Re: [TLS] SNI from CDN to Origin (was I-D Action: draft-ietf-tls-sni-encryption-08.txt)

Rob Sayre <sayrer@gmail.com> Fri, 11 October 2019 13:45 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1866C1200A4 for <tls@ietfa.amsl.com>; Fri, 11 Oct 2019 06:45:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbzQ5dP-b5Z3 for <tls@ietfa.amsl.com>; Fri, 11 Oct 2019 06:45:19 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0BD2120090 for <tls@ietf.org>; Fri, 11 Oct 2019 06:45:19 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id n197so21535448iod.9 for <tls@ietf.org>; Fri, 11 Oct 2019 06:45:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XV3cGTgQg4k5YAmzAVfU5HhOn+G/lkTE0z3XsBIQMkE=; b=Afd95lUrkcYwNHI6xFuDUTJVDz3EcVi9b/NgC5w41qZ6JYNRP74xDNzl5FT2qqKimt UfHX//F3/IoXaxt3qxuwC/dCEJmI2XKfweJM9Q32cz4Sn8Rw28Wicc0UOdOuxEGA805m TxzfNTn87nX+cGQPDYH/9Oc7FXtgb6Fz5K0n8e7CVQKiV+uZ8n0ZfkvzS8lXVmuZR/D/ NTpibDN4Ou/UzaBdC37bdk/J8+GtxdsQJdNN8Kd5iTyyv7aXNXTbr9Iy1ZL2yXNMwiPx tloRD7+J/l1gQg9C16YijUHFxt5aNDf0K08Z2jOkFRAg7EBqnFrQkPruwyM6rH2QYHuL Z/aA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XV3cGTgQg4k5YAmzAVfU5HhOn+G/lkTE0z3XsBIQMkE=; b=CiBw+pc4cOaoi1J4CcQefGEWSNPtifaPogkPkmqk8xjYYhI7oMVtFn1hyaYcOcFFFd jLayVj3LnswQ71VXtX8DHm4nSPCzZcKb1XPnr8M4M4T1fPV4i4Nuu9zJVDhx5JT42qW4 Nn6CBxK6stnQh1wgtoHcGUp3qZ21W7BQKF2OI5vRmHziad3ILQy9luRJVO4/ha643dmU Az+N8jbQw41wCV56Hl9YaY/2p1I2njapooFWm5JfaTxTQ4xVlxQt062/AN8EGQl9n/tW AcjEhiPQV6GYueVwZii9pNLuHLPEnfxuemNl3BSjD+Er5L/aY6Xwf6ipTx9sbjWVhQA4 9f1g==
X-Gm-Message-State: APjAAAXPYMKo3rEOpMuJlrbwXEkmcHXfbWgZvEYu2xRPlKs1pJqGqG4T 1Nylx2u9BlUThi7zMmcriB0eF7E7LjDlizBQYjSZiZm2RCv+9A==
X-Google-Smtp-Source: APXvYqyQbx6jPCc+pDnWJ7O4TgTcapIoK3dLs3RUNkBB7WjFz5zVYq0KendzxZnewFo3I1wJdyl6wixkFkvBOusUdH8=
X-Received: by 2002:a5d:8f83:: with SMTP id l3mr13793435iol.73.1570801519013; Fri, 11 Oct 2019 06:45:19 -0700 (PDT)
MIME-Version: 1.0
References: <157048178892.4743.5417505225884589066@ietfa.amsl.com> <CAChr6Sy9=GbUO19X0vc0Dz7c565iPAj=uWVujLV5P3_QL5_srw@mail.gmail.com> <28C7A74D-5F9D-4E1A-A2D2-155417DA51C0@akamai.com> <CAChr6Szay7j=czCaYhKGp9bHHmZiArU440hSnvNqNaL+hX2wKA@mail.gmail.com> <F932C81B-95E9-4044-B975-9AFCD09CF7FA@akamai.com> <CAChr6Sy=+qt=KYKfXEkWhBBev88-XEcB4tOZLz9cBf76wsUo2g@mail.gmail.com> <80F168B0-7F30-4FDA-BD0F-4C787802F0D5@akamai.com> <CAChr6SyV+qMFs56THZzBxNv5vkQTeBJdG9GtutvVMcyP2CxN7w@mail.gmail.com> <CABcZeBNtv-4=dtrArZwnJHSohrbsrtG53_ynSZdcMp=YeWc9iA@mail.gmail.com> <CAChr6SzCONU2yA87QGNhsx7=5Zn82v1_euBJ-kbRci4vJ32oUw@mail.gmail.com> <83192EC8-6A24-4638-80AC-6D2AF9C68BBB@akamai.com> <CAChr6SwdP7iA=ZYg+xa3Ye-b97sekw6=qwJZu2w0n1ZZC9wG+Q@mail.gmail.com> <CABcZeBMLaiPuXhgrExTkdhfaOU_m4g-c+Lq-YmHsKiHyB0jDRw@mail.gmail.com> <CAChr6SznAYZDHFPNHX8Uoyo-Fnx8_uMxCOda1zf37Cxnb5A4WQ@mail.gmail.com> <CABcZeBPoyb5sF+ddH8OU_78eJF5sD2df-+ScHRb1xTYhHRHS0w@mail.gmail.com> <CAChr6SyM_yX36p2W_-seE-9kuJ99RTYEHY_vCRNFjLx3utjogw@mail.gmail.com> <CABcZeBPkQjsRr83PYyvhGF8ByeC1gGFWQgofrf=dZmfAfm7UJg@mail.gmail.com> <CAChr6SxSP7LbYkK50-KJu4H4VLLyHpuuK_+N_WZs5Ky5PNnM+Q@mail.gmail.com> <CAHbrMsCiC_2PJNuvYMO+owJC=zJgbYzEZD1kkW38c8yw+qe0nQ@mail.gmail.com> <9832ebfb-7c1f-4ce1-9bf3-d98845aad671@www.fastmail.com> <CAChr6SzAvAcyebuDCGzHeuSMqUQE5mC-XjTx2EwFb-OF65b-aw@mail.gmail.com> <CABcZeBMSGv3q_zYZzzYtWfhuM0C2diLU6i7Z6m7E2+3zbmyoJg@mail.gmail.com>
In-Reply-To: <CABcZeBMSGv3q_zYZzzYtWfhuM0C2diLU6i7Z6m7E2+3zbmyoJg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 11 Oct 2019 20:45:05 +0700
Message-ID: <CAChr6Sw4Z2qsgVNUzjHkLeodtk7ZomkC3cbTwtQ59NbiaWCwfA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Thomson <mt@lowentropy.net>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008db55a0594a2ba71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UjXhOQudV0NK_l0Vlh36u2wkw_M>
Subject: Re: [TLS] SNI from CDN to Origin (was I-D Action: draft-ietf-tls-sni-encryption-08.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 13:45:22 -0000

