[TLS] Suggestions regarding a few definitions in the ESNI draft

Rob Sayre <sayrer@gmail.com> Sat, 26 October 2019 01:19 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E231120807 for <tls@ietfa.amsl.com>; Fri, 25 Oct 2019 18:19:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHvMsUZlOgrM for <tls@ietfa.amsl.com>; Fri, 25 Oct 2019 18:19:20 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B6601200E6 for <tls@ietf.org>; Fri, 25 Oct 2019 18:19:20 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id 1so4464816iou.4 for <tls@ietf.org>; Fri, 25 Oct 2019 18:19:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=mcTMRHUrUYn5pMY0EZw/A/eJtOeYQ8fAX0WnjUiVxlo=; b=dmqhphrgIgsprvPjssYuArafyQ2zMMJy9PW1R5QrJtGY5d8Jqf1q7pP0gj34YxA9wi kVA3QRmoOZyX4yysZtVIDJHlzlQkofy8X0BcOalXGjTxYJXim6wIC8IZ08qnNR2sJ1D1 Jnj9wEOxSEMRxgZnH5426rqjyxDRUlrEwj0pmVjtucV5tSqh7zSb0KPxrS8Az2qpTljH QeXvTLIZCCNFVKe4Dxp3zRTlerYY7ZjoX1lobh8B8D1iWuU4nUKd6UZ3KNCMTFNtxvgD 7zL+TsQHOHPCo6UuynwraE57KA089qX5GS4FgrnPucxn+fZJ/inqrmp/r99irCeeppRw 2Tgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mcTMRHUrUYn5pMY0EZw/A/eJtOeYQ8fAX0WnjUiVxlo=; b=J2iWLkYdXVYaxTtD01DwVQkAfh1/MKjLIoPevYeuZNG90L6td5rNbrkhM6FyOxnbsD ogxUBWmsuf4YvE0Cu9RmjTNublMDyy6vUZGLgPtqkWRxY97OvMj7GWfxEofi8JQLiftH 0S9j9oHGFlRS2FSmQJK/jH5fvZatfevU9tEvbgAIv3vpIDLiMgcdW3J/ns0N1dwd4nxw sIj6kfkNhS2RTXz7e0Lhq1UJ9qCxSUX0ilTK7IFeP/bOdvHRFMD+58EwZbSKVn3bHjBx 1j0Uz2/jPA4ewhxwSdOibEpt+H1bhON24gYMjiwq0uuo+2bvk2orEu1aGice+E21XYUt zlVA==
X-Gm-Message-State: APjAAAVeKjxYA9RWZnyWY67Dug4oJ5j7/LnTUKAKoDCe0AycFt3cxmat iV5SiPMs05AwoTkZzquxNuDl5rTxOxRwvkVvYR5D4si3AHM=
X-Google-Smtp-Source: APXvYqxQ1Wuivbh0ceBaRrH2oB5T8LvhymVGgsm4+9VwCagnYjHem3AVdwC9Md6Htp+fLwqOFtPWSCbnH6INDs1RlgE=
X-Received: by 2002:a5d:9297:: with SMTP id s23mr7138387iom.49.1572052759171; Fri, 25 Oct 2019 18:19:19 -0700 (PDT)
MIME-Version: 1.0
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 25 Oct 2019 18:19:08 -0700
Message-ID: <CAChr6Szccxn_K_N6RDxSRS1u8bWosYH+nnZG0r7XqTQHVUweGQ@mail.gmail.com>
To: "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000047573d0595c60e86"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iK9f3IYWuiqN6HWYl-IDZMSgtTg>
Subject: [TLS] Suggestions regarding a few definitions in the ESNI draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2019 01:19:25 -0000

Hi,

I filed a few issues on some definitions in the ESNI draft.

"Zx = HKDF-Extract(0, Z)"
https://github.com/tlswg/draft-ietf-tls-esni/issues/188

"AEAD-Encrypt"
https://github.com/tlswg/draft-ietf-tls-esni/issues/189

Given that there are open source implementations to test against, I don't
think these issues are critical right now, but they do seem imprecise at
least. As the draft firms up, it might be nice to develop some test vectors
for each step of each algorithm, so implementors can tell where things go
wrong as they're developing. The ESNI process ended up being a lot more
involved than I expected (but that is not a criticism).

thanks,
Rob