Re: [TLS] [ECH] Reverting the config ID change

Christopher Wood <caw@heapingbits.net> Tue, 16 February 2021 21:32 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D78E3A1154 for <tls@ietfa.amsl.com>; Tue, 16 Feb 2021 13:32:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=SkOWzz77; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nCl6rXUH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRdy8eejb8hK for <tls@ietfa.amsl.com>; Tue, 16 Feb 2021 13:32:06 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF4F3A113F for <tls@ietf.org>; Tue, 16 Feb 2021 13:32:06 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 992555C010B; Tue, 16 Feb 2021 16:32:05 -0500 (EST)
Received: from imap4 ([10.202.2.54]) by compute4.internal (MEProxy); Tue, 16 Feb 2021 16:32:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm3; bh=asz/OqKTK7VQWy4VdG10lso9SRGP h4g2/7Wg3y+G5Ck=; b=SkOWzz77/bxClKUkeLmbCkn7G88EC9bF9IPZVQB2jxEq YjSuZwB03fyxmYfxvtktOMDdHDeR5RrRYRXt0e7vmQLv9DT7itFil7qdJQcrPOxu QyhKtvD1mnsK+AiQ9fdVwzF28ZA7dV3xjXh9cHDs1Q4fAZrwC/4tDDQr11/aIBNX KW3NIj9IWcKKZi3KGyLh9/5z5lZ14pDUj20POy2bMPdF8EGY+4y1761BYqzxcreu ydMXufw74wLHBZZ4Oiiku1vBQcVmCaRsMq9ORgpwVH66uhedItT6W63hxAFA9kua ZCrvVnO3g6X+AAUjVIL8ijqj4pAoIyfiUxpf1IlUnw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=asz/Oq KTK7VQWy4VdG10lso9SRGPh4g2/7Wg3y+G5Ck=; b=nCl6rXUH5kFU7dVT984E4E oIrvDCRvBu98sEHL03cTaOomsiUPnUB2d8irjliw7nE/RnrBvdxHtGZCEhckOPsi tLlI0LxNiyYQr1C/VeKAU5vCWzPyXzY2/rHgZf3uXS/4VbH0fmdBhUjZLlmMngkT 5d3RjowGa+r4yjivb+HTJTumAqQFwqMKjEAgoFebBu4OvHhyENf6ozdjsRA9ZE78 HEneW3c7137+tEyUKy8phDSBhEvJoFBKvkokQOIqILnbnZi9e6bf77aKX0R59rLs J1ETZxE2VOBtHqNsCeEHHkW99+SOA+qci8GkZoy1IROEBCIx8CJBxyUt9I4F9Oig ==
X-ME-Sender: <xms:1DksYGCUi8yQa5j4qIr-0DRGTv6LSKBc_y6XNacbwRW23qQqchpDIw> <xme:1DksYAiJMs9N2vGu0JDdZ8f33MbEMQZWR-svDGVLdFHYDKSLVEm9CTqeufIZ8VBkI I3FJ73SgiE8GwbZB60>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrjedtgdduhedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpedtffeuleevfe elheelffffgfelffejhfekteduhfeuleehteejhedvfffghfeuleenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:1DksYJngYdo4kNNV0_JKWnHx7RdF_27YGRV3tNZyUdshn4S375kQLw> <xmx:1DksYEyDZeuezDNg6sRsvvW8sz_4bO1LG7-AvFTL2UjP034VYv7hPQ> <xmx:1DksYLTzgpyiGB9Qj7scmtp5favyces5q-NVNfY734tjQ8tE4KXltQ> <xmx:1TksYOPUi053ddj-62b4Zsa288xiS_DuottJtX6iHN4AY349TW4A2A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3687616005E; Tue, 16 Feb 2021 16:32:04 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-141-gf094924a34-fm-20210210.001-gf094924a
Mime-Version: 1.0
Message-Id: <e55a60e4-e948-4cc5-ad1a-0a1086485305@www.fastmail.com>
In-Reply-To: <CABcZeBO20+09dZ+9ckdm=N-RigMh_O+Svx3m51NsXZY1QFZ73Q@mail.gmail.com>
References: <e44be9d1-bd0a-4e99-b092-b1b21c517b0e@www.fastmail.com> <7925717a-bcba-4b29-b12b-b47e622c62b3@www.fastmail.com> <CABcZeBO20+09dZ+9ckdm=N-RigMh_O+Svx3m51NsXZY1QFZ73Q@mail.gmail.com>
Date: Tue, 16 Feb 2021 13:31:40 -0800
From: "Christopher Wood" <caw@heapingbits.net>
To: "Eric Rescorla" <ekr@rtfm.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dHMDC2SJ2-DSlo2MKF2Vm8wW77s>
Subject: Re: [TLS] [ECH] Reverting the config ID change
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 21:32:08 -0000

On Tue, Feb 16, 2021, at 1:02 PM, Eric Rescorla wrote:
> I am not in favor of shrinking this to a single byte, as it 
> significantly limits future flexibility.
> 
> As far as I can tell, the argument here is to limit the entropy 
> available for tracking, but recall that in this case the attacker 
> controls the DNS and they can (for instance) provide a unique IPv6 
> address, so this doesn't see, like a good tradeoff.

That's true, but I'd personally prefer one tracking vector to two. This structure also better aligns with other proposed use cases for HPKE configurations. I also don't see an immediate need for flexibility in this value given that there are extensions in ECHConfigContents already.

That said, my primary goal here is consistency. I'd be happy with whatever outcome provided that it's usable in other contexts where we need HPKE configurations, Oblivious DoH being one of them. 

Best,
Chris

> 
> -Ekr
> 
> 
> On Tue, Feb 16, 2021 at 5:44 AM Christopher Wood <caw@heapingbits.net> wrote:
> > On the heels of this change, here's another PR that I'd folks to weigh in on:
> > 
> >    https://github.com/tlswg/draft-ietf-tls-esni/pull/381
> > 
> > Thanks,
> > Chris
> > 
> > On Mon, Feb 8, 2021, at 2:29 PM, Christopher Wood wrote:
> > > We previously had a server-selected label for the ECHConfig, but that 
> > > has since been replaced with a client-computed identifier. There are a 
> > > couple of problems with this change in practice (see [1]), so the 
> > > following PR proposes reverting back to the old behavior: 
> > > 
> > >    https://github.com/tlswg/draft-ietf-tls-esni/pull/376
> > > 
> > > There is a separate issue [2] regarding the length of this identifier, 
> > > but we can address that separately.
> > > 
> > > Please have a look at the PR and provide feedback. We'd like to merge 
> > > this soon. 
> > > 
> > > Thanks,
> > > Chris
> > > 
> > > [1] https://github.com/tlswg/draft-ietf-tls-esni/issues/375
> > > [2] https://github.com/tlswg/draft-ietf-tls-esni/issues/379
> > > 
> > > _______________________________________________
> > > TLS mailing list
> > > TLS@ietf.org
> > > https://www.ietf.org/mailman/listinfo/tls
> > >
> > 
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls