IETF Logo Mail Archive

[TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-esni-24: (with COMMENT)

Eric Rescorla <ekr@rtfm.com> Wed, 07 May 2025 14:35 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A3AC925F1D5C for <tls@mail2.ietf.org>; Wed, 7 May 2025 07:35:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DjqK0hTaCJq for <tls@mail2.ietf.org>; Wed, 7 May 2025 07:35:39 -0700 (PDT)
Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 6DC9325F1CFA for <tls@ietf.org>; Wed, 7 May 2025 07:35:39 -0700 (PDT)
Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-70a2b85aeb7so627417b3.1 for <tls@ietf.org>; Wed, 07 May 2025 07:35:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1746628539; x=1747233339; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/kYVRsVJ83iojfFonOPZLTqClyzCAsnuDcAAbR6B5DM=; b=paM2kG0b4qQyqxVOD/Rs8VkD3Lqn5vjiPQoyoK9dDbnSI78DtAUDV5SZeU0dHKufI8 jQb0TiPr0cldysauqEILlEf3K7uxgMyGO4uvDHXk5+6JOIZQnw0lB92y7JQtM4lVWt2m q2Nv1shOECshcMLDAJmeJL6KD0vGljqXIXolUoaBX6cJSH9BPW5gABw44LwgVswRavyw ZYPBoAVmG/KqkFuZSlMCSYme6OSolSNXv/FWEsHQZhsZ7yr5Y+X4QlJMdMTsJc+OLtkh Q8ltCB8lkiYakdSKurFzNMSteoB1EEAKkKSGww5r0hYKv1mNkju3g2BdEIyvN+mjwjp5 pHqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746628539; x=1747233339; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/kYVRsVJ83iojfFonOPZLTqClyzCAsnuDcAAbR6B5DM=; b=SDLSge9tqq07uFYK9lTx1aROpOcY7YNFQtk7bRahf05ki39TZCYbrr8liPYkH1Pw/B HQkOToVJoynBRYv+ll55RNgzC0rLwjbqAvRf94LlAEgQbai0xejivLUNWQqYebG53kHf 9H3tOhywe+ryqUsjInnHzpLWlLvSsLFY5Oh/ZYWSOoWDjfukJFRvjCnzBJ9/nZ2kmFzu yHNZ2vpQZdp9wVm9hzqy/hiIAQD/Aa7gV/SD+Y4oH1AAXGBiXGI5tXSe697jXutxYG2n x/Ch3s4K65G2eH7BKNlVe4WM10u9e4mrM7IIJxMe6QGPrRc7SOpLAxN0XxNEZ5IxszDr 8q7w==
X-Forwarded-Encrypted: i=1; AJvYcCVPOl+1IHbSixRmzZag/UCE1AMx9TLVJ4VAjyVJActCJZyzyEgnLNdCHF1TDZ8ku26HW94=@ietf.org
X-Gm-Message-State: AOJu0YwoHHfn9N+H4blcvQioNALMFuHl2vpGetWC+zarmDdU2IfW5pJo YnnIDF8qrfNuSI6rAtsfwCRw1Qkn7D0RO5xp5xlgui5CCSNIXKiQ+7uTeFBs/vj1vjlU+GEbeHn V6qu1yNA2aRUNDnz9cqTFFHn4CLI6iEomUB1S/w==
X-Gm-Gg: ASbGncu3quSUWhOUZJj9AtnjPfc5aTYpI57f1e1TwqBRBwAlYKsgdavzYR2OgEJFLjk b2sPwMSXtHzNwPernwnbJeumbPXGCnQ0X74hSWAoBU4+IJFqQQvEOH22IAT6pL+ir4U6RpHkBI9 QfTgkui99AN8aWzzPuaFg/kg==
X-Google-Smtp-Source: AGHT+IE0fS8sO6DHsOejgCPlQHbIc6z6anQ3WBAOg2FvizZhR0nhts7jKEyW22Xza5sriUjf07U5Zrj66KojkzMqAZY=
X-Received: by 2002:a05:690c:7202:b0:6f9:97f7:a5c3 with SMTP id 00721157ae682-70a1da12ac7mr49434287b3.18.1746628538687; Wed, 07 May 2025 07:35:38 -0700 (PDT)
MIME-Version: 1.0
References: <174662335626.992684.12434538128929417422@dt-datatracker-58d4498dbd-6gzjf>
In-Reply-To: <174662335626.992684.12434538128929417422@dt-datatracker-58d4498dbd-6gzjf>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 07 May 2025 07:35:01 -0700
X-Gm-Features: ATxdqUFGDNwEAIKwnB2Hwpi_W_EPgo7c6jSoc7SeKNJLNJ7ycmm-szTpAP9W0v4
Message-ID: <CABcZeBMxrrVab=dsb8f_9S3aS5sOUOERDb_vT1Xce7L4B0rKwg@mail.gmail.com>
To: Mike Bishop <mbishop@evequefou.be>
Content-Type: multipart/alternative; boundary="0000000000009a7be506348ca57b"
Message-ID-Hash: 4DHPAGSGYYKS53IDLRBSIZBBXCHUP5DZ
X-Message-ID-Hash: 4DHPAGSGYYKS53IDLRBSIZBBXCHUP5DZ
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-tls-esni@ietf.org, tls-chairs@ietf.org, tls@ietf.org, jsalowey@gmail.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mike Bishop's No Objection on draft-ietf-tls-esni-24: (with COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zo40lAsHWeqxrAzu150EiJfMAAs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks for your comments.


On Wed, May 7, 2025 at 6:09 AM Mike Bishop via Datatracker <noreply@ietf.org>
wrote:

> Mike Bishop has entered the following ballot position for
> draft-ietf-tls-esni-24: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> I've previously reviewed this document and have very few additional
> comments;
> these comments can be incorporated or ignored at the authors' and
> responsible
> AD's discretion.
>
> 6.1.8: "has been forced to change" imputes external events that aren't
> relevant
> to the protocol. The server's configuration may have changed since the
> client
> received the retry configs; the client doesn't need to speculate on why.
>

I have submitted a PR for this:
https://github.com/tlswg/draft-ietf-tls-esni/pull/654


>
> 10.9 notes that there's no collision between ECH acceptance (in 1.3) and
> downgrade protection (in <1.3) because of the version scoping. It's worth
> noting, however, that this forecloses using the same approach to guard
> against
> downgrades to 1.3 from future TLS versions.
>

That's correct, but should not be an issue. This approach was used in TLS
1.2 because
the signature does not cover the entire transcript but only pieces of
it, so we needed to
put the downgrade signal in a location which was protected, namely the
Randoms.
TLS 1.3 signs the whole transcript up to that point and so covers the
version negotiation
under the signature.

-Ekr

v2.41.0 | Report a Bug | By Email | System Status