IETF Logo Mail Archive

[TLS] draft-ietf-tls-esni feedback

Rob Sayre <sayrer@gmail.com> Sun, 20 October 2019 21:40 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4CA12001E for <tls@ietfa.amsl.com>; Sun, 20 Oct 2019 14:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.098
X-Spam-Level:
X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jVWZiGBqeLU for <tls@ietfa.amsl.com>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9201912006A for <tls@ietf.org>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id c25so13503280iot.12 for <tls@ietf.org>; Sun, 20 Oct 2019 14:40:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=V5jjZ1r2VZvjFuuXYTvQzOccM4vgUHkLE7eXQKYZ2hw=; b=nk6iMObcN9XrWs66cfSjoLPi6YTlnvcljAA0ntj5wmjn0vONhHTDsc6UkQnQFpeNRg DqIbdQReQi01PCAs8l5FHp4Kr9N//tNSAsnHDLwbs+Q/EvXfjbkouVs22yv+oMtTI3eH AItojHJNSk87vH7hyYb8TN1xOKcg0HyTweyQLSNB3iqwTfZg5WSF5C+O2F2dAy9h9+bz KFATHBtImjpeqSLli0d3H/DyUVVC0LZGLD60PMIeHbFGQ7vMqp5JI7nnmHkvvacU+Co+ HXxBu0WjHtT30e4Gt+tVuzUUOnPtReAlhtZ8jxT4sQk6HkiFkyUD8UJ6caKL9Zs1J3I+ Xm6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=V5jjZ1r2VZvjFuuXYTvQzOccM4vgUHkLE7eXQKYZ2hw=; b=CaWBUrhZv50nP0fYR4Zec3WnsdKPeZc2RyESlWMj2vw6q7baWiS8vfT4w7WuEoCZkm U2EXgITWbLtReLcPLe8Lg+xpV7gFK84W9omt1oxdKE1CilolCZXnFDN9ZD/3ZvVSTB2h gPnwF6iEbtE7tu5rbVOdyzoIcs/z9GMz94yqNhhAXzJzD3fdJ72Y2F/dDcZTCWVJnXbo F/6IYtXDYL4qcEpJucmYrzMyQiKOmQN7fhyx+LDbZMVlfGxfFN4jwenOiF0YUQOoEDDS u6vvNWMWXzFBoZO8nIXuUhO14Yc87v3QYyFnZtSocMpvA7JkfV3aZBx4/RAvSKqtDV+A EHeg==
X-Gm-Message-State: APjAAAVH9D2D0jO5mWpJYAwX4aW179tj9aH2IKNyeDAI08toWdb8iqXF OxVBb+QMJuEEETdlbyGgveoSWaLrIjPc2L7BkvLtYNhF
X-Google-Smtp-Source: APXvYqyHAbA4+T4AkK/fxdjj7JiGEBdR6IFQ0u2kfyCivvI2QD/oxsOJ03stdzKu93pj779R9BqB5fJRr8VCa27Aec0=
X-Received: by 2002:a5d:9297:: with SMTP id s23mr12004518iom.49.1571607651285; Sun, 20 Oct 2019 14:40:51 -0700 (PDT)
MIME-Version: 1.0
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 20 Oct 2019 14:40:40 -0700
Message-ID: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c800dc05955e6bb9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UiZGO1zrkOsOnapYI7BQr-Qh-lk>
Subject: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2019 21:40:55 -0000

Hi,

I was implementing https://tools.ietf.org/html/draft-ietf-tls-esni-02
(since I believe that version is what Firefox and Cloudflare currently
ship), and I had a difficult time parsing this part of the draft:

struct {
  ServerNameList sni;
  opaque zeros[ESNIKeys.padded_length - length(sni)];
} PaddedServerNameList;

struct {
  uint8 nonce[16];
  PaddedServerNameList realSNI;
} ClientESNIInner;

I hadn't seen the fixed-but-variable length construction that the "zeros"
field uses before (although I haven't written much TLS code). It does end
up being easy to implement, because "realSNI" is placed at the end of
ClientESNIInner. However, this detail was not obvious to me until I got
through all of the serialization code I was writing, and it would also seem
to limit the places PaddedServerNameList should appear in TLS structs.

Judging by the mailing list archives, the design of the field is
intentional. It's not clear to me why "zeros" wasn't specified as
variable-length with a prose restriction, though.

This part of the spec is also just generally difficult to follow, in my
opinion. I had no trouble following the ESNIKeys section. Perhaps the
problem is in the interaction of prose order, serialization order, and
procedural code order.

thanks,
Rob

v2.23.0 | Report a Bug | By Email