Re: [TLS] three ECHO issues
Christopher Wood <caw@heapingbits.net> Sun, 08 March 2020 16:07 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61FBD3A0C76 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 09:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=YHV2v4uL; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=BbCqSbIt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNeUT0IBApT9 for <tls@ietfa.amsl.com>; Sun, 8 Mar 2020 09:07:25 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC3013A0C75 for <tls@ietf.org>; Sun, 8 Mar 2020 09:07:24 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4AFED21CC3; Sun, 8 Mar 2020 12:07:22 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 08 Mar 2020 12:07:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm3; bh= fQepnhE/lkNbEPua0MI5uzRmG1+fMx7n8svoyZs5YrI=; b=YHV2v4uLorYyqOIH fTf68kSHVgZ5FzWmYB2GuAdXzNhyqu3LphLZKOTG2jH8dWHq67hMi+Kt0lCxGgKp A65Q9+J/qnfLIk/2BlD7rVGxuC55JQaFhkCD9fEV8QoYsYXqInA7AZHPWasnaLFS A0i+6OP/eU9nAUyW3EobucyhFcbx5nl7ARsC04AUSRMEYsf8DxBV8sUfYZHUCX1/ s7rx1c0es0n3Bwo4KSxmCNKY6jYvodNFLv5+wjQV298EwWjdpVxPnZiUBdH/mWZT lvRPX4/tWhFaLH1HKgih9o8TOXTXdncXMVBauMHeFGCA9GAwcTgw49rR6a15EdKf EM7Oqg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=fQepnhE/lkNbEPua0MI5uzRmG1+fMx7n8svoyZs5Y rI=; b=BbCqSbItIZsMfV5UptkvGZr5yyOUvNbxZhYa3xXrRp5+us7y6P8r3r6VE mcvKwMMGe5vD1Wl2b+czC+ZwHSP/SQiS/q2Q6wuvJ+0LKPOuzfFjGA5o5qVpCX0p qnwcloKFFo7/fjBmOiY9FFatOMFk3+MBXfz7JT2EpArq7iAwuC5gEzxB74+b08OA CCRulk2IFeEl6vL+vSKWYnjnTFlA4l5PRPSvvdpgeP7UMMMiqYdRRAPGLNwCUxee Z3lCDgefdoAKr1tHNrxcL95jM3pzdhGxJ1T5PvHVf2Tl2croXpkKSM0bfgXWMV02 TBKRs1Q4r4bTfT0RiNtCUorNNuMeQ==
X-ME-Sender: <xms:ORhlXh3S5wKNuzizekpViZqdHcgTMx43J-kvlno5l4j5D_eho5zhJQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudduiedgkeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffoffkjghfgggtgfesthekmhdtredtjeenucfhrhhomhepfdevhhhr ihhsthhophhhvghrucghohhougdfuceotggrfieshhgvrghpihhnghgsihhtshdrnhgvth eqnecukfhppeejfedrledvrdeigedrudeftdenucevlhhushhtvghrufhiiigvpedtnecu rfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:ORhlXsV5W_09UdKWiqsUVEjUIFOUbYnuyIMS_fqbewWPzye1LBKrlw> <xmx:ORhlXs7DoOiH3v2lvtddSl4K26q9rbAfqbNLwSqv5WlGSsqKh8WJ_Q> <xmx:ORhlXjJ8RbGaQCrgVmYE3XfZUSnmrZUehBx9rq6dSoK0d0iEBbEGTg> <xmx:OhhlXpA2OJ7GxAQtWp7jHnt-sNWiIDKOpBXCAwQtf8UUOSUx0Jsmpg>
Received: from [10.0.0.184] (c-73-92-64-130.hsd1.ca.comcast.net [73.92.64.130]) by mail.messagingengine.com (Postfix) with ESMTPA id D72293061363; Sun, 8 Mar 2020 12:07:20 -0400 (EDT)
From: Christopher Wood <caw@heapingbits.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: tls@ietf.org
Date: Sun, 08 Mar 2020 09:07:19 -0700
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <87368A1A-0F1E-45C6-938C-0F755208E9B4@heapingbits.net>
In-Reply-To: <a212c2da-f2fd-9013-4934-a46e03b024f3@cs.tcd.ie>
References: <a212c2da-f2fd-9013-4934-a46e03b024f3@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oDIPHApFzdxfqsK9qqefjBVBn60>
Subject: Re: [TLS] three ECHO issues
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2020 16:07:27 -0000
Thanks for raising these issues! Please see inline below. On 8 Mar 2020, at 8:18, Stephen Farrell wrote: > Hiya, > > Thanks for the new ECHO PR. [1] I think this is the > right direction but I have three issues with how it's > done in the PR right now that I think would benefit > from list discussion before a new I-D is produced or > the PR is merged. > > 1) Padding. This should be easy but somehow seems to be > hard;-( ISTM the current text is broken as it'd expose > length information about ALPN in the CH and also in the > EncryptedExtensions. I think it'd be good if the list > reached some level of agreement on the goals of padding > here rather than keep making different tweaks that don't > work. I think the goal for padding ought be that we > don't expose information about the content of the inner > CH via the length of any h/s message. If we agree that > (or some similar thing) then hopefully it should be just > a matter of tweaking the algorithm so it works. (I've > raised this before but seemingly not convincingly enough;-) We kept maximum_name_length so as to not change “too much” in the PR. As this is orthogonal to the overall change, it can be addressed separately. Can you please file an issue and propose text? > > 2) Variance between inner and outer CH. The current > scheme is that almost any variation is allowed. In the > work I've done so far looking at how to code that up, > the trial decryption required becomes a major pain in > the client code as soon as the TLS key-share differs > between inner and outer. I don't know if that affects > other code bases or if that's mostly an OpenSSL thing > but think we ought establish on the list if that level > of flexibility is needed now, or maybe later, or even > never. The cost there is not just working out how to > code it up, but this also creates new complex code > paths that will be rarely executed which is usually a > recipe for sadness later. So, I'd hope other code > bases are checked for this before we merge the PR. > (The problem here could be OpenSSL's internal, eh... > "intricacy" is a polite term I guess, or it could be > me being dim, but it seems real;-) Yes, this will be a pain to implement. But variance between the inner and outer CH is permitted, and indeed a goal. > 3) I think we might be better off leaving out the > compression stuff for now, and only figuring that out > later. The current OuterExtensions thing is pretty ugly, > and if the result of (2) above were that we constrain > the variance between inner and outer some more then > a generic compression scheme may not be needed. I do > think we will want some compression thing in the RFC > we end up with, but we might be better off to get > interop without that first and then add compression > later. (That's what I plan to do fwiw, so this is > a less pressing issue for me given I'll be ignoring > it for now:-) Can you elaborate on why it’s ugly? What could we do differently? Text suggestions are welcome! Thanks, Chris
- [TLS] three ECHO issues Stephen Farrell
- Re: [TLS] three ECHO issues Christopher Wood
- Re: [TLS] three ECHO issues Stephen Farrell
- Re: [TLS] three ECHO issues Christopher Wood
- Re: [TLS] three ECHO issues Stephen Farrell
- Re: [TLS] three ECHO issues Christian Huitema
- Re: [TLS] three ECHO issues Rob Sayre
- Re: [TLS] three ECHO issues Christopher Wood
- Re: [TLS] three ECHO issues Stephen Farrell
- Re: [TLS] three ECHO issues Ben Schwartz
- Re: [TLS] three ECHO issues Christopher Wood
- Re: [TLS] three ECHO issues Eric Rescorla
- Re: [TLS] three ECHO issues Ilari Liusvaara