Re: [TLS] draft-ietf-tls-esni feedback

Rob Sayre <sayrer@gmail.com> Mon, 21 October 2019 17:55 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42B7B120105 for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 10:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2sRZcjDNLG4 for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 10:55:11 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5BE1200E0 for <tls@ietf.org>; Mon, 21 Oct 2019 10:55:10 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id c6so16953731ioo.13 for <tls@ietf.org>; Mon, 21 Oct 2019 10:55:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X0OhClZWrSFSO7K2/El+I1YXsm+TAJf2zC7TGBmQVNs=; b=O1RabkKOlg30hOE0TgQEr4xThw0bMYzjnjCey1hhrdcaAgL1Boh/LE23U9ygXQ4OJt PmX5eSAg+1jn9xCpkiDZ/9QowKxP4rmeD41wN6rZLawytCVnulgzqiY9jVnh4jVsPFdu 5QB0qcY6mgmh8EJPxLSh7/8oiuOxmT+Jnpxpbg+zNIL32HYfCHNl5do8h02mLVwp+G1D bVN9Y+HsR5jZIk7iVIs+gVXH2KAOJsOxzcn5CtIdxLqQswxM/UQdhfyYHUwcZBMGJVZN JCp7A59CXXXKH/4Bd28U5sVmOhwQpNW1OdCcDWlf/XZLFuA1JGIYXq5DcLKvjswnflxR B/YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X0OhClZWrSFSO7K2/El+I1YXsm+TAJf2zC7TGBmQVNs=; b=HfVuId6Fa68IBljvSgvITY7ZwWCaEXkk2uZiqNQ1W1zM017r7ZQrRgz5Rbjqyciw38 5gtR/8mvHY++U0WI5ID8GzC3lmjBT/ivc9LZOfikn1JrQjrC6KZMIDu7gHc6SexLmFIF FOosJH1SJXNB1os4C1FKHnl8bKj5138lb0RHjZlqrQqCHmwHmPz7DRxcVdxOgllvIYmC EPi5BxIGxAowTKEROTQ6IEpBHYflCwe6FyJyqm1gFa4NQ09JWfar783QyViHTjqYP0mc bZuR8C8qPzQF54hWupCDjpO7FSd9rH8LR1keTb3W9vejTbJFEEdWgUkabk/yWHTZLjhw AheQ==
X-Gm-Message-State: APjAAAUC+rvuxz1ZyUJbl4GD0TDQYE8LFtARwbsAChTECScU+WwEmmvB QaUT6d2Yi30uTzyY2ArjgsNOPgKdGxSvivC08x8=
X-Google-Smtp-Source: APXvYqwCWW1WA81O66dkZK9zOyuG3NDIzo0cn48GxP9MfYQijnRPeGTU4smCNRg4juTiqSZsAs3fsT+A58RZPnL+H6c=
X-Received: by 2002:a02:c646:: with SMTP id k6mr23813546jan.53.1571680510068; Mon, 21 Oct 2019 10:55:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBPbw_KOo_ieSqkksYPeLtb9DufBz628oFPYc_Ue4S9iww@mail.gmail.com> <CAChr6SwB+7Jt2TLJSQh3q=Roizdt2=9jCBa9nq8KRxRo=86uZQ@mail.gmail.com> <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com> <CAChr6Sz6xHtFWjOKrLp3sp9MpC-SoU9Sx=vk22ditjShA7B=Kg@mail.gmail.com> <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com>
In-Reply-To: <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 21 Oct 2019 10:54:58 -0700
Message-ID: <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000080cb1505956f62b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dIXq9fBV8FxANF5Zw1qPDD1p2qQ>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 17:55:13 -0000

On Mon, Oct 21, 2019 at 9:45 AM Eric Rescorla <ekr@rtfm.com>; wrote:

>
>
> On Mon, Oct 21, 2019 at 7:56 AM Rob Sayre <sayrer@gmail.com>; wrote:
>
>> Sorry if I'm being dense here. Couldn't "zeros" have a length? Maybe you
>> just mean it would be superfluous.
>>
>
> Yes, that is what I mean.
>

OK. To be clear, I understand why there is padding in the spec. I don't
understand three aspects:

1) Where did the number 260 come from? It also seems to conflict with the
"multiples of 16" advice in the previous sentence.
2) Why does the server set the padding amount? If clients were allowed to
vary it with different amounts of zeros, wouldn't that be more anonymous?
3) Why is the length of "zeros" implicit rather than explicit? Is it to
save a few bytes, or is there a deeper reason?

None of this stuff signals a flaw in the draft from an interoperability
perspective--I was able to follow it as a non-expert in TLS and get things
working. But I still have questions about why things are specified this way.

thanks,
Rob