Re: [TLS] ECH and resumption - what to put in SNI?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 26 June 2021 00:45 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3CDD3A148C for <tls@ietfa.amsl.com>; Fri, 25 Jun 2021 17:45:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.338
X-Spam-Level:
X-Spam-Status: No, score=-2.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.338, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSKkb_gU9XzI for <tls@ietfa.amsl.com>; Fri, 25 Jun 2021 17:45:37 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70091.outbound.protection.outlook.com [40.107.7.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78C4A3A1489 for <tls@ietf.org>; Fri, 25 Jun 2021 17:45:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nmisxnG9O3rABJNzZ2NIr2YcC+cipsDyPUCSWk5wvszksIzWNN1GBueuGua4kduxeL6ZXybf8EPQST0yujBVDxZabBy8jhTPqxRQ7xLQHQWC0y89k5yeFCa2o/pYhPKlo07PHXqHcAbOkEc5HrgZJe5lbf8zDtsP5rEl41NgMNyznKrFhCSJedtfYuZ7C2Mvf26Y7aqhQsOhV1upHOjqJEQgv0kUcKKbIcBXRwegVgXZCNJNmY+Ii265L+3CCO7+HxRE/2BHNfgAoWFxdA08ZuLvINLmFYBAKy5Jq501wk73CuYw6iis8haPmDo9CWEMMhAEeXqQ3C0hcCibkfqsIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O1fomaau5iVtZy0sf9voEIcCLmQ9kx5ZqLMdgcV/a04=; b=MIOYOHR5sZr9xqz5AyC1DlfSahHX6u6qxZn/0M1RyC1H2n7FJUKrpODK07UZlQOmSxH7+4i/007M64GI1LPKIbSGopN448Ihqsbnxrm4d9jWzw1Kwr29RjMwUTMpO98b+0e7HD2hLKcyettRb8ATK/ooVUjiTheJ7mgDn6ue+IlcRM4OTRmlJoOApI5x3OKayren0pncwtRLov2ijdS2tnvuCFtr2rjS52EKzzxlXnip/2YihcfxUF9WtkHzuaOJhBvYxbIBg5NoMsYA1xhRgg2TZ26DIfPKPqoAyIikt2olDdqbZGMEKkciKH3xqhsAP/pRwVfhsGIhnl3TuoIytA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O1fomaau5iVtZy0sf9voEIcCLmQ9kx5ZqLMdgcV/a04=; b=taqrMMCfESFXQFt4ZDVU28P5nqTk8NgRoYMNw//SNUnkocqM779GxYuAYW/KOEPfvUDE8ZH0ct+e2uSCuuFPjAKpyZ8IjS0xxNEBiCf4TSsDXSj2kz95+439Sd/iFmyIBdV+qXVSX7hr2CsMSyZXUv+HNnZBXXfoWdBipMCQBwUausMTU9hfysKN2wxq+9U581CjUicDN/y1GB8C/s48CW2qTVKW936q/grbWZgmlcvzXPVOTtGT+8W0GyECC6eVVxXjBWn3241pBverbrYV0KuTawC3xZPvjgchrPGecjX8w9pXkaRrmlVNSpn/5lL3XP7r4UZfijcAjKmaX5TE5Q==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB4393.eurprd02.prod.outlook.com (2603:10a6:10:2f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Sat, 26 Jun 2021 00:45:32 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4264.023; Sat, 26 Jun 2021 00:45:32 +0000
To: David Benjamin <davidben@chromium.org>, Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <062ba89f-15fb-669e-b1fb-cf6c71fc88a8@cs.tcd.ie> <CABcZeBOFZN4Ra5d6pc9Eu-JjTWP7OaRivsTTjhWoK7aq68bMeA@mail.gmail.com> <CAF8qwaBFYtk0oSKPShKqzfs-XkQzUzwsHB-Sj17B0PqaijjNXg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <e709ae08-55cf-18cd-f883-335c28339ba3@cs.tcd.ie>
Date: Sat, 26 Jun 2021 01:45:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAF8qwaBFYtk0oSKPShKqzfs-XkQzUzwsHB-Sj17B0PqaijjNXg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="okW9DTonEePWqy3X3TuB0iOstn6Xfxx09"
X-Originating-IP: [2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1]
