[TLS] Using ECHO mechanisms in QUIC

Martin Duke <martin.h.duke@gmail.com> Wed, 05 May 2021 15:42 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD7E3A14D1 for <tls@ietfa.amsl.com>; Wed, 5 May 2021 08:42:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id votKSD5xzh1r for <tls@ietfa.amsl.com>; Wed, 5 May 2021 08:42:25 -0700 (PDT)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47D3E3A12FE for <tls@ietf.org>; Wed, 5 May 2021 08:42:25 -0700 (PDT)
Received: by mail-il1-x134.google.com with SMTP id e14so2068454ils.12 for <tls@ietf.org>; Wed, 05 May 2021 08:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=5Zoh1XcxtbQ9vyIlMKZ24/u3KxVAcs/k0hE2qfUKQ3M=; b=TSAbhm4PELRNCImDyi23df1ddHRJMiKlRlC+JMpD//3qwKi8IUCXaRdB2Aq92EL08s 7LjePASxy81CtK6NJnIVoxM5lJrefB4PwbPN94utU+0KlxWKSIaoAJQPxru0gMOZhN2m ORfXPPGsRXmr9k5D8Jba+LAjqomO0jlpmD5pdvTRzvkdfPn72BaKBzIdagbODZvAiAij zGnPsltNsEfXjWwHsBALLLQfmOGnMfHgKEuAersmc1fT1iTrvTVno4j9laAgH9vPzZEc GvLwaLNOHedqEUDhnDa8cwoInjuhxkOSt8UkZ2kE5iROLhyiKqBobzw6KPnNtBkS+jIW 7XSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5Zoh1XcxtbQ9vyIlMKZ24/u3KxVAcs/k0hE2qfUKQ3M=; b=cAEHbJruPxrJRBV4xnYNC45jJa8gffB0j6nBKOD7NeD40WH33ssI5aa7YfZryXZBB2 Eu6K0PmPuE0W+EvPDsrXiDJEflX9QiKmK3KbpB9Xz8seRrLQp7nb38mFoza/bL8j9p4F lTapy18oBZ87BxGqGBDINOd7Yee2SsFZ1eowbYGuJQtv24e9100oXq9Dp0XQgGrvk8xr lna1KDbvReEQIQOsX9eqGXyhyyyDM7dK4vwR5tu9zx3TSKfdZsnQpduO/+ka2Hgrq667 qU79MB1sYZu94jSAcJ63HEGNZAV8nDXhBJo5NSey/9YBY93UZXfo4rsI0nefDaOFb4R4 z1TA==
X-Gm-Message-State: AOAM532zcNxunbAcYO2S2oIdFIvvNGGMcamn8WQyVpQ1zDTeicM6NIcV N1zWCX/WO0dTdP4vC8I+u7fjABKPc6NDqRrt+8T8rFzEx2QGOQ==
X-Google-Smtp-Source: ABdhPJxvWSnoJExouan7DWPZ1wRuJ69mDRWAqAAlkuFJ3Ov/sJ+JHe4ShhY6zOMnCKxwknwSKwom/0BdfSMSEwMg4v0=
X-Received: by 2002:a05:6e02:ea9:: with SMTP id u9mr18599826ilj.303.1620229342782; Wed, 05 May 2021 08:42:22 -0700 (PDT)
MIME-Version: 1.0
From: Martin Duke <martin.h.duke@gmail.com>
Date: Wed, 5 May 2021 08:42:15 -0700
Message-ID: <CAM4esxRQ1OeobQW_N-k2cPi8Ew7csU+9z7EaKJ=pVBTLyk_pPA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006e68df05c1970aa2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YGJ6H1fRpHtGnJjxqFbVv8sS8xA>
Subject: [TLS] Using ECHO mechanisms in QUIC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2021 15:42:31 -0000

Hello TLS,

I just published an individual draft in QUIC that tries to take the ECHO
mechanism and use it to protect the entire Initial packet exchange in QUIC,
instead of just selected fields in the client hello. It is reliant on QUIC
version negotiation to recover from config mismatches:

https://datatracker.ietf.org/doc/draft-duke-quic-protected-initial/

Thoughts from the experts here would be welcome.