IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for ECH

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 12 March 2024 01:37 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D08E3C14F6A7 for <tls@ietfa.amsl.com>; Mon, 11 Mar 2024 18:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwRMzK9v4SUW for <tls@ietfa.amsl.com>; Mon, 11 Mar 2024 18:37:11 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2104.outbound.protection.outlook.com [40.107.249.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30D25C14F699 for <tls@ietf.org>; Mon, 11 Mar 2024 18:37:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZklkbOUgpIWxjT5dUoq4vzqqkxJC7GYVe+49Fh8jWDyooMOcySnuwxxrYJVl9uEN8hwTDMG1FNZ4uVyDXa2YBJmN1RjsCZ0MehfCYGvj8lk21O71W9OfFwz1//R17cXfyrzeEWTzTMxvJuocqmOJCKaDntDONIu5d98dl9T/ddiZWd0APF2wysiTSEdPgtXEzwpW4BZTjkzOlwbgWJG3I2JKqcoC9KCbUZJXYFbOODaqys8SwJJHkIGzLNzhs/e5dxvpQhudHIfLaH1OZXEqCuUGvJCbpJCA55suYfFbqP5Y/0WzkXuKaewP/72ZS2qozA7tDCdvgkZN9GCI8BFolg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BOx5DveeqiOp1r7PzBf35vRAK2baV4SBXacUWGvA9Ts=; b=lJ4IttnGsQ3ZdJai1q4NRQKx1BXdGKscjvFe4G7RvmWVf2yMZPhXeva8iVXv3PSy+z4trlpdeip7kG0ClXx/Qb2+6n58fPf20SPYCJYl3vt5tgsU4IX6gA6T6pIGIfzGNKYh1j5wS2rvXKXSPQQ8B60NkAqJejQ6j3uqjotsbbiQkbovG5kmA0wdSAnfDRNVJ9IANrwB3wEtSjux6lXC46OVztu/c3KrpoB/gA+0VdNX0UTG2kYMv0YXM/YpaB+RynIrSi52NqHG3Ht999xZkidy4SoQ037hWGHCdIL4NKcrDu9SBvmTVqT8xN9pF2eWLsX2Q/AJcsFJssrtdburjA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BOx5DveeqiOp1r7PzBf35vRAK2baV4SBXacUWGvA9Ts=; b=C9VkhOiv32SjKlN2+TRoZF0R6b4rZBEAy1XNNG1RtvHLLo3VBCOTsa74Ase+AK+NXEKwMcXasQvLbWcel1TbgCabYs05TtDE6fKAby8Fppxy1PdVgALcyNWRnYaUkZHHU5O2jufskzHH5LTykvZLynBkFi0bo1oVmcLqSDqa3NfVBmo3nsXcXHTP1n/FZWz/0s1ZOw/txWmjzM+dHcQzoZmQNhsjO9Gd5t0a7XVCgYK/7MzSPDVTBx13NTE55IEPr2h1Ra1OWklWyp9s9NMLfW1AVicZjxXiji6WynQnv5jXgcsrTo5YbFY+6QjMMPHtnKJXb2ZsB1zAoIVNPTrRvQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PAXPR02MB8042.eurprd02.prod.outlook.com (2603:10a6:102:2bb::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.36; Tue, 12 Mar 2024 01:37:07 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7362.035; Tue, 12 Mar 2024 01:37:07 +0000
Message-ID: <c0232c7f-8068-4ac7-abd4-f2c087ff8b10@cs.tcd.ie>
Date: Tue, 12 Mar 2024 01:37:05 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Rob Sayre <sayrer@gmail.com>
Cc: Christopher Patton <cpatton@cloudflare.com>, tls@ietf.org
References: <CAOgPGoD4iiJ7kivRo4xbe0peiMG3YdzUvmVHC2KvqnMOpm+N7Q@mail.gmail.com> <CAChr6SzdcXTuUpjifniwVZcE6yJ+eUMokXy--Y-YcyYqU5TotA@mail.gmail.com> <CAChr6SzepG0bihTdV9dXbaHF9fE4mHrfJfwA1qC_rFaK0ZHTqg@mail.gmail.com> <CAG2Zi20q2csHdRXpFGd323FmMP2_1QDX8O+6HyjmdJrNMKcRgg@mail.gmail.com> <CAChr6SxkZ3KQuWBCJvfQtkZ9ta2Xh5XmWpZWLNVfA-viHYsoHA@mail.gmail.com> <e5fdf97b-58b6-4cad-b398-e3598f1d468f@cs.tcd.ie> <CAChr6SyVXJcC5D-0-XryQv5fPvxbERJXk_bAypWOiOpcgnrTYA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAChr6SyVXJcC5D-0-XryQv5fPvxbERJXk_bAypWOiOpcgnrTYA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------mFfNGAy0BeU0bT0lQfZgLAs7"
