Re: [TLS] draft-ietf-tls-esni feedback

Eric Rescorla <ekr@rtfm.com> Mon, 21 October 2019 20:03 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EAC21208CF for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 13:03:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYrl4H4DcuJX for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 13:03:06 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93F741208C3 for <tls@ietf.org>; Mon, 21 Oct 2019 13:03:05 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id z12so11120926lfj.9 for <tls@ietf.org>; Mon, 21 Oct 2019 13:03:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Wvgxx+ffIrgCnfYPNE5l430b4HBKpM/2Cx4I4jx6v6k=; b=I65QgtIvVak2BG5AwBuQ57ld7yh7IpKgK23COxkbQ1OkPmGNNYXQfVJdJJLj3oCXZw mPniUpi3loW9/9mxgzIyzz5LllzhzzYWYJO1l1JNhvAwqVBtnBUZd9AWBNqusYCNrmIN vQbSrJDWZYHvuXuvZE4PE6Z8IDGzcBdmT2C5OMIB2zfFYT9d42SDfYeQG49EFozeCnEX Vp0oJahtRAPQCNonCjeQNHV3zDhcuvrdlJebBmm3z3vxDhwNi4GQwAkOQ0hvOFs8B2pm DgMZUsUoCEwKnrxZUR1zcd1xAZchVD/0kGk1/M1B4Z6xiPpcCdlu5lr+rvHR2djfc6yI ifbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Wvgxx+ffIrgCnfYPNE5l430b4HBKpM/2Cx4I4jx6v6k=; b=cir1O45+pFidvz+hdQrdmW/IepjnguAu6vVcm2O48GEcvLx+V01HJns/6KHILO95Gq bYLHIwcL9MvdObHbREdbuhNPlwOGLzg3tCFV2eJiwGdCkJ9EX3UgbCqr0djwQX1tkhMW EBrL7xT5Oot97rEqhhwTWZd33kRjf4PPu1L/0zazQE3x5jK6STsH3Y0VoxEpjlCP/pEv h7QXkRaKdoJeBBeW6xFmHo2lxon3LJUiO4z7B7Qm/HkCi5DMbF17IdAadBHhYjmLZ3Vt UA+moywVdRnC0zERBo+1OciqUCnhKu+SDIYmZzexDayKAK4QHA6pbK0to7wdfOPIpcjE AENw==
X-Gm-Message-State: APjAAAV3yyes7wyC7xFUpX2/duyRlI1G94Uz8H/ZxZqKxEVU/n0VTUJT RemGWjZFwc+wYEwBmSgSTbXxpzK0xGvBNP5uD2Ww9g==
X-Google-Smtp-Source: APXvYqzTEON7UWikBupiuR2dJ0CoBg5tC+pUL7AC8UKAcCWOr8OGfb0neovypL7LTolmiG2sUPZW5YGoih39u6D9DvQ=
X-Received: by 2002:a19:c6d6:: with SMTP id w205mr14626626lff.17.1571688183764; Mon, 21 Oct 2019 13:03:03 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sw3f7du3JYxfcWSZje1zjDzsRBQyDjob-AvzjWeZzKW7g@mail.gmail.com> <CABcZeBPbw_KOo_ieSqkksYPeLtb9DufBz628oFPYc_Ue4S9iww@mail.gmail.com> <CAChr6SwB+7Jt2TLJSQh3q=Roizdt2=9jCBa9nq8KRxRo=86uZQ@mail.gmail.com> <CABcZeBNBtDK7q175tseEUiCVds=khj4xXYJZRf7GU9VGNDJ_Tg@mail.gmail.com> <CAChr6Sz6xHtFWjOKrLp3sp9MpC-SoU9Sx=vk22ditjShA7B=Kg@mail.gmail.com> <CABcZeBOnE+gyNu7GarAfO0bptoPfzQQ=VKeWLdpJBDM=E4yhzg@mail.gmail.com> <CAChr6SxWE66jPRbnBRtwNSn3L+uNFkoFBbYNOBAkKDN05qotoA@mail.gmail.com> <CABcZeBOy8ogJrmFajxX1pqjqgnE61gE=c3CWz+pp34NWHmGKbw@mail.gmail.com> <03e15760-dfce-cd7b-baea-56ac70d92192@cs.tcd.ie> <CABcZeBMquubsGvt8UssiyFU_ZuQK67rHN_KBXY+iKSNayJFZew@mail.gmail.com> <d9402fe2-2ab3-f60f-c478-dc1df5bd4402@cs.tcd.ie>
In-Reply-To: <d9402fe2-2ab3-f60f-c478-dc1df5bd4402@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 21 Oct 2019 13:02:27 -0700
Message-ID: <CABcZeBNC9YBGMs0b84DFDB-FU7fKXpzX+HP1H5KRcjYJ7kXr3w@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Rob Sayre <sayrer@gmail.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e460f20595712ba5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xF233k4IxK3Fr1X1bgvz2QZLfgQ>
Subject: Re: [TLS] draft-ietf-tls-esni feedback
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 20:03:08 -0000

On Mon, Oct 21, 2019 at 12:48 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>;
wrote:

>
> Hiya,
>
> On 21/10/2019 20:29, Eric Rescorla wrote:
>
> > The question is not the server, but the operator.
>
> Sure, but the point holds though. If ESNIKeys are changed every
> N seconds, and any new certificate is loaded during that time,
> then the server operator can't tell the lengths that the CAs
> might produce in future. So with the current design 260-always is
> the only thing a server-operator (or really an ESNIKeys generator
> who may be a slightly different entity) can rely on in general.
>

I don't believe that this claim is correct in general. Remember that these
records are stored in the DNS under the name that becomes the SNI, so,
absent wildcards, ths eet of names is in fact known, regardless of what
happens to be in the certificate.


> Yes, but I do not believe that it obtained the consensus of the WG.
>
> Not yet, that's true. OTOH, the 260 value wasn't decided on
> the list either that I recall.


IIRC it was there at the time of adoption.

-Ekr

However, I'm not objecting to
> the current design for process reasons at all, I'm only critical
> of it technically:-)
>
> > Obviously, if the chairs call consensus on this point, we will change the
> > draft.
>
> Sure. We'll see where it lands. I remain hopeful a better
> design will be the result.
>
> S.
>
>