Re: [TLS] Two Multi-CDN proposals
Kazuho Oku <kazuhooku@gmail.com> Tue, 05 March 2019 03:17 UTC
Return-Path: <kazuhooku@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A22130E09 for <tls@ietfa.amsl.com>; Mon, 4 Mar 2019 19:17:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqIrtKXwFy-3 for <tls@ietfa.amsl.com>; Mon, 4 Mar 2019 19:17:35 -0800 (PST)
Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E66DB127133 for <tls@ietf.org>; Mon, 4 Mar 2019 19:17:34 -0800 (PST)
Received: by mail-lf1-x144.google.com with SMTP id d26so5091345lfa.1 for <tls@ietf.org>; Mon, 04 Mar 2019 19:17:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=byBRAiOxZvgHIfzXyJag2vMA9pAeL85dWeFBgYso/zs=; b=FTci8/V2sMzJiG2CLZnUf86h7sTor+VMHWMExMNseFmZJgwGdaennSusl/X+k1hXaB h0Rl5QCwpfAVcz4RtCvyP6IOse2kFjmQoZqXVQgpyMr0qM5opIkBCTjzi+uE5orKG9LY M5Km5CY2m5gAohqSs4/77r2q+UFdYms8cVthDQyyFKGq/58ZbH3FmS9BquoXoSwkJS34 1YN/D8u7PfhMwllL+pLxA4iGiy42bhvqqhcGPzxD/w2/QKP9mfqQazsgRn4LhNJ8C0sT NP6x1UbHSfr28pssU9LbtSjzW9S50V2OkcyAXKVF94w+S/eTcicPUo00uXnXkpibAMqK N26A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=byBRAiOxZvgHIfzXyJag2vMA9pAeL85dWeFBgYso/zs=; b=EqdPSsLCysybFYUq3FWEfq+ulSlGUvLWy2MqhXWamrL/5c3PvNFwzhcjoNfAshtm1v PDUwzEqlFyss9XBvpn5aArIuiZ7Sg0JLwX2UeFqOvUg8qssS3vjsJcjqrDPi+tsssHsO 7jR81MoeSQPxJLYhVazcAg4mFSStp93N6n9QZ9QekxgWdtejxTIEYm0dTLtxCYAh9TQK +SmNNvJDjME+nvU4cnx6+ycrzeHmGRMwLCoAs5bio+dkB6Mr0bXfHOgG9/FZKRVYiFL/ O+biM45g9oUuTbCJ3YSHAnnp+m9UtOSPHpzHixOYGlKDXgBd6UpdFd3/bW01vsNJVnTv xepw==
X-Gm-Message-State: APjAAAVvvurRVP6LFe3bTT+ixwPbc0eyr0Cwoxx9mgDnuS9XGo5sIh5s /yTlP/5s39M+tT0GQWDJkdz1k6KwKM+FQXlzLKU=
X-Google-Smtp-Source: APXvYqw45BTm+LI7B6GZYeLRjU1gNiq6H4hYGBYu6WYWWwdxcHsp6aDjYaruSYtkgPq0VlAEkCodC2z1Ht1+1HuX7/s=
X-Received: by 2002:ac2:5228:: with SMTP id i8mr3237204lfl.162.1551755853048; Mon, 04 Mar 2019 19:17:33 -0800 (PST)
MIME-Version: 1.0
References: <CAO8oSX=sPoLo78oX4qEEyeuck7CxM_uAqYPHEsY7BuYqBUaorg@mail.gmail.com> <CANatvzwz4+4KiLhBmeKw2HQ_D8SukcGj0UtfeDuMhTME3Yfy5w@mail.gmail.com> <CAO8oSX=iNGima95b7-+0d=oypDrcXOU1XoXRt6cUySdP-KumtA@mail.gmail.com>
In-Reply-To: <CAO8oSX=iNGima95b7-+0d=oypDrcXOU1XoXRt6cUySdP-KumtA@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Tue, 05 Mar 2019 12:17:22 +0900
Message-ID: <CANatvzw2ENo9BZJZCDtJsmjcL_33BzBf+xSr+-+DAB8TG53Rrw@mail.gmail.com>
To: Christopher Wood <christopherwood07@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/svQNo9t1__zrq38otxrzX42CJBU>
Subject: Re: [TLS] Two Multi-CDN proposals
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 03:17:37 -0000
2019年3月2日(土) 1:57 Christopher Wood <christopherwood07@gmail.com>: > > On Wed, Feb 27, 2019 at 11:34 PM Kazuho Oku <kazuhooku@gmail.com> wrote: > > > > Hi Chris, > > > > Thank you for writing down the PRs describing possible designs that we > > might adopt. I think it helps a lot in understanding the details and > > making accurate comparisons. > > > > My comments inline. > > > > 2019年2月27日(水) 8:19 Christopher Wood <christopherwood07@gmail.com>: > > > > > > Hi folks, > > > > > > Below are two PRs that seek to address the multi-CDN issue discussed > > > on this list and in meetings: > > > > > > 1. https://github.com/tlswg/draft-ietf-tls-esni/pull/136 > > > 2. https://github.com/tlswg/draft-ietf-tls-esni/pull/137 > > > > > > #136 implements the combined or stapled record approach discussed > > > several times, most recently in [1]. It includes these via an ESNIKeys > > > extension. > > > > Reading the PR, I think that there is a mild privacy concern. The > > issue with the unified record proposal is that it incentivizes the > > operators to create more ESNI records possibly using different keys, > > which is against the design principle of ESNI: provide anonymity set > > by using the least number of keys. > > > > Retaining address resolution unbundled with ESNI incentivizes the > > operator to use less number of keys; for example they might just use > > one key at a time. That would be a nice property to have, especially > > in