IETF Logo Mail Archive

Re: [TLS] ECH Padding

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 22 June 2021 22:12 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3AD83A1C45 for <tls@ietfa.amsl.com>; Tue, 22 Jun 2021 15:12:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.338
X-Spam-Level:
X-Spam-Status: No, score=-2.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.338, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEXiDTYCkp8s for <tls@ietfa.amsl.com>; Tue, 22 Jun 2021 15:12:26 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2092.outbound.protection.outlook.com [40.107.21.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06E63A1C42 for <tls@ietf.org>; Tue, 22 Jun 2021 15:12:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CXO0yxr2dh9Zn2/SqKJuDneVCYzeuCMaqTJcUgU7ILLpE1gd7rTMuSGhILFzWdv7lcwg11YeztqP6ZLuYiziyRjPnALD4P+q7rp+x7bVgQvVmRGK5Xiw8E8c6AZy35Qd2RYy/q4LVTXGJRXS+EhgZvn2ibdqtNbjbCZzTsu2Svc1nJoVVG5/SVfS0aOa2qkXmHW4DI2TlQE9z1caCF/nLdxH2qxj65pGMMS0NK2rWfh1j1BcGmDtV8HayFN9cn7jvq8xOK019pImMoFG9AvsKnu1bH0/ih9qPXnIqYo92IF6YB0R+HtIf6BnC5af4jCkLQTkr0sBeWU9xKXSO7aGiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FUGfWKYNzjgU6JsUEvW/GLdqbdIETlRVqcpkj185jbs=; b=GCqcmNpt7e72+4aUNo+iXs0NEGsLAW8HCALh9mAMhpqiHQdZWiTvjpNYB0DzO9BaP4bgYlaHFMCWhqJTsubIQlQPbUf9HOZBEa8UVW9zbo88+LkPzaLZGq9vrmiNk9pKA1JyMYIWDb3OKXhJmhI/qVlkyZM4E3iRjs9gn+OLHOWic63s6PvLJHjZcpXbxk0l7sj95aUy1+T3+zmlCJyjhDprYST97xsjq72BdAzFLfR28wNW6MuI8iG9enVKBuT+BUvxRyhU7QYpNlhIhnd0sTNOAKGf8zfmXA98SGjTcXTLt8kc39dre4oQuUHIzizHsinunpNQZQzGS0GQ5YRPrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FUGfWKYNzjgU6JsUEvW/GLdqbdIETlRVqcpkj185jbs=; b=UhRyxsWHv+c/x2bDrBp2mZmIpBsdJF8nKrJvGpSlGJemkrFWSgNXRMFUsz9MnQC9k38QZzSGq3rKWLoGgWmYWxrxCyIzUsZX8QcQP9rwwx+4s7LPV6MVxcHyvUExO/2e3aw1WjC75s0Re4Zsn/y5qN3HFuk+hjGiGUiAYJA7csL1JMq6URtR9scIBG26oIv3g/t6rV5HT89FSq/AJxw7tah/apNttD4xl/wltDYnvtVQ4RCenAL2xA0XLDyp7H65X8l9qsurx924tLVx2qQqr7CB/R52HT94jNPl4YUMOhvtapXwleBDj5QTsrB15SPzDbuTsRiKnn/AMLiReFznlQ==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB6PR0202MB2742.eurprd02.prod.outlook.com (2603:10a6:4:b6::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Tue, 22 Jun 2021 22:12:22 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4242.023; Tue, 22 Jun 2021 22:12:22 +0000
To: Christopher Patton <cpatton@cloudflare.com>
Cc: tls@ietf.org
References: <CAG2Zi21oLUmoNLXVD7QuOOLre4XZtxJxt=2SH_ELkigdUT9m6g@mail.gmail.com> <8f249b27-7ea9-d044-fb87-e2af6b26175b@cs.tcd.ie> <CAG2Zi21fgKV+CmqHiaOYCgd7Cf6-Zpj7oqQuMZmuJrxYA7Yxug@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <a4e8be50-f513-b4d1-8989-abcfd5157c60@cs.tcd.ie>
