWdMlHNfyJLZJftdRnnhhRBq2Dl tILKcEobSpxryJa4A/xCeRvf5Goy1iiTWmdCv6jHWj9SUQ==
X-Google-Smtp-Source: AFSGD/XQxaRNsya+kn44WXWVnfbdAr5IZX1NXBzvlfwzycT7UMgdL2uKRDIlEaxjYGCZaIXuIOM/LGkhaJ/LaCv8jkE=
X-Received: by 2002:a37:2714:: with SMTP id n20mr12553279qkn.349.1545088668711; Mon, 17 Dec 2018 15:17:48 -0800 (PST)
MIME-Version: 1.0
From: David Benjamin <davidben@chromium.org>
Date: Mon, 17 Dec 2018 17:17:37 -0600
Message-ID: <CAF8qwaAh-eCLOR3YX3KoVWPe8=uquO+9wwbiSYpOyxvizBSeEg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Cc: Steven Valdez <svaldez@google.com>, Adam Langley <agl@google.com>, Ben Schwartz <bemasc@google.com>, Brad Lassey <lassey@google.com>
Content-Type: multipart/alternative; boundary="0000000000003f721a057d3ffdcd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UYz5psI2GtHHG_ZeokekTAADHB0>
Subject: [TLS] ESNI robustness and GREASE PRs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 23:17:52 -0000
Hi folks, We[*] wrote up some proposed changes for draft-ietf-tls-esni that we'd like the group's thoughts on. The goal is to make ESNI more robust and eliminate a bunch of deployment risks. The PRs are linked below: https://github.com/tlswg/draft-ietf-tls-esni/pull/124 https://github.com/tlswg/draft-ietf-tls-esni/pull/125 The first tries to make ESNI more robust. It introduces the notion of a "public name" which gives the client an authenticated signal to retry with new keys or without ESNI at all. This mitigates DNS/server mismatches (a concern on each key rotation), and partial rollouts or rollbacks (a concern when first enabling it, plus some scenarios with TLS-terminating middleboxes). The second recommends clients to send GREASE ESNI extensions when they do not have cached ESNIKeys available. This better meets the "Do not stick out" goal. The server behavior in the first PR gives us this for free. Details are in the PRs. (The two PRs were originally written up together. I split them in two based on some feedback, but since they touch the same text, the GREASE PR includes the robustness PR. If the WG wishes to go with one but not the other, the text and details can be adjusted accordingly.) Thoughts? David [*] Steven and I wrote the text itself, with input from Adam, Ben, and Brad, all CC'd.
- [TLS] ESNI robustness and GREASE PRs David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs Stephen Farrell
- Re: [TLS] ESNI robustness and GREASE PRs - client… David Fifield
- Re: [TLS] ESNI robustness and GREASE PRs Kazuho Oku
- Re: [TLS] ESNI robustness and GREASE PRs - client… David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs - client… David Fifield
- Re: [TLS] ESNI robustness and GREASE PRs - client… Viktor Dukhovni
- Re: [TLS] ESNI robustness and GREASE PRs Ilari Liusvaara
- Re: [TLS] ESNI robustness and GREASE PRs David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs - client… David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs Ilari Liusvaara
- Re: [TLS] ESNI robustness and GREASE PRs David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs David Benjamin
- Re: [TLS] ESNI robustness and GREASE PRs - client… Ilari Liusvaara