Re: [TLS] ECH and resumption - what to put in SNI?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 26 June 2021 00:45 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3CDD3A148C for <tls@ietfa.amsl.com>; Fri, 25 Jun 2021 17:45:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.338
X-Spam-Level:
X-Spam-Status: No, score=-2.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.338, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSKkb_gU9XzI for <tls@ietfa.amsl.com>; Fri, 25 Jun 2021 17:45:37 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70091.outbound.protection.outlook.com [40.107.7.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78C4A3A1489 for <tls@ietf.org>; Fri, 25 Jun 2021 17:45:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nmisxnG9O3rABJNzZ2NIr2YcC+cipsDyPUCSWk5wvszksIzWNN1GBueuGua4kduxeL6ZXybf8EPQST0yujBVDxZabBy8jhTPqxRQ7xLQHQWC0y89k5yeFCa2o/pYhPKlo07PHXqHcAbOkEc5HrgZJe5lbf8zDtsP5rEl41NgMNyznKrFhCSJedtfYuZ7C2Mvf26Y7aqhQsOhV1upHOjqJEQgv0kUcKKbIcBXRwegVgXZCNJNmY+Ii265L+3CCO7+HxRE/2BHNfgAoWFxdA08ZuLvINLmFYBAKy5Jq501wk73CuYw6iis8haPmDo9CWEMMhAEeXqQ3C0hcCibkfqsIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O1fomaau5iVtZy0sf9voEIcCLmQ9kx5ZqLMdgcV/a04=; b=MIOYOHR5sZr9xqz5AyC1DlfSahHX6u6qxZn/0M1RyC1H2n7FJUKrpODK07UZlQOmSxH7+4i/007M64GI1LPKIbSGopN448Ihqsbnxrm4d9jWzw1Kwr29RjMwUTMpO98b+0e7HD2hLKcyettRb8ATK/ooVUjiTheJ7mgDn6ue+IlcRM4OTRmlJoOApI5x3OKayren0pncwtRLov2ijdS2tnvuCFtr2rjS52EKzzxlXnip/2YihcfxUF9WtkHzuaOJhBvYxbIBg5NoMsYA1xhRgg2TZ26DIfPKPqoAyIikt2olDdqbZGMEKkciKH3xqhsAP/pRwVfhsGIhnl3TuoIytA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O1fomaau5iVtZy0sf9voEIcCLmQ9kx5ZqLMdgcV/a04=; b=taqrMMCfESFXQFt4ZDVU28P5nqTk8NgRoYMNw//SNUnkocqM779GxYuAYW/KOEPfvUDE8ZH0ct+e2uSCuuFPjAKpyZ8IjS0xxNEBiCf4TSsDXSj2kz95+439Sd/iFmyIBdV+qXVSX7hr2CsMSyZXUv+HNnZBXXfoWdBipMCQBwUausMTU9hfysKN2wxq+9U581CjUicDN/y1GB8C/s48CW2qTVKW936q/grbWZgmlcvzXPVOTtGT+8W0GyECC6eVVxXjBWn3241pBverbrYV0KuTawC3xZPvjgchrPGecjX8w9pXkaRrmlVNSpn/5lL3XP7r4UZfijcAjKmaX5TE5Q==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB4393.eurprd02.prod.outlook.com (2603:10a6:10:2f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Sat, 26 Jun 2021 00:45:32 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4264.023; Sat, 26 Jun 2021 00:45:32 +0000
To: David Benjamin <davidben@chromium.org>, Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <062ba89f-15fb-669e-b1fb-cf6c71fc88a8@cs.tcd.ie> <CABcZeBOFZN4Ra5d6pc9Eu-JjTWP7OaRivsTTjhWoK7aq68bMeA@mail.gmail.com> <CAF8qwaBFYtk0oSKPShKqzfs-XkQzUzwsHB-Sj17B0PqaijjNXg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <e709ae08-55cf-18cd-f883-335c28339ba3@cs.tcd.ie>
Date: Sat, 26 Jun 2021 01:45:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAF8qwaBFYtk0oSKPShKqzfs-XkQzUzwsHB-Sj17B0PqaijjNXg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="okW9DTonEePWqy3X3TuB0iOstn6Xfxx09"
X-Originating-IP: [2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1]
