Re: [TLS] Don't Split HelloRetryRequest

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 01 April 2021 18:07 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2D833A1DAC for <tls@ietfa.amsl.com>; Thu, 1 Apr 2021 11:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tcdud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kotqdRJgfOZT for <tls@ietfa.amsl.com>; Thu, 1 Apr 2021 11:07:13 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2127.outbound.protection.outlook.com [40.107.20.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B8233A1D63 for <tls@ietf.org>; Thu, 1 Apr 2021 11:07:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ol4Wh04nMXKX/3BD4H6M918sdbiTaF49hGsSFcjHOwZ/2zd2c7f9CYe4FDFL5j0FdY9Em5TH680is5cPHSYGfdiYfTWRxvszCTGwUu2QeDwsvQ/Wo+kCqBeAW+J7SGAB7Q9UtaMi7zw8Y4imyYTUFTpwsm79GdICslBGnDgB5AW25yh2Y8X6KG+Y/1Go6IK++GOQ5SQzXmhihjsZFDSPcmFb16NBoahDAk9o3qN/OQ9XFvXDHCwqZY9Xku+7SFA7Al69hjfT1YQq/uu4PPavETUnzSD0zU4xO1bn8djqNP1ohuSm/N9Y66t0AJE+8ydFj6Kv9bJ/t2qM2cVcke4EWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=afHDHvywRYf67JQou0WqhH9nu9Tu8KrUWt4YvzfWuCw=; b=aeFiFf5UBqBQsMVNpSrkikjrnza8jO6ztK22a5thF4caDefOgF0REaxSc1wrFWXcBPzJz4wU6yDAR1ljhCdHCLqC+atQugjihtOG7FYrfGad85rLkg58FIbkTL05Ylb3RD+epwwKozmUCQEI2AsA/Es8X9GFOYBQ2ilQIYalyaEBxx2WhmcRs6u/aZ7rcAYUe8dlgEs68eR/GX/AnEHPZiHNEtPj4gA24RCGLZ5KDv2bK+yeFNbTw87fD4VcHMxvSJkNwP4hU6LhmdHJ5G3txrNl7MZXTwnGMyDM3/XenSlynJQnGuidGaDM5nsP5VjQNUsV0d8b29ONLVo5wVUlMQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TCDUD.onmicrosoft.com; s=selector1-TCDUD-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=afHDHvywRYf67JQou0WqhH9nu9Tu8KrUWt4YvzfWuCw=; b=qN070YqRUM/n5TkpzRPeo1AHmsEuVT9CacWYOpWPJxi/A7ghCfpoEVQxQ1g+gDd0rq+1JME5XfJBO9jvMjfHrdO4HG/rYtV9nOeg5+InYb0hcGniAahyQvhTUVNmbZuEWypL58y1rkjQ9HPPcaqLWIxkrShlRwCEnsNB5+TkpKM=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB3PR0202MB3275.eurprd02.prod.outlook.com (2603:10a6:8:5::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.30; Thu, 1 Apr 2021 18:07:09 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::2d8d:9193:d3f3:6cc6]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::2d8d:9193:d3f3:6cc6%5]) with mapi id 15.20.3999.029; Thu, 1 Apr 2021 18:07:09 +0000
To: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, Martin Thomson <mt@lowentropy.net>
Cc: tls@ietf.org
References: <d0758a0a-737b-40ac-8189-1b4168510859@www.fastmail.com> <CAG2Zi216sYnwmZFdHxnMC+8vP0Ewr7tBr0TBc2PKkpJsgRFjiA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <8f69f37e-b011-85a3-cd76-75cff00156a2@cs.tcd.ie>
Date: Thu, 01 Apr 2021 19:07:08 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
