Re: [TLS] Possible blocking of Encrypted SNI extension in China

Christian Huitema <huitema@huitema.net> Mon, 10 August 2020 06:15 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114ED3A13FD for <tls@ietfa.amsl.com>; Sun, 9 Aug 2020 23:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reOAviv0iytE for <tls@ietfa.amsl.com>; Sun, 9 Aug 2020 23:15:40 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC9003A0433 for <tls@ietf.org>; Sun, 9 Aug 2020 23:15:40 -0700 (PDT)
Received: from xse232.mail2web.com ([66.113.196.232] helo=xse.mail2web.com) by mx17.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1k515k-0008QO-JQ for tls@ietf.org; Mon, 10 Aug 2020 08:15:31 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4BQ5L45Gjtz28xN for <tls@ietf.org>; Sun, 9 Aug 2020 23:15:24 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1k515g-0004Yo-KE for tls@ietf.org; Sun, 09 Aug 2020 23:15:24 -0700
Received: (qmail 5069 invoked from network); 10 Aug 2020 06:22:38 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.61]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <tls@ietf.org>; 10 Aug 2020 06:22:38 -0000
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
References: <uGJxvVQRPcgn2GZKsKuuVN4SyTe7EOiV3iEK3Cq3Izo0ZstAh1LxEzMKrDZ_0VTrLqeYXQb4k1Qy5uJmEy04zNgngoHBONhVZnvddYYybt8=@iyouport.org> <71e4d18d-9ad8-fd72-729c-db5a0cf7593b@huitema.net> <20200809153526.vf5zlongieoswb22@bamsoftware.com> <1597030308337.61220@cs.auckland.ac.nz>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <8d18ea7c-8f10-1901-38b1-5e1b62d54eec@huitema.net>
Date: Sun, 9 Aug 2020 23:15:25 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <1597030308337.61220@cs.auckland.ac.nz>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Originating-IP: 66.113.196.232
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.232/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.232/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0RZ/HtDapBdRUZhgsSk2AkqpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDoOWO0i/H75teRGzF9TgV+efH zJ6mVE7ewsipSVIfs4YDVL39TANmZxeyMFsApw8agyWFxOA5dILPypvKxNVhWQwOVcNrdpWfEYrY fLBY3+cYf7ytBnDsQnIchmEhjY9rmdySlZou9qHIGOZDEEo7O2nS6C1mWTD2n8BB0gTSSfDtw+Ut ziY+nbU7qa50sEXj8hEv6ylbrSataIASdByf+qyWDcKgIew/Pqmv8CiR0A+Ffy7fEg460Hn2xYnW avStyzAiWbbj13U46jbWFIz21cHX/YzWyFk7762whX3QQ+5uhkPm88V7ziklAaTl19sU919xeAvO xjeQEcL5lNmXdLn4jABaJqtNDIuGYj2WGeveXgFMyx0sD4hRS2uyMFprER9E+btGG8Xk1uugE/FU 4J9TrjYo22Tif+7yfJXbGyN6EipRzMVZ5LqwTx7Vvn9SP+LiFhV9TEgXGI3XmDfDnFWB11dhDcan IFpyAO2lFVttXUnQo/RrgSA47LvwuhtFy8XlRoIGx8Vlo+aqc0cHowBYRpgpAHWj08yg3C7wbMZU PVcmx1QL+XiKf76y/BgKaR97ehxbOhB4itgOoiDqu/KY2AXNZGS5G93aGyH8MqMlOQRMVMd0HCeT skOZ5TL80aILVilEz+1RCT6RCktHdDXg724gFzhHYUe+7aKm0vUbdj0zR31iPX6u9SLSQB+uTi+J 2sBvM/O0p+zizleC4va6FPcpDHjXMKZJK8+chiYCM/UZ8JDoX+j+oCBQ33227cTs80/2FnZg/IMs IAdedSzLrjsyfTPCYbMCLdmf5h2vfxw3Qvb2Glio5Cia/9Kfg4kJ0WtAYbrpe3OOAtQNb87OBHCz Hbokiue7PjVB1S6AQRz4SqXhOP5fdiQt7lu5Jm5nk4BSgYHOJJgUtm67rBRli6kULE5BQDZnPvvF VsQ=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XNsPFctg3XNiQ0KNNHqN38d5a9g>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 06:15:46 -0000

On 8/9/2020 8:31 PM, Peter Gutmann wrote:
> >From the writeups I've seen, what they're blocking is TLS 1.3, not ESNI.
> Since ESNI can be de-anonymised with a high degree of success (see various
> conference papers on this) and in any case doesn't matter for the most
> frequently-blocked sites like Facebook, Instagram, Twitter, etc, it may not
> even be on the GFW's radar.  My guess is that the GFW doesn't have a fast-path
> mechanism for TLS 1.3 so as 1.3 use grows it's being overwhelmed, therefore
> they're blocking it until they can upgrade their hardware.  The fact that ESNI
> is also affected is just a coincidence of the blocking of 1.3.

Please check David Fitfield's message above in the thread. The research
that he quoted is quite specific, "The ESNI detector only matches the
ESNI encrypted_server_name extension 0xffce (draft-ietf-tls-esni-00
through -06), not the ECH extensions encrypted_client_hello 0xff02,
ech_nonce 0xff03, outer_extension 0xff04 (draft-ietf-tls-esni-07)."

-- Christian Huitema