X-ClientProxiedBy: DB6PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:6:2c::20) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1] (2001:bb6:5e5e:b458:4f0c:fe4e:42cc:a3e1) by DB6PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:6:2c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.13 via Frontend Transport; Sat, 26 Jun 2021 00:45:31 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0399f654-dcb3-4a75-88d2-08d9383bb3d1
X-MS-TrafficTypeDiagnostic: DB7PR02MB4393:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB43933AD64EF09538FD88F07BA8059@DB7PR02MB4393.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:2276;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: pcev0vgi19iZay46MmfGME2ib4hL4XyImAweq1t56ms9LYgvI3jjQ6Imum1ywtghQNHO0RX+FMtB2IALLnZdnYDMBwPeI3B8ZTj906yq4Djp5gsUGOQK2tCUmF4H259SV2eoZQzIMUuOGmR9U9stV2HDXr6NWelL/XUm6MqSfMxsS5nr3l1DO4XT4siMlXlqR/N6HGkF2k3kvG4JZ4ZkkRmOB2Q+yc/0NnpMsxHFvbhAasD4Z+iLKSWamzAe98rId6AELYj0IziJ5tec6FnpmNV7EfxfMqFLKoL5gMkk05XsFjRqiyBavIre3kqxNdh1ECVU+nnBWQQn4WbUj6v3j/QN7hfjMnoCXLfIcCGJ8TDUwOYV8TujIRoRi8ONwMPwo5YDRJ44NRM6GyAw3BAzv3LX8qkVdOjMnYT+aVzJzLiLwvtnT1oHoAST8nLLDkCoih+IKKbm4R7a428Fb+mpLWd0zu47c85vZQ6J73pwiIfdset3j2OtA25SrKl0Cth7u941jXlZl50AgFhlvUcGMK0z8+mo9CQYC0+jqd2Ic0wjYo1RROtx7xF43S2MtkD+q59SmlKLp2qusFakwWGZHWZmgmHWijHTPVILDdivynTwPLOhD88e/yP4uq0icMU+wBuDRXcQYnL0y21j+HJAE/Oh2GLrKEUXfFBOaJXJrcZeC47mvM6J/6H3hOh9Acjv
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(136003)(346002)(39850400004)(396003)(235185007)(2906002)(53546011)(31686004)(44832011)(66476007)(33964004)(66556008)(86362001)(83380400001)(8936002)(5660300002)(8676002)(66616009)(66946007)(186003)(786003)(31696002)(6486002)(478600001)(36756003)(21480400003)(16526019)(110136005)(4326008)(2616005)(38100700002)(316002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VHgxckVrbURxN0ZJMXRQMUF4bnoyL3kxcGx2OVcrYXFXVjAwZ0ZaV3E0Z3ov?= =?utf-8?B?UWNsclNKOXdRQ3I3OFpOWGJsUFVZSWtGanY2blZwUjRDZlpTT3h5SncvNThK?= =?utf-8?B?TEsyUGNkSHJMc1J1TjN5eDNJQkpteTFTSDlFUG93WWpEMUk3QUcyWlBxcG9l?= =?utf-8?B?bEI2cUN4ZTNoOVdaUGpwd3NpdlNML3M2TmF2STExWkdkMGFPcjRaNU1iV2Fn?= =?utf-8?B?QmVac1BRN3pqTjRaS0krR1lVY3pSR2phSUNuVklJWm1IWW9oQ0EwcGI0aUN0?= =?utf-8?B?RDVxeGhIVWY3cFRpcXhtbGFnbWRuYk5EaDJJMzE2T1pWb1RCUW53K1UxYTVi?= =?utf-8?B?UTZGUlMyVDdZU0lnVjJtNlRkNmpkUmlOUEhVTEdNK1gxTWxRZ3YzanczQWZr?= =?utf-8?B?c3pXMGhPRmZveElFazdyU0orcUZLeXRmY3FleGJYdndOV25GOGFxUUlKZ1k1?= =?utf-8?B?NTJQQ0FXOXNkSGZ6NnIyQjRPUklGV2FmdHpLbC94TTFLTk81d2dmQnBIOERS?= =?utf-8?B?SXl4TDYveUNORlpwa1Q0VnpJUzJUaWRxL2Vnekt1YS9WSVQwVXlyZWlsOHhB?= =?utf-8?B?MHhpbHplOG1ORUp2YkI5QlVjd28wRjRYWFBYaDN2YjQvWlFkeTNKWTZ1YzJq?= =?utf-8?B?dkdsVjI3cXFyMGVFZGEyZlh1dXFoNzdKc3ZLQTFHRElPK2p6ZnBCelVNYjVB?= =?utf-8?B?YkJEK2dIWjU1UE1QYndhM0pvaXFxbHNSd3g0YlJ2OEMwT29OZndxdzhWcmNi?= =?utf-8?B?T1hUd3lTekdyN3B1cEpuazcxcjZRUlV3eGx4anNQYjNYOW5oUGgvV1JCbXZi?= =?utf-8?B?bWxaOUtzZ25RNVM4R1FBNHNFbVZoRmhHREZFNGtXOWdaUHhsV0pLS2R6dmpu?= =?utf-8?B?bmx3T0lZRllwNmlXNXJQN3NabjVITm1LblNZV3JsbUM0UjNoR3dBbkJjdWxl?= =?utf-8?B?U2tUcmpYaEkraEJuVXQwa1MwQm9HekJTbTJIUDU3SzMrcnVZQndoZFFVeHdu?= =?utf-8?B?ZGI2cnpLOHZnQnY0YmRDemN6ZGNWZDlnSlJ0Nzc1NFhaTXJrK1BNekJURWhr?= =?utf-8?B?VVIwZkdEbm9HMVFGYXA2Q0NCRGNVZDloMFJybXBHeVRCaFhyU0JpTnBBQ29n?= =?utf-8?B?Vlh0TWxaRlpzVmJUYlBhMmsxZUdaZEVzVXFmalJvaGI1ODRQOU0ySmgvSVZO?= =?utf-8?B?M0JhelUydzk1NkUvTGJEeE0reFpLdGp0SUxwMVhQQXBRVkFLbURMbFQ5eHN0?