terms of transparency. It would help third parties verify that an > > operator is actually providing an anonymity set (rather than just > > pretending to use ESNI). > > I don't quite agree with this. Operators can already use different > keys across records if they so choose. That said, given the concern, > we could add advisory text suggesting that operators use as few ESNI > keys as possible to cover addresses. Having a guidance sounds sufficient to me. > > > Also, I would like to point out that it is only when one key is used > > by each of the provider at a given time that it would be possible to > > use ESNI from a network that blocks DoH or DoT; a user can write the > > IP addresses of services he/she wants to access in the hosts file, and > > supply the ESNI key to the client he/she uses. Such a hack becomes > > difficult under the unified approach, where operators could synthesize > > different keys based on various conditions. > > Good point! > > > > > At the least, if we are to adopt #136, I think we should change the > > definition of record digest included in the ClientHello extension so > > that it does not cover the "address_set" extension of the ESNI record. > > Otherwise, we would be exposing to the wire the fingerprint of the set > > of IP addresses contained in the DNS response the client received > > through a secure channel, whereas in the split record approach you > > only leak the ESNI key being used and the IP address the client has > > chosen. > > I'm not sure this is an issue. Clients that use HappyEyeballs will > already reveal the set of addresses by attempting to connect to them. Using happy eyeballs does not always mean that the clients are exposing all the addresses in the address_set. IIUC, a client does not eyeball between multiple addresses belonging to the same address family. > > As much as I like the idea of bundling IP addresses and ESNI key, I am > > concerned if the requirement to bundle different types of records is a > > requirement specific to ESNI. If not, I think we should (in the long > > term) try to create a generic solution, while in the short time we > > could rely on a more limited mechanism as proposed in #137. > > In my view, since these are both extensions, they can both proceed in > parallel. If some operators can support #136, and can do so without > creating many ESNI keys, then I think it's worth including. Operators > for which this is not a concern do not need to support the extension, > right? I think the idea of using extensions is a nice approach to move forward. I won't oppose to having an "option" to change the way the address is being resolved, as long as it does not hinder the standardization of the draft without the feature. > > > > #137 builds on this design with a mechanism that lets > > > clients detect and recover from A/AAAA and ESNI mismatch (if desired). > > > It is certainly more complex in several respects. A third variant, > > > which is not (yet) in PR form, is a simplification of #137 wherein > > > ESNIKeys addresses are only used as filters, instead of filters *or* > > > complete addresses. > > > > I think using IP address blocks to limit the validity of the ESNI key > > is a fine approach. I do not oppose to having a name-based filter if > > it's impossible for certain operators to apply the IP address-based > > filtering approach. > > Indeed -- that's the only reason the name exists. > > Best, > Chris -- Kazuho Oku
- [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Stephen Farrell
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- Re: [TLS] Two Multi-CDN proposals Nick Sullivan
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Mike Bishop
- Re: [TLS] Two Multi-CDN proposals Eric Rescorla
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Kazuho Oku
- Re: [TLS] Two Multi-CDN proposals Christopher Wood
- [TLS] More issues with current ESNIKEYS DNS appro… Erik Nygren
- Re: [TLS] More issues with current ESNIKEYS DNS a… Stephen Farrell