IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for ECH

Raghu Saxena <poiasdpoiasd@live.com> Wed, 13 March 2024 05:20 UTC

Return-Path: <poiasdpoiasd@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5423EC14F5EB for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 22:20:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.203
X-Spam-Level:
X-Spam-Status: No, score=0.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtQwpskG5IKH for <tls@ietfa.amsl.com>; Tue, 12 Mar 2024 22:20:15 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01olkn2185.outbound.protection.outlook.com [40.92.62.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA455C14F5F8 for <tls@ietf.org>; Tue, 12 Mar 2024 22:20:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EkIZAGUAbPqC3+jhF3xzVkb/tIWde2i3m2Jm7Z4XNnz2P+aPT3UCh7uveo1krSJSnG2Q8d6ZQovILMNPxcIMrXOgZ+wPdU7D5Xyw++lSbOHIJHnHc77jbZT6gN98CMbtcJwRPYxAlMpYG1U9FgzHrYNtrP/K25kt/jJjcG1D6HY6XvYVG0qLi50YIy83xSDJKOai2ZGWAIzFcumH/EYOAstIcd5Bm912ZKGIHTmdNRxHxqy0fcloE2b5PMUjkxFT4cLK0LPn2Vu9kDjluY/RMna8s6iExE+++haRmqKh4hjNPP8a25H9qdHj4Kgeh3x2hS9lnGneSM6qK+iZVwSOvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cWU19pWSkxCRGl8o7cSErkzM7kHNVgHuQtvZG8hFaLo=; b=nzXMGQatvKPhqzPXihQ6kD0oNeMp8EXMNqSv2cuxYYB9S6wLlTRHBgnTJAC682K3nBctFy6upE/ah08hFOezl0aoYwn/SFRI5WZH4uPk2W4VuuvPqU2sp82Jvcr0fm7q+dOxJurBni9DNEUsLyL6+yZxDUP5rhIiZ2Q0xchPMLlvCTs019KEy9mDbE1kUZ3FK8kVKy40mxrBIYguMg9mp33If6gif7z9JeVYXi3pvIgj2CIzmOGqUIIJd/cVAbppS59WPOSOI290qlay2bT+Z3NYF83kqsHJjKl7R/nZqkTAuiUimQfRHIry5iuW4EIdOiKRcyEukAF6VJOtUdHwsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cWU19pWSkxCRGl8o7cSErkzM7kHNVgHuQtvZG8hFaLo=; b=R2vMPaGdmiW5jIaSg91RDByoNAdLgfzMyXoetaOpPqEqpnMlF9KPXCjY/aTGVMCbJ6VMttb80bb1EYN71b3NhdQm8gRLMyQLmoAPo15c4mw1zWCPLgt4gCJdMTxTv6Z1sJW1GBKqhYohMdBjm82SE/c2CIZ3NG2VLH9SwvvECNYvhNDxa0q0dh45/2VLkMYXffCU144+lcaxhkvRpjpK9zcnZcIFwHpG6cfpzG3mpPuq0NDG3ahC34gb+m02sapgz+jq5yrnpCyu2sgaJS6pgWovJSI9EHMxJCsN2Q11MiwtIuD4WJzoBG4YXy1rQdmiuYLw3d/sTv4AT3VRNFhZkg==
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14) by SY4P282MB0732.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:a5::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.18; Wed, 13 Mar 2024 05:20:12 +0000
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::cc6:d722:c696:5c1c]) by MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::cc6:d722:c696:5c1c%7]) with mapi id 15.20.7386.017; Wed, 13 Mar 2024 05:20:12 +0000
Message-ID: <MEYP282MB35643E2F4A977C0FC051D006A32A2@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Date: Wed, 13 Mar 2024 13:20:03 +0800
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <CAOgPGoD4iiJ7kivRo4xbe0peiMG3YdzUvmVHC2KvqnMOpm+N7Q@mail.gmail.com>
Content-Language: en-US
From: Raghu Saxena <poiasdpoiasd@live.com>
In-Reply-To: <CAOgPGoD4iiJ7kivRo4xbe0peiMG3YdzUvmVHC2KvqnMOpm+N7Q@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------LroL2GEjU5azlA001wPaEuO9"
X-TMN: [rG4ScpvbWTXYFO3J6J6qIk+wY56hDxwL]
X-ClientProxiedBy: PU1PR04CA0019.apcprd04.prod.outlook.com (2603:1096:803:29::31) To MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14)
X-Microsoft-Original-Message-ID: <7ce890e6-30ad-4f0b-a36c-949454f905aa@live.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MEYP282MB3564:EE_|SY4P282MB0732:EE_
X-MS-Office365-Filtering-Correlation-Id: 76b7725f-8600-4c60-04ff-08dc431d41b3
