Re: [TLS] [ECH] Reverting the config ID change

Ben Schwartz <bemasc@google.com> Tue, 16 February 2021 14:29 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 225CA3A0DA5 for <tls@ietfa.amsl.com>; Tue, 16 Feb 2021 06:29:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDZ163mp88mf for <tls@ietfa.amsl.com>; Tue, 16 Feb 2021 06:29:36 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CA0D3A0D9D for <tls@ietf.org>; Tue, 16 Feb 2021 06:29:36 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id u20so10310727iot.9 for <tls@ietf.org>; Tue, 16 Feb 2021 06:29:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xNEcWXSCAzoOnj2VSg3qjQZr+RqNSbfqodbRjtlgvfQ=; b=PbfHIWCHJFxr8q5UsYrQSl+FyaMXgewJDyShFbM7BF8IwWYdDuRTOTVSCJ5tRoyKO7 RKTcrIAFD/j21k1BGdJdlzJE+rh6LGsSRZdFsEQ/8pvmjnWEI5Ot1f8JO9mppL822sMr eJ+qUv0eYeUXweXvppS3qORuFFxfCkVe40kFXmdPGcIjXKzcs2yikc6lVG+vpbk04wmh ZACOhOhWfuOgqalSh5FM5Na18xyghwXbqop4+oKlXRU0RqyrT1jM3+h+3PU9wjsNsmRw tBLmgUKP74CdKQA+exTxOUMUgcmeAS56qOB+wGvNSiLUJ4IYLo8RMtWxJY7KpvmXv+1p YZTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xNEcWXSCAzoOnj2VSg3qjQZr+RqNSbfqodbRjtlgvfQ=; b=IrgYpdeUed+n/t8wmncgrN4Flyu62slB089OZKiDhqLSiwSjTj397/T6VpP7uuuJyE JSf5c5TcPnbYjRdrQzNuIG54FcPlIv6SqJQaWym/eAT83D/imCEfaw4xEEymfkLbJupq P8a53OPsvn9fl9QWLR5JiCi7Ups8zNYIdA3ft0qDFq9wFHLxZDKrpFhJYCdBuTdsNhbh GXfcuHG5zIX2uBJ+zvMKkFwpe8vYzEpqdfhCNRYTVALIepcQ3NWu5uTwdZnC3R3XoIi0 ODgW0oejedMIuDjD4ZTBh4ZgLNS1YIoDQKYUDsgYb6AmZEZrdQUKU12PsaI/soY1mVMG 4xHg==
X-Gm-Message-State: AOAM5309gGJmwdmiXrKYBqN9506NI5nOI5nGNgM1N963GoHzskeLqw2P R8n4pnWWh3C0z6cyfhlYsi4GCeOjcPqst9nrPFWL1PzcMMg=
X-Google-Smtp-Source: ABdhPJxpAwjk45nnfbvktjgrvluumWZPwRQE6TroUCg42iM1K/0UVsF/175lKKx+Xva/WLZO5ScCtR2TFoEcFBZo2O8=
X-Received: by 2002:a05:6638:3804:: with SMTP id i4mr20146558jav.88.1613485775278; Tue, 16 Feb 2021 06:29:35 -0800 (PST)
MIME-Version: 1.0
References: <e44be9d1-bd0a-4e99-b092-b1b21c517b0e@www.fastmail.com> <7925717a-bcba-4b29-b12b-b47e622c62b3@www.fastmail.com>
In-Reply-To: <7925717a-bcba-4b29-b12b-b47e622c62b3@www.fastmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 16 Feb 2021 09:29:24 -0500
Message-ID: <CAHbrMsCrOJDqVBA-iw+SzzjEgT_6NFq3nLE8ZsKwjyabyF0uGg@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="00000000000082355e05bb74ee8f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/W9IfKlDCy6B7GKHkDIlRuslnGNM>
Subject: Re: [TLS] [ECH] Reverting the config ID change
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 14:29:38 -0000

I find the language around "optional" configuration identifiers confusing
here.  Both of these proposals require ECHConfig to specify an identifier,
and both of them require the client to transmit one, so it doesn't seem
very "optional".  I think the point is that special case usage profiles are
permitted in which the client ignores the indicated ID and substitutes a
different one.  Given that that is arranged by mutual agreement outside of
the protocol, I'm not sure why it needs to be mentioned in the draft, but
if it's going to be included, I hope we can find a clearer presentation.

Substantively, this seems fine to me..

On Tue, Feb 16, 2021 at 8:44 AM Christopher Wood <caw@heapingbits.net>
wrote:

> On the heels of this change, here's another PR that I'd folks to weigh in
> on:
>
>    https://github.com/tlswg/draft-ietf-tls-esni/pull/381
>
> Thanks,
> Chris
>
> On Mon, Feb 8, 2021, at 2:29 PM, Christopher Wood wrote:
> > We previously had a server-selected label for the ECHConfig, but that
> > has since been replaced with a client-computed identifier. There are a
> > couple of problems with this change in practice (see [1]), so the
> > following PR proposes reverting back to the old behavior:
> >
> >    https://github.com/tlswg/draft-ietf-tls-esni/pull/376
> >
> > There is a separate issue [2] regarding the length of this identifier,
> > but we can address that separately.
> >
> > Please have a look at the PR and provide feedback. We'd like to merge
> > this soon.
> >
> > Thanks,
> > Chris
> >
> > [1] https://github.com/tlswg/draft-ietf-tls-esni/issues/375
> > [2] https://github.com/tlswg/draft-ietf-tls-esni/issues/379
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>