Date: Tue, 22 Jun 2021 23:12:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <CAG2Zi21fgKV+CmqHiaOYCgd7Cf6-Zpj7oqQuMZmuJrxYA7Yxug@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="6AJfaHNXhDpcnX2ZJITb0k8CprhDVjehv"
X-Originating-IP: [2001:bb6:5e5e:b458:7aa2:cc61:e4c1:c208]
X-ClientProxiedBy: DU2PR04CA0208.eurprd04.prod.outlook.com (2603:10a6:10:28d::33) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:7aa2:cc61:e4c1:c208] (2001:bb6:5e5e:b458:7aa2:cc61:e4c1:c208) by DU2PR04CA0208.eurprd04.prod.outlook.com (2603:10a6:10:28d::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4242.18 via Frontend Transport; Tue, 22 Jun 2021 22:12:21 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9189102f-7fa3-4081-f272-08d935caceef
X-MS-TrafficTypeDiagnostic: DB6PR0202MB2742:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB6PR0202MB27428C1693022F1FC5B5F719A8099@DB6PR0202MB2742.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:289;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 63152sdlidLQpBN+HAlx65nV9xuG/MAT255uDuw2X02nXkPxQQQur/+Ohd3NIN4W5WHyXwQxriJq7nx6JcPOc2XzWpcDClVb1RHf60ucxtBrRzdnJHJCwGVkfUu2V50mBXLfliOoIzvfvJ5N5rmf9T0hmNJR6uhRaFOJ0rzwTwmaHc0824E4BXr7p6PHOu1evvJesumrGXBXtnD4cWgaXlJywVRET9y4LXNOi/4Qm7Z8wPY1adjTHWVSD+edfNRvYOxsc/vH9GFz7WLsMF57v98l7fJxu9Yg5jscDPs3TA9xpNYBkAXr9Rw1gvRztDkqHTbqNxTcfVQMZE743FKNh+Ow0DIJs4TLsRVpyr+5qKmL1wg6JJyx9U0r0Gx8/OH4fDPYt/Jgax98P3uiSz0sN2Xzxx5+tVUJty6cGO8Eo/25mPrqBCkq9QvFmMMq2VTTUCjCtgOlsoXohHzMWCdTYWPgTET/OCwOcqmbuWZCd4G02SI/weQQalmjBuz0v+5xHv4MmnmgYBd3FgG5p/2S5khx1i1YyMKkm07eQimNbutvy+iCj4X0ZlR5F3AtWJQhpD56LukWMJEGWPNUetsZSv6sj3gEIpHLTCe+re9lkBoJQtMgVdM6Qj9NpbZ1wfpA53KyKGCfILUZhkGvFW15mc9Ww40DuuUYcEEqDeAWE4+DTjOBmyeGfHRZYUoniqy8S8x2tr1JP14O8dDJ5H+cdJTg+Ht0XIq5dFPK714cFlQ=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(136003)(396003)(366004)(39850400004)(2616005)(2906002)(478600001)(235185007)(6916009)(36756003)(5660300002)(4326008)(31696002)(44832011)(6486002)(38100700002)(31686004)(21480400003)(8676002)(53546011)(66946007)(186003)(66616009)(66476007)(66556008)(16526019)(83380400001)(33964004)(8936002)(786003)(86362001)(316002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 