X-ClientProxiedBy: DB6PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:6:2c::20) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1] (2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1) by DB6PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:6:2c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.13 via Frontend Transport; Sat, 26 Jun 2021 00:45:31 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0399f654-dcb3-4a75-88d2-08d9383bb3d1
X-MS-TrafficTypeDiagnostic: DB7PR02MB4393:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB43933AD64EF09538FD88F07BA8059@DB7PR02MB4393.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:2276;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: pcev0vgi19iZay46MmfGME2ib4hL4XyImAweq1t56ms9LYgvI3jjQ6Imum1ywtghQNHO0RX+FMtB2IALLnZdnYDMBwPeI3B8ZTj906yq4Djp5gsUGOQK2tCUmF4H259SV2eoZQzIMUuOGmR9U9stV2HDXr6NWelL/XUm6MqSfMxsS5nr3l1DO4XT4siMlXlqR/N6HGkF2k3kvG4JZ4ZkkRmOB2Q+yc/0NnpMsxHFvbhAasD4Z+iLKSWamzAe98rId6AELYj0IziJ5tec6FnpmNV7EfxfMqFLKoL5gMkk05XsFjRqiyBavIre3kqxNdh1ECVU+nnBWQQn4WbUj6v3j/QN7hfjMnoCXLfIcCGJ8TDUwOYV8TujIRoRi8ONwMPwo5YDRJ44NRM6GyAw3BAzv3LX8qkVdOjMnYT+aVzJzLiLwvtnT1oHoAST8nLLDkCoih+IKKbm4R7a428Fb+mpLWd0zu47c85vZQ6J73pwiIfdset3j2OtA25SrKl0Cth7u941jXlZl50AgFhlvUcGMK0z8+mo9CQYC0+jqd2Ic0wjYo1RROtx7xF43S2MtkD+q59SmlKLp2qusFakwWGZHWZmgmHWijHTPVILDdivynTwPLOhD88e/yP4uq0icMU+wBuDRXcQYnL0y21j+HJAE/Oh2GLrKEUXfFBOaJXJrcZeC47mvM6J/6H3hOh9Acjv
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(136003)(346002)(39850400004)(396003)(235185007)(2906002)(53546011)(31686004)(44832011)(66476007)(33964004)(66556008)(86362001)(83380400001)(8936002)(5660300002)(8676002)(66616009)(66946007)(186003)(786003)(31696002)(6486002)(478600001)(36756003)(21480400003)(16526019)(110136005)(4326008)(2616005)(38100700002)(316002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Tx1rEkmDq7FI1tP1Axnz2/y1plv9W+aqWV00gFZWq4gz/QclrSJ9wQCr78ZNXblPUYIkFjv6nVpR4CfZSOxyJw/58JLK2PcdHrLsRuN3yx3IBJmy1SH9EPowYjD1I7AG2ZPqpoelB6qCxe3h9WZPjpwsivSL/s6NavI11ZGd0aOr4Z5MbWagBeZsPQ7zjN4ZKI+GYUczRGjaICnVIIZmHYohCA0pb4iCtD5qxhHUf7pTiqxmlagmdnbNDh2I316OZVoTBQnw+U1a5bQ6FRS2T7YSIgV2m6Td6jdRiNPHULGM+X1MlQgv3jw3AfkszW0hOFfoxIEk7rSJ+qFKytfcqexbXvwNWnF8aqQIJgY552PCAW9sdHfz6r2B4ORIFWaftzKl/xM1KNO5wgfBpH8DRIyxL6/yCNFZpkT4VzIS2Tidq/egzKua/VIT0Uyreil8xA0xilze8mNEJvbB9BUcwo0F4XXPXh3vb4/ZQdy3JY6uc2jvGlV27qqr0eEda2fXuuqh77JsvKA1GDIO+jzfpBzUMb5AbBD+gHZ55PMPbwa3JoiqqlsRwx4bRv8C0OoNfwqw8VrcbOXTwySzGr7pupJnk71r6QRUwxlxjsPb3X9nhPh/WRBmvbmlZ9KsgnQ5S8GQA4sEmVhFhGDFE4kW9gZPxlWJKKdzvjnnlwOIYFYp6iW5rP7sZn5HNmKnSYWrlmC4R3hGwAnBculeSkTrjXhI+hBnUt0kS0BoGzBSm2HP57K3+ruYBwhdQUxwndb6rzK8vgBv4bdCzczdcVd9gJRt7754XZMrk+PMzBTEhkUR0fGDnoG1QFap6CCBDcUd9h0RrmpGyTBhXrSBiNpACogVXtMlZFZsVbTbPa2k1eGZdEsUqfjRohb584P9M2Jh/IVN3BazU2w956E/LbDxM+xZKtjtILp1XPApQVAKmDLlT9xstSNAVaDqnmTw22j70XhlRaFBgA4mOVjZNEDqjfVyMhXq6zx+hKnm5J7FX7Q7LeqdDAimNQ+yXSKeDX+c2k0L2PCJ1OzHLvfCQwdLOhV5CWfCdJVExYvp6sXC/XuExCghEL+UhH9PnNoJdbYwX8aOuDfCsJTYIPCwb8388z188ZWACmOZysUF2SmAP1+kedfD4wPOcy4im9IOde3Zag+cZeb5snveE7wWUvgjpi0K+oT0sShqNu+OnyACgqjaSG4emkOsJbCt6bEOeTaPhMCb8dJNV9UFH3aI7uRwu841IwE3uvFruka23TWvd7L1HdFdVHJofcOa0zPdZs5fZ/MQznSdAm8f/aE9R6wCZV/N3+qEfIszc5jGMl6uvxLPKEqT24UdG0Lc9GvB4C2jJ9PVxa0SJNtuKdjats7nKmUH1Q5BlxzQ3kgrasRYtU5ZW1qrcBU2JAR9UWjJzFmA
