Re: [TLS] Using ECHO mechanisms in QUIC

Christopher Wood <caw@heapingbits.net> Wed, 05 May 2021 17:52 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806343A1AA8 for <tls@ietfa.amsl.com>; Wed, 5 May 2021 10:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=BpQQ5Ydy; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LgqMzBuH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bBR9Qwqmc5L for <tls@ietfa.amsl.com>; Wed, 5 May 2021 10:52:03 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F6EE3A1AA5 for <tls@ietf.org>; Wed, 5 May 2021 10:52:02 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id B169612DF for <tls@ietf.org>; Wed, 5 May 2021 13:51:58 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute4.internal (MEProxy); Wed, 05 May 2021 13:51:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=Ufen0zP44TALsEwebx1ykkQeDA1xmgx iST88VbXFcCU=; b=BpQQ5Ydy1Q3I2/LoPiDba/MeC02nC7TAay90Bwmr82z3zBl wpcMLohh9jWenFpyBnbns7qajP7dNkMT0ZLLRl5ZAkSo41UuMzEo7pnmPtGklR0u DHS3Hvzwzmc151Eq/4PPb6LFVoC+OJRUMIeisJz1Kp47s3pMAgUYsYhXQT0lLlHa wGk9DEwJhShEC7NOI92v3I049IExZDAqrtPFmUknl788HpKur9a3F7eQSzFitK2i n9zy4ThC/yQ/0uD/LyV7pFIIk0i+cHOeAHxQGIvoLnZFYHpbXvSUnWX8kCE0TlOb dZyLxfny68T1Yo0lfSA01rH+8A1bOrEgXNZA3TQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Ufen0z P44TALsEwebx1ykkQeDA1xmgxiST88VbXFcCU=; b=LgqMzBuHAgNDdbNGuiw2wf Q6Rs/wFwHpCtmtr1krNBTz0Gn54gUhJcGwhWkOLZcT1F2yF7vK0TRKgWtTiBYEoX XzSHlQ1Jwy10dbC4hMkQsuoUQCj35tScLsNtnc/BFAHI1X7YnPvwVolvoK1n4cgW A8QD2nps745oRihGkZgOckiJhrhztztkgc5pe3w4v8ZviuejT6BZezdybhaA+sKY En4rZzudL3gBfYU7PNBT2Fm+rOaWT204C9pIXW6wIZQ7Wc4MwkVUOYiHkO34nQ6F TmL9bVUbDqQqpNDHRWZY7lR/GriM9sLArbXInbdjqVm5vGh3BR5sdUDmhHiPIE/Q ==
X-ME-Sender: <xms:PduSYGTJENyZr64WLXmFHaqrijForF3aMSf55Odcfz_XWo-h3xHBOw> <xme:PduSYLyzO3CeiRSXbvHhI7h7gf0pvTTQnk69cUcKsNcezfCJpYn1bpC1EzdlBswfi FY9odi7KsCkPAwvOBM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdefkedguddugecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesth dtredtreertdenucfhrhhomhepfdevhhhrihhsthhophhhvghrucghohhougdfuceotggr fieshhgvrghpihhnghgsihhtshdrnhgvtheqnecuggftrfgrthhtvghrnhepgfevgfevfe fgfefhtdehhfdtveekudeujeekffehudeihefhvefhteeijeffuddunecuffhomhgrihhn pehivghtfhdrohhrghdpgedtihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgsihhtshdrnhgv th
X-ME-Proxy: <xmx:PduSYD3Hlh1V847Mu9ZphVuhdpxqDHKodyJ9gszTwl8klkkQGI49gw> <xmx:PduSYCAPU-fnciwDMsj4VFjg2MpCpdHwNwUMoZfHDyrPgQmIgRMCVA> <xmx:PduSYPj0twvPjn4ZrxjIgIVH4GzGDPg7fOyrWjl7fiRrNav_QH08ww> <xmx:PtuSYKt8A4_RWLwvZ77hJ1kWnB_5fYCkUa1NunLkMw6MOnomr_7i9g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id ECDCB1600A9; Wed, 5 May 2021 13:51:57 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-448-gae190416c7-fm-20210505.004-gae190416
Mime-Version: 1.0
Message-Id: <e9cf9b35-9cb5-40f8-a673-3302173fcd78@www.fastmail.com>
In-Reply-To: <CAM4esxRQ1OeobQW_N-k2cPi8Ew7csU+9z7EaKJ=pVBTLyk_pPA@mail.gmail.com>
References: <CAM4esxRQ1OeobQW_N-k2cPi8Ew7csU+9z7EaKJ=pVBTLyk_pPA@mail.gmail.com>
Date: Wed, 05 May 2021 10:51:36 -0700
From: "Christopher Wood" <caw@heapingbits.net>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aynOwmhW8_ILjNGHkI-I89N7MTs>
Subject: Re: [TLS] Using ECHO mechanisms in QUIC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2021 17:52:09 -0000

Hi Martin,

I've not read the draft (yet!), but can you comment on the delta between your proposal and the one from Christian and Kazuho? Here's a link to their work
  
   https://datatracker.ietf.org/doc/draft-kazuho-quic-authenticated-handshake/

Thanks,
Chris

On Wed, May 5, 2021, at 8:42 AM, Martin Duke wrote:
> Hello TLS,
> 
> I just published an individual draft in QUIC that tries to take the 
> ECHO mechanism and use it to protect the entire Initial packet exchange 
> in QUIC, instead of just selected fields in the client hello. It is 
> reliant on QUIC version negotiation to recover from config mismatches:
> 
> https://datatracker.ietf.org/doc/draft-duke-quic-protected-initial/
> 
> Thoughts from the experts here would be welcome.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS%40ietf.org>
> https://www.ietf.org/mailman/listinfo/tls
>