Re: [TLS] ESNI GREASE - answer needed?

David Benjamin <> Tue, 30 July 2019 00:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A4768120025 for <>; Mon, 29 Jul 2019 17:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.251
X-Spam-Status: No, score=-9.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xpuNLD92b-0M for <>; Mon, 29 Jul 2019 17:11:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EF68C120019 for <>; Mon, 29 Jul 2019 17:11:44 -0700 (PDT)
Received: by with SMTP id h21so61266264qtn.13 for <>; Mon, 29 Jul 2019 17:11:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OjI+W8SpCyFjiP67zIzce7jXqXHnyo+YVqrK+IDIKYs=; b=ji3BaiQQApr0wFkMklwZAVDlQKx7x2Yktx3T+fccLtXaENipUDiNWyQtkYoMl/GlHL nx8Jec7s0vwdtLMvS0BYbN1WF5p0W44H4B9rScBsHLjW7oIIujfO3iafOIcjSZ9P5YDX 9jzZTmPZVsy2JBHy2eCC+b2hHpF5XoSN2hKq0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OjI+W8SpCyFjiP67zIzce7jXqXHnyo+YVqrK+IDIKYs=; b=tOSOcRiPQYyXCy3kgQ+U/J2AetSr5VvaMQnkSaw3VNppU1GmtzpDG1QADPQHPKR4ps r2hSl5/JIFZYqRjtHIrIBRKeEQwp3ov5rzQG/7HMmonHu8yfxBIMrxuu0UVTNJa4J+yO dGqkak5df7p9tTM7hpX9D9m/d8EVojw1cO3MIZLkV8XcbwO+E4rtULaV6STInxjCFpWD RmtZNzaNfJSsgZyE9YRAPz1QFbEpr/WI2UtxxYANZj2vH/PPtjgWQ2rV9M3/ASWoOk/Y MraNJxBPKMAmAzwp9k69lvs0vNwKj+J1zJ7hELkZqhsZ6YohsbAuV2KgEKfhU4et2ywr GrJA==
X-Gm-Message-State: APjAAAXeqCmitDN2abQvGn4fdnlgl3wCuXsmsORfqMxHcNpKZ4b6HKRI m+kW74pd52QxhxHp01B5V9XjZocgPCh2ujiK2JLP
X-Google-Smtp-Source: APXvYqzMK+jgKJnqC3ZYlN+ZsvpVnMkFVKwAXi28fmvMluRcrS/0gzWs9uAskDC6z5IilPLBY5TnPa8fUxtYW/JgyAc=
X-Received: by 2002:a0c:ffc5:: with SMTP id h5mr81213801qvv.43.1564445503714; Mon, 29 Jul 2019 17:11:43 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: David Benjamin <>
Date: Mon, 29 Jul 2019 20:11:27 -0400
Message-ID: <>
To: Stephen Farrell <>
Cc: Steven Valdez <>, "" <>
Content-Type: multipart/alternative; boundary="00000000000085759d058edada8b"
Archived-At: <>
Subject: Re: [TLS] ESNI GREASE - answer needed?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Jul 2019 00:11:47 -0000

On Mon, Jul 29, 2019 at 8:04 PM Stephen Farrell <>

> Hiya,
> On 30/07/2019 00:58, David Benjamin wrote:
> >
> > [*] I filed last
> > week with a sketch of an idea. Steven or I should hopefully have a more
> > concrete PR later.
> Working from there seems like a good path. That said
> I don't see that that says how an ESNI-aware but not
> ESNI-configured server ought behave. And it seems a
> bit complicated, although I agree a 50:50 split is as
> or more arbitrary.

I think either of "do nothing and act like you are ESNI-unaware" or "add
some padding to EncryptedExtensions so you have room to be ESNI-configured"
is reasonable. Though, yeah, the draft should talk about this a bit. I
think the GREASE stuff turned out to have a lot more details to work out
than my original attempt anticipated. :-)

> PS: I'll note that I didn't know that PR existed as it
> hadn't hit the mailing list and I rarely login to the
> github web UI and that this isn't the first time I've
> had that experience. I don't blame anyone but there's
> clearly a bit of process stuff not quite working well
> here. I think people raising non-editorial PRs should
> bring those to the list.

Apologies. I filed that during the meeting mostly so I wouldn't forget and
so Chris would have something to link to in his slides. The intent was to
write up an actual PR later which would certainly be sent to the list for