X-MS-Exchange-SLBlob-MailProps: HIo0QlLMSrt0Dx9BkjhokYljGnnODcfuOm7EAIH8XvwULhjRh02KtxOhKMrop/dMRr6ENlsaTiQDdL4ZkFjww/kQaQqq/z1YKPZHD8JtEpL01YLIQpMorm/hMuq/8Jr6G4mgL3sCWK8jUXDatxWx3fSnte8z4bYaGdQiOLljG3zSsTDV7cg1hHIlCxcEwebwMCUSPeFDAAI+gjTQwSfpWYpN7VpK5jzHY23nNwwVMRzQqDGTDy7nxKseKJUprR/Oi8p3sDEe21bVnoRkF/kOuIDdtvwVa6B7ib79df5adhj4f3fswo1XnQfNiaxmlvmf6U8+ZgM3M39kkcOoPjWLNWfhAQcTyRDzy9YegoXyhcE41hMXqCynuUy/q5GrQ/U7miZrYsrRk4vJAqdgxBS8zPDJLHe1nwqxKBCmkQWRpMSoTk+eXtGHVf/zTzKpYEjsQZyPVxEg59JiofmEiF+9Pv0ll/1yvJ4AELHy9UJ1FIha+AvoIJnx2NQe+GP54pY3swRy6ONz4xT6o3biFFKlCbeNDibdtGNaDVbc9L4WX5lLD6voL1d4B9Inq4u2vBtDzspTSNAgxs63t4ZjEhn1demYlPOLHY/9qNSH4UYi3qO6+uWPYjW4CKjtAkCMtwLHy9MsommL50202TNe2GOltfVZQL3AqcHqDCUjFXWqygJmGrrDkLYdsCv2VZn7SixH5rWFrLoKl4+REbLaqIv6+m/zQj5R9Oo1OpA/IwH5jBNOFCkVhWoHe2JJ7IbhM1Rmyx1u/+1lLyBD6iUaJ7cMcdf/R7IjdNlLsX7HVqGjWmG4av+M+GqRu+dh/hifKMnEHBJGTBHZEECKvUy5rq3Eww==
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: E4r+Plee6ZQJd1gZTlpoWD+IQLmCu/Xu3IR8jXNYQ7bPnPQpEC8j8t5Q8o4E6iAdxr2WbaOaijGcRQEp8MH8lN0BDmeRFVRGYD3TBY+PUq3OvzhjMQMDYDMpT6zRzgT9T0P4zBMVzflM6GgaLNqFwRoqnQGdI6/lUhgufd+O8WVH42XJKfkLRCsMjtu+pz8yVUWVUsXV8R0VJ6aaEhwSUDNffrv4IVZkZ38C16gszfC74X3KV8a219C1kraEyxxmOS1miwb26nQBtMRG3s72KurV9TGR2tdXu26jniY3+yntMXWIRES9/mj5Z0XHBPVd1vkzIcnZqjkpj5MvbAuOiJ6Oe3RblEwKGW72GN5QFeTh6XklB0RxFIPfiRJ21ZZhWqeNPcgcSoHkqwjSko5I3hqoAXuhO7eYq702FEo1p/7b8/H9XDmI6AoGWnsW0hn2IZdOCpbth3TafWiYlzVjOTPJYAyPyQAoVGAPZo6Glkdztko6/lhevqHupMZJbalE4+daNhUXAzImXCKaky6Q83RW1D3cYjWzL2r/0u3/KojEwJWtY4AxrUFoyw6QvwLwOyuhMnphwQqtCI5TJQvwCeQURBUJlAQga6SU/1jMedXpzajlI9vdnP9txq/6moUlBp0ZbH9a8k8DQJX3QyPRJa9Rm4fzfnQPPLiHIt1SuAOaB0efmn159aHIJjGnnlOV
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: PW4vL7spG8QsOSaVImA61NU4LIdGOqM4Storz9SmY1nkRagyFIAX4una2b18Xv2WzgSXjELk8L312sQKeDdEu7RKCc9xeID1lU2AwLOKuEWP42hbJrXXLR3XsbOMYUS6bNyZnl/figRd6qPytW/SFjJKZzTklBXAV4ET6Z1qVeERJhFo+oqkEnn0vxUf9Z4DhS7gbCFUAwnu3/XxZOS8q1s4snZvOgnG/l+dtsuIj0RmQbLdMqkh5UNfNlIueTst08nxEJvOxFVrUWxn4P702Cz9kM6enOo0Fjjtcpc/OmgqNozmFm8G/h0ywmwb1WN3WcXbBy1bawShcQdCQj+Yh1YuU5Rt3eCJgg+CZV2de9S4E2pHlLLQNgg2oSNA2xSJIbhToIv4cfs6ct/r6xdlZWkWVkdP/Kf//om2fGYd07sOvuLaflmHC1GTn4S9ZQl2qg3wpFTjbGJ8CtFqR3S0GMpp57nGRiSpWbxuj2aL1GhwJlwF/n5XqNDf9/2iQ23x7XGIQBelYlkZYNvQTsQbNVp0Z6z5NHKT5/ZQMcgOf0YCKM7MMl/iyMhddCbSirEQwVH2qYRKAcd3L61AT1javnaaNiXEN6XgrmhAxiIlD1sNdDN7Bhhy6U6e3twRKTCv1HnHiYJSowJ5CuxOPlFVJWuINaQq8ZqS3CL5fPfQDdOSFhnVRv26Qwx28h6SuWkRxnFr5gLwlYr+ApwJPCK0yGU5IuoGYRL8I3vUuA/idXp4P9G6B/Z03JskY+Gq/63tx4UxBFkpVP7MOOvV5EjAesSkBwZ/pMtjYAL772RjVDVonlH6mjPkMbzonFpQ7g6vPDJ/IS8+6x5V71tFLFLLIj3IChEk86xb8CkP0P7PJzH++ZWmsmVuj/xmwP4zVnCET8ZRmPhDd88S5kmaEPgqiYtNzzS5kqzI1lb4iN4WGVK0l1dfxn2NsfP32b3s90j5V0/q8bQtU3cIp5kpsG8F2e7owxrSw2D5xzFCn3crT8uSxXpXkSYA+KC7EcbIyOPFvQfDXzPLFIlfGFMXtQYqXf+tlmyxaamYq8B4gjCj43AflZCSnsuyOTcqwbADCiKW3DwlLmr8qIwCLzSHOcodTXKMsAgyfT9nBHTR6EUauM4DrEtGO6Gg2IujDUCxHKYNX2m/Donoyt73ibb+iSYvvdm9CiS3YcqjoJs1B1ZG+D2VIYb1c37mO38WdemhJIIEqUxZ4bXtjUAJxMsNgD3P2cDHKo94JgU3D1C6R34rwwk=
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-746f3.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 76b7725f-8600-4c60-04ff-08dc431d41b3
X-MS-Exchange-CrossTenant-AuthSource: MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2024 05:20:11.9134 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4P282MB0732
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xgaxYUA182Bf07xlqnG20lake6w>
Subject: Re: [TLS] Working Group Last Call for ECH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2024 05:20:19 -0000