7U6sdxt42GUP5wthxEDf0/IL6PhKy1amYrEMcLkIkCYaWgLCf++quHDZp2BUT1j2V79aQMJ+p7L32frZ6G61bYYCMCh1gwKl4AGAulWomAI7wYTcxj9LN8YZLGdY5ldtTzmYH9LKp6PnB/qdTDfLROMjOnbceA/MzI5ka2D6l/pDrLzKBf1UIa2f5sKSsLXBNGEwq4TkMo0GOvpkJcMc9gSg62KjSfTHH0E5w+3beTvh4OMt87lxn+2mOiVB6B677qIWAaXnD3V5RCl+rCL35buyXM8iLLJW5JdLMUqak1nrEK2KULuKFgU5t03vYIvBbcYDi1xbQwPELjT1A5qPHTIFAeNBAudd+J8sNL+sokS2V0qtlOdCg7mgJgbs7NyLAr8t+UVJPKmaYYug8B3czxfic4Q0MM8uSBo18NXjWTycEa2e2Hmlh+zq/KkzaQHNzvLg18O2K/pYeyF9U3huzWAK76hpH+HA2Nr0Wgc6NXSsg+aSKtEgoBFx+txsH48uPJjn/8qxCahnupFFYjo+eo7Rm252LcpkzUsMtk5+2WUXWNEjSi8vUztdbi+IEAJUa2RI79A+nm9SEjSgsjXJ2OmsH5tVZxC/JQ/+yi6c+pZvJbfIzPwshPna+kUzavSNGgZUWhL4Cm3C0WiJfbcrKZGwzeMg+2Tfn4ej/8GsXs9zg27v98EDRBRf5HJL9Og6ToFsTojQep//RLox2VCh2fHHi5nD2ocfTgdzni3CZr3zgFYhuQMdXSkPatiEXIMxSwTtU3x6bVLUkj/cws1WkI4bfYX20yS9VPvoS5nRuqpXqOLDrfqJuF/DfVxMvUkv1W0CoI+88krFlx0UbFwpJUN+xJS7ebiI0FwrITmVYk6kXldInsnKztpmlSStV1brXlzTWtBsQOoGjHa8xBIy6xmaqLYmm6BJC2UebD/HnF+EWMtULw930RN8DA57pHsoB5zAwmoqKPLLVj7OYueQWGbUzpg46mO7SuneXD7LW77RVqiQ9HYy7msvsox/PH5hViBesx2tMuf/OP3hWhFNIdkM8jOZqa74XtgGpdInZlrZv5/jPX5ZVRw6Ry+pXXWIbKo9h75QOAiHhlkUzQY2KKeANe4prqojfPAKB+JdZ1b4H5xg+EXN1iKVHAZA4FCm7P3lxb5CfJPv2P+Wf/4DJHoDyzYPL/0svtTaFAFsI0fmkBCVR987ly6eUm0ptYLG2H10VJ7GH17GIJHj/nSGPuErguLmygi5sIu1EMCUYjO4ZGoviOe0n4bvVLMFEtc5g9x90cU3SGBBrJ5GYeT2Tcd9GV1XDfTbh/WSnZQiGM0Vz9Qb/at6PmU26WBImciS5nZdh+lQmcSXbEEtDwFJx9zdhlCYJcR51uKJ5JVey6rVR6lyPFsDU+eu745jZ3ec
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 9189102f-7fa3-4081-f272-08d935caceef
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2021 22:12:22.2232 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2mnnuq35uCJ7hF1eKo7TRO8gCAqyfhV8FbkiPm2e2wgEPqbavIjjQFMoV+4Mbmu3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0202MB2742
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qZE_vGoAo4rsPqHrXxAq7DPUoqs>
Subject: Re: [TLS] ECH Padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jun 2021 22:12:31 -0000


On 22/06/2021 22:57, Christopher Patton wrote:
> Just to be clear, (1), (2) and (3) are not alternatives to the same
> problem. (1) solves client-side padding, whereas (2) and (3) are
> alternatives for solving server-side padding.

Apologies. (Though I put part of the blame on excessive
githubbery leading to a lack of clarity and ambiguity, as
is my habit:-)

I can live with (1) and (2) but only see any need to change
because of the QUIC argument(s) - absent those we can work
around things and get ECH out the door IMO.

(3) is a mistake - a new handshake message shouldn't be
adopted until after that's been tested and shown not to
be problematic and I bet it would be problematic as well
as lots more work

S.


>

v2.23.0 | Report a Bug | By Email