IETF Logo Mail Archive

Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09

Rob Sayre <sayrer@gmail.com> Thu, 14 July 2022 19:33 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04BD4C157B5A; Thu, 14 Jul 2022 12:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JnLs9e9T6F_H; Thu, 14 Jul 2022 12:33:44 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DDEAC157B34; Thu, 14 Jul 2022 12:33:39 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id g1so3684574edb.12; Thu, 14 Jul 2022 12:33:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kr2gv/z3crosKmSUxfD/9nI7jxNTHDDwXGWN7kgNdI8=; b=ClD1HEhunSmtA1YE6JdklX5HUhCH3sgkn9yJdfJ+X1lQbxlRf7XsshfGQDrUVEgt4j vYiViC7o+Qjr95b28LP9ec6xebzTK0eXSaC1ynq1lEx4VLXnMr/WhcCAaK3pGb63Xpyc Ag4euSRig0mwxGvcnjBcS4FcYbgyERJ5NjE/WtOSu7Txaup8VTnh1sS2uLjTT5qXYaOT bYvUXKDTCzKoqO3T1WOf4bUU+csSSmUyUYEg0UfPPpVLrNwtuRnb5ka4bVWfeuK84zjA j0C6vYMYKkmAuD+CuVr/rXCvRGk9++97XM15kj+WS/WWz0+4N+TMrEqaBRExAQIoqk39 4w8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kr2gv/z3crosKmSUxfD/9nI7jxNTHDDwXGWN7kgNdI8=; b=mY+b8pvGViaxZ7JGbQ0CWpZXLbJmTr8SWUb1GHz4juVkf/ohUMK3NdZscHl9lngYwO InaP/Psb/6DOfo7BEsEkf2PHUNVSEZNUg+AysW5jPhFL/+Wv5PPOVYyUu/MF/Ccmy5Ze nNAepqLf3mDrasV213zq6OphsnFrkDBW5ieOJ9HYuvwusGK+P8zcC2u3W8trkPe5O2VV Q7VShsTA+QKv9A9LfWx4hRL708z7W1qdqBO7o+ZRJBLvnqd/6TtPl2/e9yIAPsAKIQgQ JpGVXz/7XmwiJCUPIrQdKJJAFTRBMLzZc4GAk8azWIsqwWN9Kt1HGoIcE9LJdaV6zbdx kA+g==
X-Gm-Message-State: AJIora8RFWwAr9u8yjJghWJiJAE4eynjWuaBn5wPhbElK0Y0nm8QvFaS LkK2QTD4YXqdW1RRMX+OF29qmLADzIcRUfzkvbsAadi33n7kdA==
X-Google-Smtp-Source: AGRyM1sVH8npXL5wFN6ufISEnBCuzecsR7W4IA33Kh4lHhODoSD15VizOLMBFYwpBVU0qIC+B9yTgF5hteqN9HMacF4=
X-Received: by 2002:aa7:c98b:0:b0:43a:944f:5db6 with SMTP id c11-20020aa7c98b000000b0043a944f5db6mr14263127edt.34.1657827217355; Thu, 14 Jul 2022 12:33:37 -0700 (PDT)
MIME-Version: 1.0
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com> <4c7fcbfe-5055-d33d-e1d1-27e85592551a@stpeter.im>
In-Reply-To: <4c7fcbfe-5055-d33d-e1d1-27e85592551a@stpeter.im>
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 14 Jul 2022 12:33:26 -0700
Message-ID: <CAChr6Sy4_+v5ok24_3OkbrsmUyaaYhhQTDMJDgcuhsscQjdj2A@mail.gmail.com>
To: Peter Saint-Andre <stpeter@stpeter.im>
Cc: Cullen Jennings <fluffy@iii.ca>, ART Area <art@ietf.org>, draft-ietf-uta-rfc7525bis.all@ietf.org, last-call@ietf.org, uta@ietf.org
Content-Type: multipart/alternative; boundary="00000000000063b86105e3c8fa35"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/p6Q_bnZmNssfty-pnnfPUT0yG30>
Subject: Re: [Uta] [Last-Call] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 19:33:45 -0000

On Thu, Jul 14, 2022 at 12:14 PM Peter Saint-Andre <stpeter@stpeter.im>
wrote:

> > On ESNI in section 3.7. My view is the statement "this information leak
> is
> > closed by use of TLS Encrypted Client Hello." is false. The traffic
> patters to
> > most websites along with IP even when fronted very often reveal exactly
> that
> > information. Often the unencrypted OSCP data on port 80 promptly
> following the
> > ESNI packet reveals more than one would hope. I think there should be
> clear
> > discussion about how using this causes schools in some jurisdictions to
> be
> > legally required to have to install monitoring software on computers
> owned and
> > administered by the student and how this is really bad for privacy.
> There are
> > clear cases where ESNI makes sense, but there are others where the IETF
> in
> > trying to help privacy, is actually making the situation worse.
>
> We could say "you should strongly consider using ESNI when available if
> appropriate for your situation and taking into account all relevant
> considerations described in the ESNI spec" but it seems that the ESNI
> spec ought to be the one that covers this topic in depth.
>

Firstly, it's called ECH now. I believe the draft name is still ESNI so all
of the tools can deal with it (the proposal here gets this right).

I don't think this section is helpful:
https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis#section-3.7

I think it should say something about how connecting to a server
necessarily reveals some information, even if the traffic is encrypted.
That means there is a trade-off between relying on a centralized proxy or
revealing some metadata.

It's not true that SNI is required, TLS often works fine without it. I know
this because I've implemented it incorrectly, and many servers continued to
work. I think it would be fine to document the risks, rather than make
requirements.

thanks,
Rob

v2.23.0 | Report a Bug | By Email