[TLS] draft-ietf-tls-esni feedback
Rob Sayre <sayrer@gmail.com> Sun, 20 October 2019 21:40 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4CA12001E for <tls@ietfa.amsl.com>; Sun, 20 Oct 2019 14:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.098
X-Spam-Level:
X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jVWZiGBqeLU for <tls@ietfa.amsl.com>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9201912006A for <tls@ietf.org>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id c25so13503280iot.12 for <tls@ietf.org>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=V5jjZ1r2VZvjFuuXYTvQzOccM4vgUHkLE7eXQKYZ2hw=; b=nk6iMObcN9XrWs66cfSjoLPi6YTlnvcljAA0ntj5wmjn0vONhHTDsc6UkQnQFpeNRg DqIbdQReQi01PCAs8l5FHp4Kr9N//tNSAsnHDLwbs+Q/EvXfjbkouVs22yv+oMtTI3eH AItojHJNSk87vH7hyYb8TN1xOKcg0HyTweyQLSNB3iqwTfZg5WSF5C+O2F2dAy9h9+bz KFATHBtImjpeqSLli0d3H/DyUVVC0LZGLD60PMIeHbFGQ7vMqp5JI7nnmHkvvacU+Co+ HXxBu0WjHtT30e4Gt+tVuzUUOnPtReAlhtZ8jxT4sQk6HkiFkyUD8UJ6caKL9Zs1J3I+ Xm6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=V5jjZ1r2VZvjFuuXYTvQzOccM4vgUHkLE7eXQKYZ2hw=; b=CaWBUrhZv50nP0fYR4Zec3WnsdKPeZc2RyESlWMj2vw6q7baWiS8vfT4w7WuEoCZkm U2EXgITWbLtReLcPLe8Lg+xpV7gFK84W9omt1oxdKE1CilolCZXnFDN9ZD/3ZvVSTB2h gPnwF6iEbtE7tu5rbVOdyzoIcs/z9GMz94yqNhhAXzJzD3fdJ72Y2F/dDcZTCWVJnXbo F/6IYtXDYL4qcEpJucmYrzMyQiKOmQN7fhyx+LDbZMVlfGxfFN4jwenOiF0YUQOoEDDS u6vvNWMWXzFBoZO8nIXuUhO14Yc87v3QYyFnZtSocMpvA7JkfV3aZBx4/RAvSKqtDV+A EHeg==
X-Gm-Message-State: APjAAAVH9D2D0jO5mWpJYAwX4aW179tj9aH2IKNyeDAI08toWdb8iqXF OxVBb+QMJuEEETdlbyGgveoSWaLrIjPc2L7BkvLtYNhF
X-Google-Smtp-Source: APXvYqyHAbA4+T4AkK/fxdjj7JiGEBdR6IFQ0u2kfyCivvI2QD/oxsOJ03stdzKu93pj779R9BqB5fJRr8VCa27Aec0=
X-Received: by 2002:a5d:9297:: with SMTP id s23mr12004518iom.49.1571607651285; Sun, 20 Oct 2019 14:40:51 -0700 (PDT)
MIME-Version: 1.0
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 20 Oct 2019 14:40:40 -0700
Message-ID: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c800dc05955e6bb9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UiZGO1zrkOsOnapYI7BQr-Qh-lk>
Subject: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2019 21:40:55 -0000
Hi, I was implementing https://tools.ietf.org/html/draft-ietf-tls-esni-02 (since I believe that version is what Firefox and Cloudflare currently ship), and I had a difficult time parsing this part of the draft: struct { ServerNameList sni; opaque zeros[ESNIKeys.padded_length - length(sni)]; } PaddedServerNameList; struct { uint8 nonce[16]; PaddedServerNameList realSNI; } ClientESNIInner; I hadn't seen the fixed-but-variable length construction that the "zeros" field uses before (although I haven't written much TLS code). It does end up being easy to implement, because "realSNI" is placed at the end of ClientESNIInner. However, this detail was not obvious to me until I got through all of the serialization code I was writing, and it would also seem to limit the places PaddedServerNameList should appear in TLS structs. Judging by the mailing list archives, the design of the field is intentional. It's not clear to me why "zeros" wasn't specified as variable-length with a prose restriction, though. This part of the spec is also just generally difficult to follow, in my opinion. I had no trouble following the ESNIKeys section. Perhaps the problem is in the interaction of prose order, serialization order, and procedural code order. thanks, Rob
- [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Christian Huitema
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Patrick McManus
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Eric Rescorla
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Christian Huitema
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- [TLS] ESNI padding Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Salz, Rich
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Watson Ladd
- Re: [TLS] draft-ietf-tls-esni feedback Bill Frantz
- Re: [TLS] draft-ietf-tls-esni feedback Watson Ladd
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-esni feedback Ben Schwartz
- Re: [TLS] draft-ietf-tls-esni feedback Rob Sayre
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Christopher Wood
- Re: [TLS] draft-ietf-tls-esni feedback Stephen Farrell
- Re: [TLS] draft-ietf-tls-esni feedback Ilari Liusvaara