Re: [TLS] Multi-CDN and ESNI

Patrick McManus <mcmanus@ducksong.com> Wed, 24 October 2018 21:04 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B744128B14 for <tls@ietfa.amsl.com>; Wed, 24 Oct 2018 14:04:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=jRoQYzzQ; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=WMMFwq+U
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZUpOwy2c1kj for <tls@ietfa.amsl.com>; Wed, 24 Oct 2018 14:04:28 -0700 (PDT)
Received: from outbound2n.ore.mailhop.org (outbound2n.ore.mailhop.org [54.186.218.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E90C126CC7 for <tls@ietf.org>; Wed, 24 Oct 2018 14:04:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540415067; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=EbRbq9ud0+2MgcY9BprEdRnpaSTqNKC6VCd9TdIcE9i5IJ0glAy7gpUbMV7jB3gbSDMoh0GAnqKuH P+lyZp2PrA2gIusa0FOU+vnI52LYApj4uGvzQRx2siSCbjSzUQg/mjT/P1DDfZp4ZkWzbMkRHm2E+6 OXfHv9TQ+13CNSR7b46nJMoJM75+yyNtJOrAUHHYvoBl6KedBcGSFAyKkqmPbiTpi0Tw7xVZPRZ4fB vR0WkDeHpxlVgD/M1QdTK1PnHwwxnKH7XHlUotBuNFChWNdaldpt8usAY7/WaPDnT4zHZrWYtcrpfw xdhJJe3XL48KI5zLzXl4w7QOIUJYSaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=wcMHFR7wKmnz4PsxhOSpf7lA/WRScG+KayJsMlRMDu8=; b=DKPiCu2fiSggcDd66YmZaZfiEJ3F0ToDdCBdnsCU5/JcFKLVd848JsCgnu7BQ1GsoTAjCrvZGFQ5i On74iwyJ+byPq/OEyV9+K5aiA6AT80GcZd1t5jBRYq2I5RaxzsPjFqPGLPzS0iqxmpS78HMzbwQ1zn nsNz8Ja1OxmloD198Zb8i3MAbOpmRo/hdAV5zNOHthmhWdiEyNIIBB3GKbXC0mRsfjhFqgZ+mvSSTu VK0IsJYCd264P19Qzhkg8LlksvNASSDR8vyXd1sSZ+QpiwLT6wC0PD22YxY+Vp4OCQ2CUd3/Qfnmeb yAlPvYYwVx2tOi8J71KMF/P3w6GWHjg==
ARC-Authentication-Results: i=1; outbound2.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.42; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=wcMHFR7wKmnz4PsxhOSpf7lA/WRScG+KayJsMlRMDu8=; b=jRoQYzzQDovleYq/Gpy00xyTZOJ9/Pu7H3RZv2U4YbXPWmgY8kqkUY3lN7hcsqTHnsB0iFLgPjDSb CLHHXDRmKd5nZUdVUkGM3GaqHLNdh4fN0F21nrqfcHnUYY2x8CYyC/6Nyy5NQofYGNvo6vSosrTunv UIhjeTYgjp1INBA4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=wcMHFR7wKmnz4PsxhOSpf7lA/WRScG+KayJsMlRMDu8=; b=WMMFwq+UQSBEAN6b8hwGCiAJNC2voNxhiy3xeA2AUH+lxqc301AjS0+sfDm56mWkiPa1f8o8gDyFo XOpnx0rCLFvnkJGP+aQskCAqHhm+XTVQ08OR0atXRbhl4FkhSbtj607YWG4EV7lLaVHI4itS7X3sli 3RWgJL/lUfY9/ApdnrUgnptNTc3KR5uD5h1MUD4B0MLmGh0rjq7gPEbYhfp1T9bf55gBovfih1pGsg 9/afl8RaVssCLx6jVVhr30rg+8tLbwr2zC/L8WFS60RllMB/T/yHpSZE7+QKkBTUrIKCx7hT+8TDiF /dov6jWT16XxSw7GGsL7ydthtZxsSEQ==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: 636da507-d7d0-11e8-a630-335f030b21f2
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.42
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f42.google.com (unknown [209.85.210.42]) by outbound2.ore.mailhop.org (Halon) with ESMTPSA id 636da507-d7d0-11e8-a630-335f030b21f2; Wed, 24 Oct 2018 21:04:26 +0000 (UTC)
Received: by mail-ot1-f42.google.com with SMTP id k9so6481513otl.10 for <tls@ietf.org>; Wed, 24 Oct 2018 14:04:25 -0700 (PDT)
X-Gm-Message-State: AGRZ1gKuwpsMBF30AFDvCThW+0tnPv1ZPk3yuWozdGKxLvDSe2Vv003X /qMczUmvqRkiUHRgMIR6rTzRMEwsFoUMbBrLtLw=
X-Google-Smtp-Source: AJdET5e84GfeEl44xTlrTaRisISuVte9JTafLrCd3/fonnSTfJG/l+qByw1vWJd9jWKvZDhVI1Hbp8triFAUGumUa0M=
X-Received: by 2002:a9d:32b:: with SMTP id 40mr2482165otv.5.1540415065434; Wed, 24 Oct 2018 14:04:25 -0700 (PDT)
MIME-Version: 1.0
References: <DDE6F8E9-6635-4D69-8028-83D49E9D7437@akamai.com> <CAOdDvNpmLdHQj2yE3tNNbjxCqOZMqTriODwG6setC9ajJmx2pQ@mail.gmail.com> <CAFDDyk9dSW0Ts6kQpRwWN4d7GiaNDkMo4Dmyg9iEUro6Ecp1_Q@mail.gmail.com> <CAOdDvNpd+UONQfs8zNVMAMkPAf=0ys9ZM6rX24e+bR_MbaAgVQ@mail.gmail.com>
In-Reply-To: <CAOdDvNpd+UONQfs8zNVMAMkPAf=0ys9ZM6rX24e+bR_MbaAgVQ@mail.gmail.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 24 Oct 2018 17:04:14 -0400
X-Gmail-Original-Message-ID: <CAOdDvNqXqGpGAW75cNcWg+hABPJ7hmzQ8XdfrAXYMKEkA8bFtQ@mail.gmail.com>
Message-ID: <CAOdDvNqXqGpGAW75cNcWg+hABPJ7hmzQ8XdfrAXYMKEkA8bFtQ@mail.gmail.com>
To: "Patrick R. McManus" <mcmanus@ducksong.com>
Cc: Nick Sullivan <nick@cloudflare.com>, "Salz, Rich" <rsalz@akamai.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c831830578ffd4ed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UmqTdSKDTpBq0iRO-bklMfiJWyQ>
Subject: Re: [TLS] Multi-CDN and ESNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 21:04:32 -0000

Here's a PR on one way to skin this cat.
https://github.com/ekr/draft-rescorla-tls-esni/pull/104/files


I hope to work this into a PR.. my first attempt wasn't very readable, but
>>> I'll try again tomorrow.
>>>
>>> -P
>>>
>>>
>>>