IETF Logo Mail Archive

Re: [TLS] publishing ESNIKeys under a .well-known URI...

Christian Huitema <huitema@huitema.net> Wed, 26 June 2019 17:15 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08021120157 for <tls@ietfa.amsl.com>; Wed, 26 Jun 2019 10:15:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uo9nqJU5jUEd for <tls@ietfa.amsl.com>; Wed, 26 Jun 2019 10:15:41 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D83D1200FE for <tls@ietf.org>; Wed, 26 Jun 2019 10:15:41 -0700 (PDT)
Received: from [66.113.192.14] (helo=xsmtp11.mail2web.com) by mx62.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1hgBWF-0000bY-34 for tls@ietf.org; Wed, 26 Jun 2019 19:15:39 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp11.mail2web.com with esmtp (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1hgBU5-00060K-Gf for tls@ietf.org; Wed, 26 Jun 2019 13:13:26 -0400
Received: (qmail 30308 invoked from network); 26 Jun 2019 17:13:22 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.223]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <tls@ietf.org>; 26 Jun 2019 17:13:21 -0000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <7374648a-d684-87be-0807-219bc10793ac@cs.tcd.ie> <18514.1561564689@localhost> <e61cb6c7-af9c-4f8b-4f94-88dc56a7f6f1@cs.tcd.ie>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <f015bd0e-8e0d-ab1a-eab8-a0dc466e2de4@huitema.net>
Date: Wed, 26 Jun 2019 10:13:08 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <e61cb6c7-af9c-4f8b-4f94-88dc56a7f6f1@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="gIRn5EzJHPAecJ3XzmdTWQcDNRhLPX61w"
X-Originating-IP: 66.113.192.14
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.192.14
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.192.14@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.11)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0Ud2CCyxmm2KHETL0VYw/ASpSDasLI4SayDByyq9LIhVrc2SxE9pNZDG ErgofKLb0kTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDoOWO0i/H75teRGzF9TgV+efH zJ6mVE7ewsipSVIfs4avdweczmNomLVBsjb+AzIVk4hYVdSH4ilEX20H0GUoaCNjDPJzy/pY6GXD jinexCWZ3JKVmi72ocgY5kMQSjs7M7F7B+H4BOgiABPpiHhZId0M1NgpAM2NwqA2XimSsrj58/mr R3YJqKPtWOxo96AGbE5d/K7AdzmETkpmCtG845uv8+AJAs5OVVdGw7jzTmkPN6zV1i63NRPS95Qa zrdAxHhaG8a6cKotmFuikgQDTaUsT9OFUpjIFjDduQiJ6VhM3iIROxK9avuhN3JnLgS3DkvqOqBJ 9aVrZUoYpWrLEnGcecvnQdm/JLWjfH3wiRVsJe5ihH8+GrMkZTXyCNtMHuUCcH3gfGjK7M5vIGbB 4Ck4xAm9D8KTeKJT7gNACPdf22VzvjZVumvddWyl4okY6Z15kL45NrNm7a+6LGMNFCcF0nekcc7B cSt5SM0VNdjBCmhbbCq3hyQo9URXeCyGB5hQ6nsDvccjqgmDvD9Wh+WR/i26M8i/BRyXA9o1Cprq LJmyBFmzP8/pV+rk1GoSb9tZ+C5yOc2YAGkaEP1NO/Jhg8B4nm3RdGNDa3lYa0pSEPL0KP26CBC8 NaWqPu+iW/ab6m5yOl0OE0Zc3yar9wShBHx/bGEBjcTl+Rg1K5xRXxKF5tPxTxfD0dMN+t5ZpLtj 3xz/YVO7dPwX9Na6YCqHrJ+RfComsJFdhSHVgOsSlc7QH2wrg4VsasGqauP7RRW2l+1H4O6n35Um 71OcejWV/AGXOg0SkH1AIpdD9myJ+cv73CChOPjKA0/DVd83PCmA5ULvt7VaAji2RhOscFoNJq7X lAj1SApo6dRtXFYwyGTHIAoNFX+jcW7DGmdEmoVd39t86NHFuZHIzn9QZA==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wWbgJhgXwa67cXfmMFITD8p8Abs>
Subject: Re: [TLS] publishing ESNIKeys under a .well-known URI...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 17:15:43 -0000

On 6/26/2019 9:11 AM, Stephen Farrell wrote:
> Hiya,
>
> On 26/06/2019 16:58, Michael Richardson wrote:
>> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>     > My web server doesn't have an API it can use to update
>>     > ESNIKeys in the DNS. Many implementations/deployments may
>>     > have such an API but in my case, the zone file that
>>     > includes the ESNIKeys RR is on another machine and the
>>     > web server doesn't have write access to that. I do
>>     > control both machines as it happens, but I still don't
>>     > want to give general write-access to the web server.
>>
>> When you say, "general write-access", did you mean that you didn't want to
>> setup Dynamic DNS to be able to update the QNAMEs involved, because that
>> usually permits the web server to delete A and AAAA records, as well as
>> updating the ESNI ?
>>
>> Or did you mean "general write-access", meaning NFS or something like that?
> Both really. NFS, or scripting up something with ssh,
> would be easy but isn't desirable for local reasons.
> DDNS seemed like more work, (but I didn't check it out
> in detail tbh), wouldn't be otherwise useful in my
> setup, and yes would need an authorisation model that
> doesn't exist at the moment in our setup.
>
> Like I said, what I did won't be needed everywhere, but
> maybe it's useful enough to document properly and/or
> standardise, not sure.


I think Stephen's issue will be quite common, especially for small
sites. I may be wrong, but it is quite common for small sites to use a
DNS provider's management UI to update DNS data. This will create a
de-facto limit on how often they can update the ESNIKeys RR, and thus
the key itself.

But then, we should ask how often these sites need to update the ESNI
key. I understand one part of the threat model, that attackers can use
an old compromised private key to break the privacy of clients using the
old public key, hence the need to refresh the keys reasonably often. But
there is a flip side of that. If the TTL of the ESNI record is small,
clients will need frequent DNS interactions to refresh it, and their
privacy could also be compromised during these operations. So, there are
two threats: compromised keys on one side, observable DNS transactions
on the other side. How do we navigate between these two threats?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email