In-Reply-To: <CAG2Zi216sYnwmZFdHxnMC+8vP0Ewr7tBr0TBc2PKkpJsgRFjiA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="Hmw7eUtd1lDRmz7puweFqkAGwPqGfw0mK"
X-Originating-IP: [2001:bb6:5e5e:b458:705a:4d69:e974:1604]
X-ClientProxiedBy: DU2PR04CA0241.eurprd04.prod.outlook.com (2603:10a6:10:28e::6) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:705a:4d69:e974:1604] (2001:bb6:5e5e:b458:705a:4d69:e974:1604) by DU2PR04CA0241.eurprd04.prod.outlook.com (2603:10a6:10:28e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27 via Frontend Transport; Thu, 1 Apr 2021 18:07:09 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: dc0ff0db-52b0-43d9-4f89-08d8f538f7b2
X-MS-TrafficTypeDiagnostic: DB3PR0202MB3275:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB3PR0202MB3275D7814ED844027DE4E81DA87B9@DB3PR0202MB3275.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:972;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oWw9dMYoU/dl6uxTC5n6/aAnPKD/o+sCb5JLeNXdHm5ENgI8+XLQE55sQEKO0DQlyvFihYNyu5fTXI6WhWrGvu4TrCwEymjlU/ONCOn0j8pC95kzWTmKFC14AdcyL+bs2x0qw5GrAEOUlI8ch/dShTx60dr2a3tRqEGOUkAVbAAFmrnaUsaBXyIVg4Gsz0bI1obss6vNDNT6IPXNZN1FG7wIAMXNLqguVyRl5XLrXgQ0+KUiRzZq4xlVvfDCFrqtLPcjPtDI8TWzKEkxj2/W00zAvbvpvOUk+27nlkCZYx6fP1qsei91wsBbPF7gwpu1p8eh6kYX9cO4erzTpg0cX0i4H59Yz9oRdVOpk6wfYl2FZFo2WIPY4ZhKIUAdUJlaziHvrwqaYqkCI+wRIJWmOmM6Q5OVVPqbDxVi1wZ8W/tGjh2iUcnJ0ptASoAfGixRgMWF4FjN1ui2t2x9eZyGYXoNJUcKRsVwgUCG9XpSeQ3tdBFEi0DlQPbUT8MEk08fCX3R4FWRfsTa8eoQ6q0J4r4PnBkhk5tyhsrpZcxdyZDig1Z54FE2xLuWtRaYdn65s4fjBiAUQp/m5PUv9wQfDwAvLYNm6wsSiRL1w7A62r/qjNUdK4VvUOtZLuzWC/9Z7FaF8YPpACOSTeEArFCom+RCajkwipbCyvAoTx3AvDtQY7DtnZ3Y+gT2wg3p/lWLnTnPwZHEvJfgQMrfSkW36R8sVS0h2gOEJcElUum5UqpX80T3GzU//Hr46TBGPJuGy+g5/mkkvYkrq5/TDidit5GLfrgPZrO6671vBLdKZ10=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(136003)(366004)(396003)(39860400002)(33964004)(8936002)(16526019)(235185007)(83380400001)(66556008)(186003)(66476007)(4326008)(66616009)(66946007)(44832011)(53546011)(786003)(8676002)(5660300002)(31696002)(31686004)(52116002)(6486002)(316002)(110136005)(478600001)(86362001)(36756003)(2906002)(2616005)(966005)(38100700001)(21480400003)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: JxOwsHstUqFp+j+8JocUn+F9juKFJEkTvYaXrB6t87yGz8eh9lODqxL7qkpXaZ0pA/yIV/3gjh5BLshXIzRNo+WBmDFu86H3hTYqn2XJl25e+/Dd/QGrxf1zPFQa8lHKiNVXmSgtWfwuUWOoxNIXLELagr3PXkefoYBotLVZ4sXU/Mgv30KFbKW+WzhZ9aBIMXHcRaYvZVknNhoh/SBOQQP2aCrjm8b8tSI0EWbnf8fcx9AA5ZBkA2in68Z2nYwILoWSnRbOzrfIFUBwhKw8HznMv2tY5+xxD64/xCYc/jNwBpghBC1I8WA2dxQS3PO9nf/x6XUTQB3dtajfXoVhCIdTQgY+e1ySSkr67EwKhNjK22JbD7zV40khwTiXRVpc6bxWKsPfQB0V+8tlrIBJWt8INbzh/mRECH0yzFE+lMOopD+dZrKxvcWr6Fv8KdH3XJ21DZVDRqgtyMhBE/TPgXWtjXy2HEZvdPNbNbvdx02fadksBZMnBbElBlHKkg/t66VKIGBAEk9uGctOlhnIF1ft+ypf8fHPktgQEknNCLdti/