X-ClientProxiedBy: DUZPR01CA0163.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b3::25) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PAXPR02MB8042:EE_
X-MS-Office365-Filtering-Correlation-Id: 56d78c74-546f-4dd6-7032-08dc4234ed75
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: L9XmkOAvXcQoCRptk9RQ9BcV1C22Tnleqd8eelMW6wcFfN7zpmdXfQDEfs/bx37cLHUPKviu2f8o2JlWb/GTIX+6p6WM+1+KGvIu7HGE+oCHyFMsVmDaNb0/lYbj0Ll4rdJxHRkHSUIXGsWct4UHwMQyOudVtOd55iMeON+cY44SOQu64FosX6CAtNZSS50T63bt2NDjUsaVLb52Hhs5NCBFsh+Q0/T5GhM1+tM3TiJn5nOPdRb3lpM3eK88YidF2Ne13/cUVS/jTZChwhMql3tFfyHLJEmgHuDBJLWH7kaGNQdh2I5uIEqzj4/768F1k5lVkRkubto2xi2itgP3nLENZfJxNBkkoaMNUtAzanthhMpu6KYejI9NrLd5W/m6yVr79FLIXHi+TEuvRZB9e9tkGCG/2xuOZeUlMKMWmBd/vIYfEhlgkis/nQvZhENG9sQretnDapnVeMJMNxBLwxNYHgj6TQ1drjColLjf+yBCXyE9DDPDPTyxiQyIKIRI99OuuiphAdpIcXBesgpuwfu0FoBFlAAg4NI3fFBQEhE8ChhBoxuV7fnJWgJyE52WYDx2QYKN7ON3gYhqSKuJMQ3VQX2PTyS/g9xXFxRBN5Q=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: qI1YxYy0+DVM+CWU/vgm+U/jA32M8tG9Rnw1CI6KES2LUJ3ISIfUjC3IvamMCYDuleTs+0YM6Et5g4UYSwBK3fhpTKD4aiRTz0P6OvNi3u9GmPupNEbOGvn+sQ8y3Tr+RP24UQ0unTR2JI8d6Deqzzte6qrVeuS9aDx9RIiB5gJkCDla2TqqYrqECnwTB+Ko2tddcs8fU/yBqgL43KNkxoAnFeqKJ43e0MR8kIBdqvx+ONij3xqBhn5zXvQoFrJxXQ0LDcoUui3D9Z8fzfbpMaM0bhI6X3ZIL3Zm6ccn1yTEoCol0PeN6tcV791RHH1XP9Qy0mlna13Wc0tewLQ05Lvnw1m4Pt6eizjn+PqzGysEIFzKWjvuh6BW3x/Nc6tksIsSD9JCM127RIq4S2OMJTF7+NclHuR6OMw0p2vkhAXIZj0x/b43rHK8mFjZ0fAR8AzurIuI0Nh3HppXenx740rKqo1un2a/Vuxa7CA7P35mZVMDsji9Cd2BOtZZ8GR0rC02Jy0vziouLz3k2fajaC+dtxLz2kMOAY8OM6TI5yWLfKBZGP5t1VPChnprBRuxTg+w0NWKDqGqbRv3Q7CNStwZQny0/PeSUqjDo+ucryU+Dr5dwxOduHZhC3lq4NYF5LHqlzL6p8T3SOlFEz/heIAmFrFHYrGI5rbgmLs5zxWPnpvOW0aBkqIaz8dFeurx1MzxI+YR+k0Nhb57eFFv7nQV0dfDcSJiI2O960B0dMqo45kV/6eoqga5b8GflW1JPNL7NQBVDTMNlG8af/645zymZnzIifoBVxBbFk7qxPlfP1vRqLm1svvvLSUdRJO4sOh7ENx40VSITbn6d8d5pwwaJODl03atyERof0UlxaRBM8JKKXx+U25gd5T4zLu4rclPZRMY9u4A7rr9Tl/IPSKl7b3llgmXByqt1jAnrOW5sVfrgpcMaGJmyxZBwwl969oZCMSM3hhlBfd3iVXN+1Q1FFGKhtv7XdQgnV07+RRjdc9ObJhD/QlGsAGoUzRpl8/U3YzWI9RqX9zPUYxZAaMejLjmdysW6YFuGRCO1joVUm386wIrm2F0OaGzV3jq1+zyQl3HO7evF+vblHrWUQn3b7g/vimAtWoNOAALDXOh8++wmQDfURCAjDd0tnBS67BX/ZmS1ud0AkXzKfDjD1eSv7QBiRDNFkQT3/vaMrsHIVQ6we/aHDjPiBBlRKtyIkSdcuLoKaCUMHwBAwcgvKX70XRbD4doLoNWdON1v8jNHsdfaLKQfzbb3Ec8FFJt5eyvzqb6HKSJUMV63qCbBBC5+Yuk5PnAq12uPO2b+WN53wYcbmNSrRFvMLnA2j1sVLHS9paT0pi61Xfdz5SxX1fuisVlW/1EbyYKAG4o3AcUNiXwec5SiIykAqCFM4jTWnxO//HIeQToUkMmF0jS8dUd/bCE8qlfN1GHPEiOi6pQJfBJokICSrUEk3bUnGriShxLyeuyOC5i5WsthwoUZ46M3EVylatVK/TPCxmGr+FEsuHvPT1RvL/411iA2CJlAPuF0S8zoZuBPyBtehD1IhRpN/qPZVGME5csjeJSe+O93PoSKgS3p7nHwV29Z6sw3DW4y9667rdhvlEwCrXB4MdGbmBHtWvNX/N9ro+Lw272QB/0zrO0K8rTcyFIPywf
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 56d78c74-546f-4dd6-7032-08dc4234ed75
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2024 01:37:07.3217 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4CnwA3yzimGtIiCeWEBOTxEI676dknnUT5a1w0cFveJKLF4LULd7qvBZZK11eVm6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR02MB8042
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yeSoJJBdQqMHja5sbY3EChGn-YA>
Subject: Re: [TLS] Working Group Last Call for ECH
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 01:37:15 -0000

