IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-esni feedback

Ben Schwartz <bemasc@google.com> Tue, 22 October 2019 04:29 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5333B12007A for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 21:29:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6J-H_Yx3vAON for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 21:29:23 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4819120058 for <tls@ietf.org>; Mon, 21 Oct 2019 21:29:23 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id z19so18814084ior.0 for <tls@ietf.org>; Mon, 21 Oct 2019 21:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c3ONm1YAdz/yOi1cz7uiFMteMwRWgu0PJ1xPSrzN8Ko=; b=I5ha4CApgRNs0KuGGr/rnBtzQW22v4PPt8FfxjBErkZ4NUrIoGKRynfaFXp9KboHun /S4fEvIFTCUlmOwkIY2TqEhjI+6VkOOJ0G/JITf1OFBKZc2/4MhM9FPQ+kELVjilvz/i rSs+Iat/tBHA71GI5d85HF9HLYKiKhMvGGiKaluMKi3P6HB5eMDW51fami5v1HOsYMCU wAZ40fyRVnn4gfQ7R9CiJEPKbj59aOvASZibv1eGrYRvxtoy2H2LqN7/h9s+477C5pl9 HxAumubOQ9CvytwYgCzsZCn1dSQNMkpwxTCZ0jzBYjafXD65cbTas9jeUO3XgkGXW8VH H26g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c3ONm1YAdz/yOi1cz7uiFMteMwRWgu0PJ1xPSrzN8Ko=; b=JuO7SeOgikzUpKsREe+CSgeGca/drdAXrWCsiKDuo3svTS9o0KxHNvrpy3LtzKbKV0 +EjQTljL7bqBhn1XZbdIfsKZ0wk5paS1mSrxw38L8mL/ca5gHzaZImVMFQDHbo/5ytBN hDEAIBnYxnBFSom/P+GGchmr8l2rj+99cRmJbaa0FSxKmSLMO5o7G4hYjFhlSkznU9Kq 8gr5fKgMWVZzrhDi9pwR+C0FY32+Cy5ED+LjgkDz1QEIZiZz2UyHDklsjIVqTCTn8Vej AYQEi+7K74RZ50OEJviPR5p04L+vV07uXg6h0cyWVrwTl6EDLnVFxs+qP49F6bTJPm/A 4O5A==
X-Gm-Message-State: APjAAAVNTqLPSwiyarOGIEA/CR/shBeZEeBntZhrqB3PNx9+KmxcaVcl 0ew0MV/v0RlCaJ5Phv0OZtuuWyNuwiJweuyxpo9hgeqKnBD1eg==
X-Google-Smtp-Source: APXvYqw1FVq1GsYQCXgPxroe5DuHxi1oU4zffy+/Jus++3weA9+QqVDw1+dvunpbYZ6H5feyyV7v+pUnZyd38605PUI=
X-Received: by 2002:a6b:7a4a:: with SMTP id k10mr1594847iop.193.1571714863337; Mon, 21 Oct 2019 20:27:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBPbw_KOo_ieSqkksYPeLtb9DufBz628oFPYc_Ue4S9iww@mail.gmail.com> <CAChr6SwB+7Jt2TLJSQh3q=Roizdt2=9jCBa9nq8KRxRo=86uZQ@mail.gmail.com> <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com> <CAChr6Sz6xHtFWjOKrLp3sp9MpC-SoU9Sx=vk22ditjShA7B=Kg@mail.gmail.com> <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com> <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com> <CABcZeBOy8ogJrmFajxX1pqjqgnE61gE=c3CWz+pp34NWHmGKbw@mail.gmail.com> <03e15760-dfce-cd7b-baea-56ac70d92192@cs.tcd.ie> <CAChr6SzmpSn3Q8tBi+Pdc+Bq7stiukbufbh-jDt+AEtrkV8XGg@mail.gmail.com> <f87c2916-d03d-2715-7b36-7b70fead8df4@cs.tcd.ie> <CAChr6SxfT0ed5J89siGX23A0G77BJQWxFRDoJ1w0v7=5O0KERw@mail.gmail.com> <8063bb12-8462-53fa-fa62-1e5abb1a652e@cs.tcd.ie>
In-Reply-To: <8063bb12-8462-53fa-fa62-1e5abb1a652e@cs.tcd.ie>
From: Ben Schwartz <bemasc@google.com>
Date: Mon, 21 Oct 2019 23:27:30 -0400
Message-ID: <CAHbrMsBPJqzaUSa42gGq45MfsTvCVW7t95q3feWEiSYeSN9ocw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Rob Sayre <sayrer@gmail.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000a69a610595783e8e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qZpphA8CdHUxSWiWWu8q1LPdcuA>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 04:29:26 -0000

On Mon, Oct 21, 2019 at 3:24 PM Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
>
> On 21/10/2019 20:14, Rob Sayre wrote:
> > I have seen MTUs under 1500 many times, but nothing under 1200. Is there
> > data on this? (I honestly haven't seen any)
>
> My assumption is that maybe 90% of names are <60 octets.
> That means padding_length of 260 is wasting roughly
> 200 octets, almost all the time (hi there GREASE!).

Note that the current text in the editors' draft says that when
applying GREASE, "The padded_length value SHOULD be 260 or a multiple
of 16 less than 260.".  We don't need GREASE to send 260 all the time,
and the draft doesn't recommend it.

Personally, I expect that 260 will be rare for real deployments,
because most systems serve a fixed, known set of domains, and those
that serve a large, dynamic set probably already impose a tighter
length limit.

One intriguing alternative would be to define some ESNI ciphersuites
that encrypt a strong hash of the name.  Then a server with a large
but finite name database can choose one of these ciphersuites,
pre-compute hashes for names when entering them into the DB, and
quickly invert incoming hashes with a DB lookup.  I wouldn't want to
make this the only option because it can't support true wildcard
servers, but I think it would cover most potential users while
limiting the length to 32 octets or similar.

> If that's 20% of what remains available in an MTU then
> it's still wasted as it'll no longer be available for
> whatever other things people wanna send with or add
> to a CH.
>
> Prediction: if we stick with the current design, in
> a few years, if ESNI gets widely deployed, we'll have
> to revisit that aspect and come up with some more
> efficient way to solve the problem, and that'll mean
> ignoring the value 260 in then-deployed ESNIKeys;-(
>
> S.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email