Re: [TLS] I-D Action: draft-ietf-tls-svcb-ech-01.txt
Raghu Saxena <poiasdpoiasd@live.com> Thu, 28 March 2024 06:16 UTC
Return-Path: <poiasdpoiasd@live.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA984C14F711 for <tls@ietfa.amsl.com>; Wed, 27 Mar 2024 23:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2mtyXmCjiAn for <tls@ietfa.amsl.com>; Wed, 27 Mar 2024 23:16:25 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01olkn2156.outbound.protection.outlook.com [40.92.62.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C5FAC14F6B0 for <tls@ietf.org>; Wed, 27 Mar 2024 23:16:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PLOSXA3FQR7x7/NtOK0ZC14rzOyHLN7Qd3XLshZMV8lvcV7He2v86mJg3GvpBkcRB1p2xB1MG8rvCSFoQph+NyVe4KQ6c37Ffd74M5idJ0Jg9DYt1iX5c2qasPXY/O9Q8Ove4sje7VlZR6UjtDIlGPAuX5dMtG3jt4+KH+PQCAAbOCSQAWsGbhBGDyvxtwkBI9dfvcSnv1oY/WznSifb/5V9FjdVKZuxKi51hrZd6f4RT58rKjDf7gA2SG6xtBwGVvRb62Hjperzlz/MxojPp4kR10AUw6aHOuTbmh3X+6ijGVqAEcp99YQCC6co+Jx84OsY6P6tgyWPOYfpMzCWbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nh/cq3KaLj04spOyJ4ERFDscbZhAw+mYXtt78ftXEc0=; b=mn/fBdXWI28y/76qk2uKq16mGBUIu3jZBP6ZBsXv2nQjjG1Efk25dBq+qFQq6p5jPeyDzwkn3fW1QkPpwBQtiZvt5tlYke61Ei8piS3GoZ9D/ltFeeHoKj1aCQAvxHWkSIm9IAM9vovOEd/wLcL8VzFrTCqEI/a1MuF1R8udxMpKlphDWELfrmymdTlOwEt1MYT2Ui8NYOrYA1GEc3Ixc2vK8JzuLoYjWEdAVGBBKEc74SoHh2imnodnNOAErAxvnKp9baEwF/rqwkPFh7n79ZV2QqL3aHNUwK2iOhzBvMEvrovfW6rz02FWXZ7aRLZxBlClZkrsh5FCcm5HJSG13w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nh/cq3KaLj04spOyJ4ERFDscbZhAw+mYXtt78ftXEc0=; b=Zm9UsmfQRjsIEy6fFlBVwfMx8Ri1nLfIYogbAtxJdX9p1ws8J1xBYpbZ/cqh98jr5+4Ja4xtC7I/U03QTYZsale/caUJXO6rRWprF4KroeemUEzN+pNtnN/QMQ4D59txFhqDi2nlDaw/haUDUc2PCOxka/Ut5gnWyrA2SIwKVzlbOTBPHfEbG5mzGQfikjRj/a0hkPiMQqhuiS4pBqjxfDcZihb19IuZEX3IFfKWmsRLsMD3h/3FMOejVKVSmv3YC6fjXQCNRsS+jPl6TNiLTs7dNXYvl/IVX2ZLKf8660I1T83I6GcCN2Kesye62cgFDNWVgY3LvNKLksA5Jcuvfw==
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14) by SY5P282MB4512.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:271::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.36; Thu, 28 Mar 2024 06:16:22 +0000
Received: from MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::cc6:d722:c696:5c1c]) by MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM ([fe80::cc6:d722:c696:5c1c%7]) with mapi id 15.20.7409.031; Thu, 28 Mar 2024 06:16:22 +0000
Message-ID: <MEYP282MB35641C0FB75242FA6F1A651CA33B2@MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM>
Date: Thu, 28 Mar 2024 14:16:14 +0800
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: tls@ietf.org
References: <171157185560.1955.8626280673835536445@ietfa.amsl.com>
From: Raghu Saxena <poiasdpoiasd@live.com>
In-Reply-To: <171157185560.1955.8626280673835536445@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------6Yalq6gQ5LtIlWPRvwBy1LQ6"
X-TMN: [YP/HjWPknD4PQG0Bb2bKbG0O3IibvWnZ]
X-ClientProxiedBy: SG2PR01CA0166.apcprd01.prod.exchangelabs.com (2603:1096:4:28::22) To MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:178::14)
X-Microsoft-Original-Message-ID: <d3736057-7803-40f7-9a3d-208943337665@live.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MEYP282MB3564:EE_|SY5P282MB4512:EE_
X-MS-Office365-Filtering-Correlation-Id: c8111435-5a90-4a2b-7c37-08dc4eee96bd
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HHYua5kGfHl2bDvOCUWHDEpc1DU/eRvnRNxGrRFbdJ1fLsbAe6Bs/hrHfY3Im6sta6E2WY3nmFxHhyxFTnLd5JTY5jS57QAvAtjEMMcAC+LLcuQHVt7ySv+1AzNZIPNSv/8hZHAJtk2kSKXm/qekB1gwF9Og5bkn23rSbRS+eAVlUmfU9Rq1NbXrlPeqdUm+VTVBkz+yInIiFxwyh7L+CiqfQ8xaRZ6u1IWCzVz1zxtt2g4a4DK7LkJXzkx00cZqLdEcj8CFx7IzgdL1fz2Ih37ZgaMKtaJnMBjTZch4cBrCPn9O2sIY+KvCXPCVvLL0L9CeOHHannJwGT1AYsKpLSIL9JjwtY+Z0J3ljXgRf+AZBwcDrepAtMu5LbKifAh7zfmKKtyx/cgsBb9pe6MJKiMNstQRQN1HLq5Yn4Tux7Suc1i7d4+DGFK7Y2CF9FLzmFXtURO/vhXIC91J9fpmhKOtQbYDYMM3VRPS5RzOZGiVsDkSxy0ybr1jH8zQZAhabjU74jW6l+rS07GG6HlDhWC+LJQQilkFNNE9TXbGyRS5+mksORmyarh+D5AFfTHpPvJtnRe6USipbK3eBJ3x2JpJEE+dDkeW2SSyAghQ7c6AQTawqah3wKEQo5IVwWSpmof9uCliegorZuBQ9x/9HAemoi7pZYRDYKs0tkTccUGQQqu9aoWO9RPcOjCjlK8g
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: x78xHaGnBN7SQ5CZ7tNJUGapuGbXWTISend10aocJJUcgu8+rGNYKLx0JFiRJ3oQZ4UO+ETfnzMRmfEwOp74bTwtohaWvbwe6fV/FwWVcxP0NQ5fhgWyzNM1hc7Vv1Wa/+/mXLTM5uDvvfsKByVKX5lFdInzNlu9ztfSak9ct7W6qn20Y3CIEcnKcIeZ/lS5fcrlvVgCtaOKW+I1XwMKJXolMktbOnTj4wHnWkjoTqiIC+/2fAqB23tuViA9Xw7eHcZwF8MfFZ1lga0KGCUN9d6R156/oiTYvNgTacXxwjQbweGMoJx3g059zgygSO/DAFx5G1kAdfdLOqtzIuwC0g18vXHcDbm1VWsJdxUWRbZRsVqRnPcpVNnK3bglafdKMph7EdYgy/aX1UK0pRFESxonzE22eh1LniRHBGS3XpppmdEfVunhcgu/EAukpDEMbAMOmg0SetRv7r/FPEAwbbJQlbUOrxa6IODBQD5J9Tn25reGdYtHLJZ8rAi9GYvSvTzaPI5ueB+a56oYXaa+QvE6CgFFro9CZdCyKrnW8gaeFCekVSqeiVWt9LtXLi7g/XJClGdUzj56MNew5yVWKiwujL1jiYroeUhdw9dOGELZSLu6O2DGEdMu9wZbb8Y8HLNWDrO0+3YBDF+/QEBJpoqWmSrkSzF5RBr9wYhkK6lnxRMSrFYdzt/AcF7BV3dGfveiH5l2Ol4MzZIPkRiWrB1qA7uulQ6+3yyKJQnOccbkB9AtVPJqMc1PrHpsi7F2Zc1XRCPr48CWBQjx8byCp27Lqav6E8acHllPeSO7+0i/8HnuZ3gEfPRIZZ2BKMjQ8DhhAAQm0LShCax/5gZGlpSSk4E7jKxXUHroYcmYI53WviNH+FdM/2/wJcl0jSWhI+4EjfVf8MiFsypDK4Sfptf31MTPHJJLPI0mIPGBNLnUtsrGD0PJqh32OIvulK+dZWeHZuPwVCytb+/s5w1jWDdRZtrg7fUwKqe6/Rmv230Gin797yEaeNpwyAwk5gMYC4cWzEVnciFFEeCoR5IoO1HXkwuJTR5xS3odGCZ4YDuoaxzvKTP/pYw6k4LMZxQ9htWCYt3xqfU78FwhJZaSC4OcVuhmG18FVJbEvV8oVoo1vVrhsH0jeEs1sNcK6ETvFmNo+9ei/Jno4Xxuh8qTWnYO0hjlYjJfzoQMXWFMtLSm+s/EEhnJD4M47YFau6lPOidszOWxCm1miYnKYHP4RFhTSXG58M40cU1j8naw8W8=
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-746f3.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: c8111435-5a90-4a2b-7c37-08dc4eee96bd
X-MS-Exchange-CrossTenant-AuthSource: MEYP282MB3564.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2024 06:16:22.2409 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY5P282MB4512
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ynRkX60dGq-ofmSW4POhppQcgkY>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-svcb-ech-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 06:16:30 -0000
On 3/28/24 04:37, internet-drafts@ietf.org wrote: > Internet-Draft draft-ietf-tls-svcb-ech-01.txt is now available. It is a work > item of the Transport Layer Security (TLS) WG of the IETF. > > Title: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings > Authors: Ben Schwartz > Mike Bishop > Erik Nygren > Name: draft-ietf-tls-svcb-ech-01.txt > Pages: 6 > Dates: 2024-03-27 Just wondering, do we want to explicitly mention looking up the SVCB record for ECHConfig using "Port Prefix Naming" e.g. with words like MUST? From the SVCB RFC (i.e. RFC 9460), it's mentioned under Section 2.3 that non-standard ports MAY be specified. However, for something security-related like ECH, I think a client MUST lookup the port-prefixed HTTPS record for determining which ECHConfig to use. As an example, for my personal ECH test website[0], different ports advertise different ECHConfigs. Chromium handles this correctly, but Firefox does not, which is considered to be a bug[1]. In my particular example, all ports have the same backend which can find a relevant ECH private key to use, but in some cases this may not be the case, so using the ECHConfig of port 443 (default) on another port could lead to problems. I'm not sure if we need to explicitly mention it here, but since the draft seems to re-iterate some points of both SVCB & ECH, it may be useful. Regards, Raghu Saxena [0] https://rfc5746.mywaifu.best:4443/ [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1860038 P.S. The current draft links to SVCB as "https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-12", but since it is now standardized as RFC 9460, I guess it should be updated.
- Re: [TLS] I-D Action: draft-ietf-tls-svcb-ech-01.… Sean Turner
- [TLS] I-D Action: draft-ietf-tls-svcb-ech-01.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-svcb-ech-01.… Raghu Saxena