[TLS] ECHO padding review and some open issues

Thu, 23 Apr 2020 16:31:32 -0700 

In preparation for next week's virtual interim session on ECHO, I'd like to 
draw your attention to the following issues and PRs we'll be discussing. 

First, there's a PR up for padding 
[https://github.com/tlswg/draft-ietf-tls-esni/pull/209]. This PR describes a 
padding algorithm for clients that roughly works as follows. Clients compute 
the amount of ClientHelloInner padding based on padding for each inner CH 
extension. Some extensions might take server hints as input to this 
computation. In our case, we only have one such extension and hint: the SNI and 
ECHOConfig.max_name_len. Once done, round the total padding to the nearest 32B 
value. It also suggests that other handshake messages should be padded, yet 
elides details. (We previously didn't specify padding for anything beyond the 
CH message, so this isn't a change.)

Is this PR ready to go? If not, why not? What would you change, and why? 
(Concrete suggestions are highly encouraged!) Note also that this is currently 
only a recommended padding algorithm. Implementations are therefore free to do 
what they wish. Is this acceptable? Do we need to be more prescriptive? Food 
for thought!

After that PR, there's a pile of issues that need attention and discussion. 
Please have a look at the list below and comment on whether you think they're 
worth addressing. 

- ECHOConfigContents.extensions 
[https://github.com/tlswg/draft-ietf-tls-esni/issues/217]
- ECHOConfig vs HTTPSSVC 
[https://github.com/tlswg/draft-ietf-tls-esni/issues/219, 
https://github.com/tlswg/draft-ietf-tls-esni/issues/216]
- GREASE indistinguishability 
[https://github.com/tlswg/draft-ietf-tls-esni/issues/177]
- HPKE code points [https://github.com/tlswg/draft-ietf-tls-esni/issues/218]
- Tunnel TLS 1.2 and below 
[https://github.com/tlswg/draft-ietf-tls-esni/issues/214]

These are the last major outstanding issues against the document. I hope we can 
move forward after we resolve them, one way or another.

Thanks,
Chris (no hat)

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to