U7tMn62FkpFzJYTBpD3stkKcxrhu4R5fOk+IqjJ/YuFrgj9Xsq754D+4UR0pA5MVkNJoBLnuSb8FAj4vLdSwlFYehd/XBrDuzeBeHOCSKQbT3XlNgh0PrV8EV9m7N9PP37HuqctP/DeDrNok8jFwf3pMqxhRUBr4D87mNbk86/JXI+l6etS6dK4U7Xw4OyhefOjvHDyLOHHZNwWRha7wXSuOtVgzpLYB2CRwhpo+608cBlAPLzw7isSBk3MGyWzCKpjE47Vf+e2bgOl4wIA8EqocUcy+6Xdh9WS+4hzFAVmt90gIvYpz9ZTYQELVCHEAFdfsyZ2PVKNHkvzMVeo0tUBH5t4XChaH4UMry0dyZgQx4gJ5n57oZMZgd9zsONDfmKC7LIz5rd9Pxo3KonEcTP0AQdYdTCsw/a2psxreqR16e6/AsH4qTEhVyqsEVLZ8IQzRgF3vTRoJ7ftmG8/ckm05ABevmHyZ0o4KH1RfsRW2pcG5pi9nidTj0rOKH7NeL8p0I3pXNbl7dcViMqIhTnQBf3+/0UERuSMjv0dICJsJvb+UQ5G7ZP5bq4X0QkFIdbL8KHjwKU0dDFYubM/4L+DgqWlpSeyQnAx/+HLtXbGC7ApEENCl5Mg36X6cE1cVQhNZB8FCD/i95N6P4kdQ3FCEbkgf65cB+7gq0TISl6t/+mmqvbCYCudSEY5TuG9+AxCrfl5zjd6Ds/tdPzEGNrgFHGmvDCFVp4AWBA+Fs3TI+kEHX3RGF1TkgT/lY22Rkr+DmWerh6+sT5a7+RxC8ID5H18CXa5Y0FlrvNK0Y4RxEbohZZ5MJvfCijwCWC6K1cScrlrmCTI0/yh1zH
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: dc0ff0db-52b0-43d9-4f89-08d8f538f7b2
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2021 18:07:09.6686 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lJQ018AKqOlctr4NlK7MWQ2987TNNpByUwfdAZM5tdQ/Vx/B+SydqAItkP9e3oTd
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0202MB3275
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/y0inKQRW9dX6JH1KpoIWAkYpMjw>
Subject: Re: [TLS] Don't Split HelloRetryRequest
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 18:07:17 -0000

Given the range of Martin's comments, I'd be surprised
if that could be reduced to a PR;-)

But let me ask a question meanwhile - how often does HRR
actually happen and could we not just let ECH fail in a
bunch of situations that would otherwise require all this
new complexity?

Thanks,
S.


On 01/04/2021 18:29, Christopher Patton wrote:
> Hi Martin, would you mind working out a PR? I think being able to compare
> 407 to a concrete alternative would be helpful. Just so that we're on the
> same page, here's a quick summary of the issues that 407 is designed to
> solve. (These may or may not be problems in your view, and I don't claim
> this list is exhaustive.)
> - 233: No acceptance signal until after HRR, so the procedure for computing
> CH2 is underspecified. This can be avoided by advertising the same
> preferences in CHI/CHO, but the spec doesn't require this.
> - 373: To fix 3233, can we put an acceptance signal in HRR.random? Probably
> not, since HRR.random has a value specified in RFC8446.
> - 358: RFC8446 allows the value of an extension in CH2 to differ from CH1
> only if the extension appears in HRR.
> - 333: "Split mode" is broken, since the client doesn't know who the cookie
> is for.
> 
> Best,
> Chris P.
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>