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0399f654-dcb3-4a75-88d2-08d9383bb3d1
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2021 00:45:32.3873 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Kvk5HvU19+EsmYgBWjjrHwEtsKRq6kSi78/3SnbQg728SjxJ3y2GfvW00S+rH48h
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB4393
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qLZd4vh2Mn0RYpC_BXRjGdx_T0Y>
Subject: Re: [TLS] ECH and resumption - what to put in SNI?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jun 2021 00:45:43 -0000
So I guess we're landing on "if the client got a ticket via a session that successfully used ECH, it MUST send a fresh ECH when using that ticket"? That's ok I guess, but maybe some more detail is needed... On 25/06/2021 17:01, David Benjamin wrote: > 1. Either this layer knows how to set up TLS, but doesn't know how to > establish connections. Low-level TLS APIs look like this. This layer must > take both the transport connection and ECHConfigList as an external > parameter. Resumption works orthogonally: the layers above run through the > same connection establishment procedure independent of resumption, so you > won't have any more stale of ECHConfigList for resumption as full > handshake. If this layer doesn't know how to establish connections for full > handshakes, it doesn't know how to do it for resumption handshakes either. > > 2. Or this layer knows how to establish a connection*and* set up TLS. > Maybe this is a higher-level TLS API. Maybe this is the > MakeHTTPSConnection() portion of your HTTP stack. In this case, the layer > is responsible for DNS lookup, evaluating HTTPS/SVCB queries, and using the > ECHConfigList. Resumption is equally orthogonal: whenever you make a > connection, you do the DNS lookup, possibly using a cached record. Then you > check your session cache. Use ECH if you have an ECHConfigList. Offer > resumption if you have a session. Do both if you have both. > > In both cases, resumption doesn't affect ECHConfigList availability. I'm not sure yet that OpenSSL matches either 1 or 2, (I've only done some basic tests) but in any case it seems like the client could have a ticket cached but get an entirely different SVCB RR with a different public_name the 2nd time so I'm not sure that things work well in all cases. S.
- Re: [TLS] ECH and resumption - what to put in SNI? Stephen Farrell
- [TLS] ECH and resumption - what to put in SNI? Stephen Farrell
- Re: [TLS] ECH and resumption - what to put in SNI? Ben Schwartz
- Re: [TLS] ECH and resumption - what to put in SNI? Eric Rescorla
- Re: [TLS] ECH and resumption - what to put in SNI? David Benjamin
- Re: [TLS] ECH and resumption - what to put in SNI? David Benjamin