[TLS] Re: Port number and ALPN of ECH client facing servers
Martin Thomson <mt@lowentropy.net> Mon, 09 June 2025 07:35 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4F93A328FFFF for <tls@mail2.ietf.org>; Mon, 9 Jun 2025 00:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="ixoFDOkJ"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="E7a1XFCC"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j0rWF_Uk6uZJ for <tls@mail2.ietf.org>; Mon, 9 Jun 2025 00:35:31 -0700 (PDT)
Received: from fout-a2-smtp.messagingengine.com (fout-a2-smtp.messagingengine.com [103.168.172.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 57B17328FFFA for <tls@ietf.org>; Mon, 9 Jun 2025 00:35:31 -0700 (PDT)
Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.phl.internal (Postfix) with ESMTP id 3E47813804A0; Mon, 9 Jun 2025 03:35:31 -0400 (EDT)
Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-06.internal (MEProxy); Mon, 09 Jun 2025 03:35:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1749454531; x=1749540931; bh=l2GCiRJPVs2lBAFjGMPjrz9zXKZPKMEgkpvav5dMagI=; b= ixoFDOkJcF0InlJhpKXlTGE2wPXLhu1fIkPU9srjZeP/Y49/0H0YVMOH4JCOvBmz 1jKZ0ebPQ/VP6sUnJ+OgVbEpqsw2a8pjdcyxNIUTg2LIZ09TlJTOOUBFe935yDd3 doIo5G9NynwM1onzUQ4z/KLhu8lOpqUYQ5XjWGHcJvV9s1F7Gj5CgQx186NVAqZa dAQf4jdPkb62QdkzWooRmK7kkGq+E/XqyjMh3pKrl2ozYjyPaFFE+dgZ36fqg4GB 5RjI0YE8xgqxiE4TW3BwcOLD5AaFX6BLTybx2xLdma3XRsQUf4eNHijy5dEMceZz tI+/I6DiOjkksel9KSQb8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1749454531; x=1749540931; bh=l 2GCiRJPVs2lBAFjGMPjrz9zXKZPKMEgkpvav5dMagI=; b=E7a1XFCCjpNkTo/6b //zAbjpxmSkl6nXN2YnsQxs5X0rnw8p1MSYxbimuZH1KP1TCrB3IoXgPQa8SGwVy TRzVUcboBEV7fBY1hXdCGc8wTaWg7zbw77KIPRFIPZEu8IQ4ieSna4i75eBf2AHX 7E9INapZ4PSPakZSPLuarkMZaQTU9v6bhudQStDz1bC2CU7O1Fdzp80Mw8b0CpJt ZVSKcmFgqrp58t2wX5jxi6fCQnbt2BnHOCRvSCcBe2zPQN/v8C5sytaE43EfgN0Y Tpg73cuizOQTQm62wEk3yk3qKqVHYVL1gT9M5UHtJGRRqHuDDkPqn44xmEE/E4ys TFzzQ==
X-ME-Sender: <xms:wo5GaMzIamzp5YWTaYCcjYW0L0lUnHB17t2gT4mGb6WySvFtRE-rmA> <xme:wo5GaATj5GUD6kvw0FZQ7wHVRR03pqfD6NQj4JYRpAkvE-jHDdmb-7P0EHdhn31iR mZ7_SyoccLbTJF7ofU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugdeltddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepofggfffhvffkjghfufgtgfesthejredtredttden ucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhroh hphidrnhgvtheqnecuggftrfgrthhtvghrnhepffetveduudfftdfhfeetueeiteevtedt tdegtddvvedtffekveeviedvudefvdehnecuffhomhgrihhnpegvgigrmhhplhgvrdgtoh hmpdgtohhmrdhhohifnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthdpnhgspghrtghpthhtohepvd dpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohephhhuihhtvghmrgeshhhuihhtvghm rgdrnhgvthdprhgtphhtthhopehtlhhssehivghtfhdrohhrgh
X-ME-Proxy: <xmx:wo5GaOWYer2cwSLAMFB1eKea2cooqtIYHMfKGWOxb7_o6kEs02gO-Q> <xmx:w45GaKhDkKDfOO-QlIIdz0OJ2RJ_Vp6pYxz-yMj_yq-i6ZyjYJSo-g> <xmx:w45GaOCCWUWPVlIuOyqM-WkGFJJLhyJUEfHlRdiMuiu3-ShGyTD08g> <xmx:w45GaLKVGFq9lafSyv_HLdXIx4GIOucqpeY28pJL2cYUcxWFVMIJhw> <xmx:w45GaKzvOuQ1LtZtwqKjSldblkXPVaZCa0OGp9XxGijUJWW0fPna4X08>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id D74A8780075; Mon, 9 Jun 2025 03:35:30 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T7bc525fa904266d8
Date: Mon, 09 Jun 2025 17:35:10 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Christian Huitema <huitema@huitema.net>, tls@ietf.org
Message-Id: <b660a55f-af83-46e9-b460-abfde942523e@app.fastmail.com>
In-Reply-To: <8669d982-00e4-428b-9c9e-553241663b94@huitema.net>
References: <cd762457-4949-4b1d-8cb2-c46ecc9700c6@huitema.net> <ME0P282MB55874535EA95DB504B806C5DA369A@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <8669d982-00e4-428b-9c9e-553241663b94@huitema.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-ID-Hash: AZHXTQD232ZJ6VGVIIPWT7WAYDUOLUIT
X-Message-ID-Hash: AZHXTQD232ZJ6VGVIIPWT7WAYDUOLUIT
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Port number and ALPN of ECH client facing servers