On Fri, Oct 11, 2019 at 8:24 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Thu, Oct 10, 2019 at 8:12 PM Rob Sayre <sayrer@gmail.com> wrote:
>
>> On Fri, Oct 11, 2019 at 5:37 AM Martin Thomson <mt@lowentropy.net> wrote:
>>
>>> On Fri, Oct 11, 2019, at 07:57, Ben Schwartz wrote:
>>> > The obvious solution is for the TLS client (i.e. the CDN) to support
>>> > direct entry of ESNI public keys alongside the IP address. Users who
>>> > want to be able to rotate their ESNI keys more easily should use a
>>> > backend identified by a domain name that is distinct from the
>>> > user-facing origin hostname.
>>>
>>> I was about to say the same thing.  No need to get fancy.
>>>
>>
>> Isn't that more complicated than sending the SNI in the second client
>> message, though?
>>
>
> Well, both of these are more complicated than Host header. What's wrong
> with that?
>

The SNI and the host header often have to match (or at least have a known
mapping), because the origin server might want to prevent domain fronting.
This might be less of an issue over IPv6, but I think that's the reason the
two fields are currently more tightly-coupled than they were originally.

This issue has turned out to be surprisingly subtle, and current practices
seem to vary widely. My goal is to keep the SNI encrypted on the wire from
CDN to Origin (I understand that the SNI is visible to the CDN).

thanks,
Rob