= =?utf-8?B?U05BVmFEcW5tVHcyMmo3MFhobFJhRkJnQTRtT1ZqWk5FRHFqZlZ5TWhYcTZ6?= =?utf-8?B?eCtoS25tNUo3Rlg3UTdMZXFkREFpbU5RK3lYU0tlRFgrYzJrMEwyUENKMU96?= =?utf-8?B?SEx2ZkNRd2RMT2hWNUNXZkNkSlZFeFl2cDZzWEMvWHVFeENnaEVMK1VoSDlQ?= =?utf-8?B?bk5vSmRiWXdYOGFPdURmQ3NKVFlJUEN3YjgzODh6MTg4WldBQ21PWnlzVUYy?= =?utf-8?B?U21BUDEra2VkZkQ0d1BPY3k0aW05SU9kZTNaYWcrY1plYjVzbnZlRTd3V1V2?= =?utf-8?B?Z2pwaTBLK29UMHNTaHFOdStPbnlBQ2dxamFTRzRlbWtPc0piQ3Q2YkVPZVRh?= =?utf-8?B?UGhNQ2I4ZEpOVjlVRkgzYUk3dVJ3dTg0MUl3RTN1dkZydWthMjNUV3ZkN0wx?= =?utf-8?B?SGRGZFZISm9mY09hMHpQZFpzNWZaL01Rem5TZEFtOGYvYUU5UjZ3Q1pWL04z?= =?utf-8?B?K3FFZklzemM1akdNbDZ1dnhMUEtFcVQyNFVkRzBMYzlHdkI0QzJqSjlQVnhh?= =?utf-8?B?MFNKTnR1S2RqYXRzN25LbVVIMVE1Qmx4elEza2dyYXNSWXRVNVpXMXFyY0JV?= =?utf-8?Q?2JAR9UWjJzFmA?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0399f654-dcb3-4a75-88d2-08d9383bb3d1
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2021 00:45:32.3873 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Kvk5HvU19+EsmYgBWjjrHwEtsKRq6kSi78/3SnbQg728SjxJ3y2GfvW00S+rH48h
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB4393
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qLZd4vh2Mn0RYpC_BXRjGdx_T0Y>
Subject: Re: [TLS] ECH and resumption - what to put in SNI?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jun 2021 00:45:43 -0000

So I guess we're landing on "if the client got a ticket via
a session that successfully used ECH, it MUST send a fresh
ECH when using that ticket"? That's ok I guess, but maybe
some more detail is needed...

On 25/06/2021 17:01, David Benjamin wrote:
> 1. Either this layer knows how to set up TLS, but doesn't know how to
> establish connections. Low-level TLS APIs look like this. This layer must
> take both the transport connection and ECHConfigList as an external
> parameter. Resumption works orthogonally: the layers above run through the
> same connection establishment procedure independent of resumption, so you
> won't have any more stale of ECHConfigList for resumption as full
> handshake. If this layer doesn't know how to establish connections for full
> handshakes, it doesn't know how to do it for resumption handshakes either.
> 
> 2. Or this layer knows how to establish a connection*and*  set up TLS.
> Maybe this is a higher-level TLS API. Maybe this is the
> MakeHTTPSConnection() portion of your HTTP stack. In this case, the layer
> is responsible for DNS lookup, evaluating HTTPS/SVCB queries, and using the
> ECHConfigList. Resumption is equally orthogonal: whenever you make a
> connection, you do the DNS lookup, possibly using a cached record. Then you
> check your session cache. Use ECH if you have an ECHConfigList. Offer
> resumption if you have a session. Do both if you have both.
> 
> In both cases, resumption doesn't affect ECHConfigList availability.

I'm not sure yet that OpenSSL matches either 1 or 2, (I've
only done some basic tests) but in any case it seems like
the client could have a ticket cached but get an entirely
different SVCB RR with a different public_name the 2nd time
so I'm not sure that things work well in all cases.

S.