Re: [TLS] ESNI: Tracking and blocking via record_digest

Christian Huitema <huitema@huitema.net> Tue, 26 November 2019 03:33 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 177D812088A for <tls@ietfa.amsl.com>; Mon, 25 Nov 2019 19:33:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSqK7DwBCYKi for <tls@ietfa.amsl.com>; Mon, 25 Nov 2019 19:33:26 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CB2F120877 for <tls@ietf.org>; Mon, 25 Nov 2019 19:33:24 -0800 (PST)
Received: from xse219.mail2web.com ([66.113.196.219] helo=xse.mail2web.com) by mx61.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1iZRbN-0000BZ-LI for tls@ietf.org; Tue, 26 Nov 2019 04:33:23 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 47MTy827WXzBmn for <tls@ietf.org>; Mon, 25 Nov 2019 19:33:20 -0800 (PST)
Received: from [10.5.2.16] (helo=xmail06.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1iZRbM-0004GU-5m for tls@ietf.org; Mon, 25 Nov 2019 19:33:20 -0800
Received: (qmail 4919 invoked from network); 26 Nov 2019 03:33:19 -0000
Received: from unknown (HELO [192.168.200.66]) (Authenticated-user:_huitema@huitema.net@[72.235.197.82]) (envelope-sender <huitema@huitema.net>) by xmail06.myhosting.com (qmail-ldap-1.03) with ESMTPA for <tls@ietf.org>; 26 Nov 2019 03:33:19 -0000
To: Rob Sayre <sayrer@gmail.com>, Ben Schwartz <bemasc@google.com>
Cc: "TLS@ietf.org" <tls@ietf.org>
References: <CAChr6Sxm3fcZUxm8XwZ-UzvxTMxK8TfyK7JBonz8MG2LMpRGjw@mail.gmail.com> <CAHbrMsC8=5fKmmKaNSPiZY42vLmfVLdUYNiwWqox3jJ0H53bxg@mail.gmail.com> <CAChr6SzTL4JLiO6H=6MiPO_eJBKHQVEvv-HWsFcHS+uVAPHybA@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <7424f46b-94e7-02ea-61ae-371d2de9b935@huitema.net>
Date: Tue, 26 Nov 2019 11:33:17 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <CAChr6SzTL4JLiO6H=6MiPO_eJBKHQVEvv-HWsFcHS+uVAPHybA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------63AD19B6C01E387566B00641"
Content-Language: en-US
X-Originating-IP: 66.113.196.219
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.219/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.219/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0VyY7+E5Em8uC8nykI/JrD6pSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDoOWO0i/H75teRGzF9TgV+efH zJ6mVE7ewsipSVIfs4aMFKkHPu4qJeKWCSvJWwxsgyWFxOA5dILPypvKxNVhWQwOVcNrdpWfEYrY fLBY3+cXQ2Tc+0CTI43RFdWVZDOJmdySlZou9qHIGOZDEEo7O2nS6C1mWTD2n8BB0gTSSfDtw+Ut ziY+nbU7qa50sEXj8hEv6ylbrSataIASdByf+qyWDcKgIew/Pqmv8CiR0A+Ffy7fEg460Hn2xYnW avStyzAiWbbj13U46jbWFIz21cHX/YzWyFk7762whX3QQ+5uhkPm88V7ziklAaTl19sU919xeAvO xjeQEcL5lNmXdLn4jABaJqtNDIuGYj2WGeveXgFMyx0sD4hRS2uyMFprER9E+btGG8Xk1uugE/FU 4J9TrjYo22Tif+7yfJXbGyN6EipRzMVZ5LqwTx7Vvn9SP+LiFhV9TEgXGI3XmDfDnJdoieX2NtRg +o3kI8QyLIsFNipas5GqVFZmFIt1Sjg0Pwkvbbll52zt8HvoKS2WQAeYUOp7A73HI6oJg7w/Vody ZOdhGVEAXrAmVqtPwyUyf9NQdZeiUucWvclnxK3VdV1677oPXF7r5zsW33ZNlioeEsGOJOKU/kLG nxJMOi7dEw3izQpjIH7RqQYMi47SMNQ84QG89JN6MvpNdzLqW7rTTwb9RWp/sgjYx+Loe+aEHHAS JNUmoOHSoqgqxfHmWRWcrRhLeB34s3hUb32GO+051WK4pJ1Ap5f9j0zhZ67q08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mUIvWM8XwhwSyMiircgplI2hq1E>
Subject: Re: [TLS] ESNI: Tracking and blocking via record_digest
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 03:33:28 -0000

Actually there is one use case in which the anonymity set is size 1 --
mobile servers. The name of the mobile server cannot be deduced from its
temporary address. It can also not be deduced from the ESNI. But it can
be deduced from the record digest. The mobile server who wants to
maintain privacy will want to use ESNI without a record digest,  at the
cost of course of trial decryption.

-- Christian Huitema

On 11/26/2019 4:37 AM, Rob Sayre wrote:
> You're right, this is all there in the draft. It's just scattered
> around a bit, and "anonymity set" is used only once and not defined.
>
> I filed an issue
> https://github.com/tlswg/draft-ietf-tls-esni/issues/204 in case the
> editors want to consolidate text on this concern.
>
> thanks,
> Rob
>
>
> On Mon, Nov 25, 2019 at 11:25 AM Ben Schwartz <bemasc@google.com
> <mailto:bemasc@google.com>> wrote:
>
>     The record_digest, like the ESNIConfig itself, is intended to be
>     constant across all domains that form an anonymity set (i.e. O(1)
>     ESNIConfigs per CDN).  Thus, the record_digest reveals no
>     additional information to an onlooker who can observe the server IP.
>
>     On Mon, Nov 25, 2019 at 2:03 PM Rob Sayre <sayrer@gmail.com
>     <mailto:sayrer@gmail.com>> wrote:
>
>         Hi,
>
>         I see the issue of tracking and blocking via record_digest has
>         come up a few times in the github repository, but I don't
>         understand the resolution.
>
>         If someone wanted to observe or block traffic to "example.com
>         <http://example.com>";, couldn't they retrieve the ESNI keys,
>         calculate the record_digest themselves, and then use that to
>         spot traffic to "example.com <http://example.com>"?
>
>         Is the idea that DNS providers will vary the shared keys?
>
>         thanks,
>         Rob
>
>         _______________________________________________
>         TLS mailing list
>         TLS@ietf.org <mailto:TLS@ietf.org>
>         https://www.ietf.org/mailman/listinfo/tls
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls