Re: [TLS] draft-ietf-tls-esni feedback

Rob Sayre <sayrer@gmail.com> Tue, 22 October 2019 00:10 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F670120A83 for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 17:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2KAQustRVaU for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 17:10:04 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5FDE120A7E for <tls@ietf.org>; Mon, 21 Oct 2019 17:10:04 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id c6so18138312ioo.13 for <tls@ietf.org>; Mon, 21 Oct 2019 17:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9DJWz15D/KtngIex8rlqOCgXlxEirbS48+xrVmL93h8=; b=OCfttGFDZ1l3no5W/1UaZSzYQxgKoRZblH/LI2tLy+dBRxWfoBkxczP2Ocwb0mRUFI QQ44MSaAcGFN0PXlDPsO22yisWQAUVqhi+BTf0Aw322r/d/HXW+MFA09KEZ8Ajihp1K9 QVtvKjtmyfGfTBY1oF1+Y5/mlVazwkYh3GIElGuSJfQL8sxCJW/QNvZbHTTFtf+9Ohsq gSAGT/3xWzGaHDyZLVRSmvwXHHocQWtdoHjRHtASV4JZALgy2LbYF/rKTCvUZH7xImRV 8zDInR5ZbXRriKfMwMTF+esMCecLYj5fMMMujSRTPNg/07ruk9X/+4eJES/ZCgLwO7cs 8upg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9DJWz15D/KtngIex8rlqOCgXlxEirbS48+xrVmL93h8=; b=EZY8/HPGmmT23qXSZhlj3Li7mdrPb1aMxNopIqkU0plc0rMLVhfZnjSnQ314YrezGg Bgc0FYwzsh+6HW1lSWbhm3XRntyoIrSCzGwbAHut6HVvjR4jcmeev0ZmP5HkXptrNnJS zPiwcshZo4mVExTS5Tj3ME2vF8pidNnUFBeTUIw+2d1L20LTXLvyzIbzI/0d+m6Y4a96 cuUo5K7DhPCcoRXV/G7bw6rF4bjOJscl7mxyU2XanyGCYUivahZnEky8mOi/ndWg/T6q n37Hut0MYcN5BNtzQTiJytgGn85GnniIDuE0j2LyJK2eoHHVX8DtWPXxF7tBcFCUHS2b eBqA==
X-Gm-Message-State: APjAAAVO96RZQBULlDkavyY3MrF/qiq98hlAz3AZrWkZYNXkEVBzABJZ JHAZFj5l9hHWM6hS/MocCY3SYdeIlNiEdjitzmY+m+L8
X-Google-Smtp-Source: APXvYqw5wmhrvUE0jYO2LPB55czDbsprGmKE/465VvIgYsN1nVXd7RMSgUwrqoolaiu8qOTHEhLSVzS9ZmAerMAFeCc=
X-Received: by 2002:a05:6602:21c2:: with SMTP id c2mr921298ioc.189.1571703004000; Mon, 21 Oct 2019 17:10:04 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBPbw_KOo_ieSqkksYPeLtb9DufBz628oFPYc_Ue4S9iww@mail.gmail.com> <CAChr6SwB+7Jt2TLJSQh3q=Roizdt2=9jCBa9nq8KRxRo=86uZQ@mail.gmail.com> <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com> <CAChr6Sz6xHtFWjOKrLp3sp9MpC-SoU9Sx=vk22ditjShA7B=Kg@mail.gmail.com> <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com> <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com> <CABcZeBOy8ogJrmFajxX1pqjqgnE61gE=c3CWz+pp34NWHmGKbw@mail.gmail.com> <03e15760-dfce-cd7b-baea-56ac70d92192@cs.tcd.ie> <CABcZeBMquubsGvt8UssiyFU_ZuQK67rHN_KBXY+iKSNayJFZew@mail.gmail.com> <d9402fe2-2ab3-f60f-c478-dc1df5bd4402@cs.tcd.ie> <CABcZeBNC9YBGMs0b84DFDB-FU7fKXpzX+HP1H5KRcjYJ7kXr3w@mail.gmail.com> <c7ada021-1ccf-1dc5-d7e3-a5f893f116ee@cs.tcd.ie> <CABcZeBO09MKms7tG40NDy-wRz26eXzKvyJqSYK1K5fEJBzcE3Q@mail.gmail.com> <CAOdDvNrhTUxMojbNj08bwHN4y=yM3qifgnTjG07jyE4mMex7rg@mail.gmail.com>
In-Reply-To: <CAOdDvNrhTUxMojbNj08bwHN4y=yM3qifgnTjG07jyE4mMex7rg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Mon, 21 Oct 2019 17:09:52 -0700
Message-ID: <CAChr6SwwWB8tt0Ce6T1Li-5eMpuCH_r2dxMX6+wE1C85Hq6V5Q@mail.gmail.com>
To: Patrick McManus <mcmanus@ducksong.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003ef7790595749f75"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jpEbELS4YCb1WBWtCE_chW-el2E>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 00:10:07 -0000

On Mon, Oct 21, 2019 at 4:59 PM Patrick McManus <mcmanus@ducksong.com>;
wrote:

> wildcards are real in both dns and http services.. (also the dns entries
> might be invisible to the http provider thanks to cname indirections..
> though obviously service names are not.)
>

That all seems right. I was wondering where the 260 number came from.

It seems like relying on fixed numbers has burned in the past. Is 260 one
of those "I was asked to put this in" numbers?

It seems like that's probably not the case here, but I think the rationale
should be written down in the draft.

thanks,
Rob