Are comments restricted strictly to members of the working group? If so, 
please ignore this E-Mail.

I'd previously tried to raise an issue regarding requirements of a 
public_name in the ECHConfig in the mailing list [0], and when I didn't 
get much response there, even on Github [1], where I was further met by 
silence. I assumed this meant since I am not in the working group I am 
not allowed to participate in discussions, but seeing the "Last Call" I 
thought I'd try one last time.

My concern relies around the fact that by requiring a public_name in the 
ECHConfig, and clients "SHOULD" pass it, means we are losing basically 
all the benefit we initially had with ESNI, since now some part is 
leaked anyway. This was not an issue in original ESNI. Although the 
draft allows for a client to not use this value, and/or for a server to 
not validate it ("SHOULD" rather than "MUST"), in practice all of the 
most popular clients (i.e. browsers) will probably end up using / 
sending it. We saw this for SNI, where even websites which don't need it 
(e.g. a very popular adult website), browsers will still send it, and 
this becomes a vector for censorship / blocking.

If this requirement is unlikely to change, my question then becomes - it 
is  "acceptable", as a website operator who does not wish to leak the 
domain name in the ECHOuter's plaintext SNI, to specify the 
"public_name" in the ECHConfig as something random (e.g. "example.com"), 
acknowledging the fact that as a server operator, I will disregard any 
value the client passes for the SNI in the ClientHello anyway? Or is 
there another recommended approach if I do not want the actual domain to 
be leaked on the wire. This is coming as an individual operator, with no 
CDNs to hide behind (e.g. `cloudflare-ech.com`).

Lastly, I also struggle to understand the value of this field. From 
reading the RFC, it seems it is mostly only applicable if the server 
rejects ECH. I would think this happens if the server does not support 
ECH, and therefore should not have had an ECHConfig published anyway- or 
the client is unable to satsify the server's ECH requirements. In both 
cases, I would think it is on the client to fallback an purposely 
initiate a non-ECH TLS handshake, rather than "downgrade" the 
connection. Forgive me if I am missing something obvious, but as someone 
who used ESNI successfully back when it was in draft status, and was 
happy with no SNI being leaked, I am unhappy that it has returned.

Regards,

Raghu Saxena

[0] https://mailarchive.ietf.org/arch/msg/tls/HUG1CU0Q4PorZ7fD0yafVfj7VUY/

[1] 
https://github.com/tlswg/draft-ietf-tls-esni/issues/572#issuecomment-1780859252

On 3/12/24 06:00, Joseph Salowey wrote:
> This is the working group last call for TLS Encrypted Client Hello 
> [1].  Please indicate if you think the draft is ready to progress to 
> the IESG and send any comments to the list by 31 March 2024.  The 
> comments sent by Watson Ladd to the list [2] on 17 February 2024 will 
> be considered last call comments.
>
> Thanks,
>
> Joe, Deirdre, and Sean
>
> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
> [2] https://mailarchive.ietf.org/arch/msg/tls/XUCFuNBSQfSJclkhLW-14DZ0ETg/
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email