Hiya,

On 12/03/2024 01:25, Rob Sayre wrote:
> The one that got to me was:
> 
> "It SHOULD place the value of ECHConfig.contents.public_name in the
> "server_name" extension. Clients that do not follow this step, or place a
> different value in the "server_name" extension, risk breaking the retry
> mechanism described in Section 6.1.6 or failing to interoperate with
> servers that require this step to be done; see Section 7.1."
> 
> So, that seemed like it might be a problem for the previous analysis.

I guess that's a reasonable question to ask, though I'd be
surprised if it that case were represented in the analyses.

If asked, (and who'd ask me:-), I'd probably argue that it
doesn't affect the security properties of ECH though, as a
server could always have been presented with an outer CH
that has some random SNI value, so I'd guess that change
ought not affect the security properties of ECH. Clients
that follow the SHOULD get the same as before, as do those
that don't, and servers should in any case have been able
to handle unexpected values in inputs.

Hopefully, some of the people who did the analyses will
chime in on the WGLC though, it'd be good if they had the
time to do that.

Cheers,
S.

> 
> thanks,
> Rob
> 
> On Mon, Mar 11, 2024 at 6:12 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>>
>>
>> On 12/03/2024 00:49, Rob Sayre wrote:
>>> On Mon, Mar 11, 2024 at 5:21 PM Christopher Patton <
>> cpatton@cloudflare.com>
>>> wrote:
>>>
>>>> I don't believe there were any changes from draft 13 to 18 that would
>>>> invalidate security analysis for draft 13:
>>>>
>>>>
>> https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-esni-13&url2=draft-ietf-tls-esni-18&difftype=--html
>>>>
>>>
>>> Hmm. It does look like there are few substantial changes in that diff
>> that
>>> might be worth re-checking, but I'm not trying to delay things with
>>> nitpicking. If others feel the analysis of -13 is enough, then let's go.
>>
>> Not quite answering the question, but I don't recall any code
>> changes affecting the crypto plumbing or interop since -13.
>>
>> Cheers,
>> S.
>>
>>>
>>> thanks,
>>> Rob
>>>
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>
>

v2.23.0 | Report a Bug | By Email