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qNeFXn9KTT2ob2rvX84tPVu8hls>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi Christian, When it comes to ECH, the client won't know about the existence of a backend server. The only thing that the client needs to know is the name that it is seeking to connect to. Whether this is in split mode or not, the protocol works the same. As for the question about ALPN, the general view is that ALPN values from the client are in the same bucket of things as other configuration: they aren't based on the choice of server, but on unchanging configuration at the client. If the client is using some new protocol, then it would advertise the same ALPN list (including that new protocol) in every connection attempt it makes. As a result, there's not much value in trying to hide the ALPN list. This isn't entirely clear in RFC 9460, but you can see from the example in Section 7.1.2 how the DNS record should not change what the client offers. The purpose of the ALPN parameter in SVCB is not so much to change what the client offers in the ClientHello, but to allow the client to filter out service endpoints that only speak protocols it doesn't understand. On Sat, Jun 7, 2025, at 17:04, Christian Huitema wrote: > Hello Raghu, > > I understand that logic, but what if public and backend are using split > mode? The IP addresses of public and backend are different. Using the > backend address for the connection immediately reveals that the > connection is directed to the backend server, even if the observable SNI > says "public". In the split mode scenario, the expected behavior is to > use the IP address of the public server, and let the public server relay > the connection to the backend. that implies: > > 1. Get the SVCB record for `backend.example.com`. > > 2. Get the A (or AAAA) record of `public.example.com` > > But then we cannot get the port number unless we download either the > HTTPS or the SVCB record for `public.example.com`, and to get the SVCB > we need to know the ALPN expected for `public.example.com`. But we > cannot, because the "public ALPN" is not part of the ECH configuration. > > -- Christian Huitema > > On 6/6/2025 10:25 PM, Raghu Saxena wrote: >> Dear Christian, >> >> I'm not sure on the ALPN side, but form my understanding of ECH: the >> `ech` param in the SVCB record contains the `public_name`, which is >> only used as the "Public SNI" for the initial TLS connection. In your >> example, assuming the connection was intended for >> `backend.example.com:1337` , then two DNS lookups would be involved: >> >> - 1. Get the A (or AAAA) record of `backend.example.com` >> - 2. Get the SVCB record for `backend.example.com` (with potential >> port-prefix mapping). >> >> From the `ech` param, the `public_name` will be used as the SNI when >> establishing the TLS connection to the initial intended port (on >> `backend.example.com`, i.e. 1337), and the IP address that >> `backend.example.com` resolves to. The client does not need to worry >> about `facing.example.com` other than setting the SNI extension. >> >> Regards, >> Raghu Saxena >> >> On 6/7/25 8:32 AM, Christian Huitema wrote: >>> I am implementing the ECH draft, and there is something a little >>> unclear. >>> >>> Suppose a backend server "backend.example.com" implementing the >>> application protocol "example" (i.e., not H3). Before connecting, the >>> client looks up the corresponding SVCB record, and finds an ECH >>> parameter stating that the public server is "facing.example.com". How >>> exactly is the client going to find the ALPN used to connect to >>> "facing.example.com"? What about the port number? >>> >>> Yes, the client could do a DNS lookup to find details about >>> "facing.example.com", but should that request be for the SVCB record >>> corresponding to the "example" service, or for the HTTPS record >>> corresponding to H3? >>> >>> Obviously, the practical answer is "connect to `facing.example.com` >>> port number to 443 setting the outer ALPN to H3." But is that the >>> right answer? >>> >>> -- Christian Huitema >>> >>> _______________________________________________ >>> TLS mailing list -- tls@ietf.org >>> To unsubscribe send an email to tls-leave@ietf.org >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS] Port number and ALPN of ECH client facing s… Christian Huitema
- [TLS] Re: Port number and ALPN of ECH client faci… Christian Huitema
- [TLS] Re: Port number and ALPN of ECH client faci… Raghu Saxena
- [TLS] Re: Port number and ALPN of ECH client faci… Martin Thomson
- [TLS] Re: Port number and ALPN of ECH client faci… Christian Huitema
- [TLS] Re: Port number and ALPN of ECH client faci… Ben Schwartz
- [TLS] Re: Port number and ALPN of ECH client faci… Stephen Farrell