Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Christopher Wood
On Fri, Nov 1, 2019, at 4:18 PM, Rob Sayre wrote: > I also do not think this issue should have been unilaterally closed: > https://github..com/tlswg/draft-ietf-tls-esni/issues/190 > > > Maybe it's time for some new TLS editors. As the iss

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Rob Sayre
On Fri, Nov 1, 2019 at 4:04 PM Eric Rescorla wrote: > > > On Fri, Nov 1, 2019 at 3:54 PM Rob Sayre wrote: > >> >> >> On Fri, Nov 1, 2019 at 3:39 PM Eric Rescorla wrote: >> >>> > I see. But is there any reason to make these inputs predictably zero by spec? >>> >>> Absent some

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Eric Rescorla
On Fri, Nov 1, 2019 at 3:54 PM Rob Sayre wrote: > > > On Fri, Nov 1, 2019 at 3:39 PM Eric Rescorla wrote: > >> >>> I see. But is there any reason to make these inputs predictably zero by >>> spec? >>> >> >> Absent some reason not to, this seems like a reasonable design choice. At >> minimum

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Rob Sayre
On Fri, Nov 1, 2019 at 3:39 PM Eric Rescorla wrote: > >>> >> I see. But is there any reason to make these inputs predictably zero by >> spec? >> > > Absent some reason not to, this seems like a reasonable design choice. At > minimum, it has the advantage that it's easy to detect some classes of >

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Eric Rescorla
On Fri, Nov 1, 2019 at 3:27 PM Rob Sayre wrote: > On Fri, Nov 1, 2019 at 3:09 PM Eric Rescorla wrote: > >> >> >> On Fri, Nov 1, 2019 at 2:28 PM Rob Sayre wrote: >> >>> Hi, >>> >>> I am not sure how important these findings are, but I've noticed three >>> instances of unnecessarily predictable i

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Rob Sayre
On Fri, Nov 1, 2019 at 3:09 PM Eric Rescorla wrote: > > > On Fri, Nov 1, 2019 at 2:28 PM Rob Sayre wrote: > >> Hi, >> >> I am not sure how important these findings are, but I've noticed three >> instances of unnecessarily predictable inputs in ESNI: >> >> 1) Trailing padding after domain names a

Re: [TLS] predictability of inputs in ESNI

2019-11-01 Thread Eric Rescorla
On Fri, Nov 1, 2019 at 2:28 PM Rob Sayre wrote: > Hi, > > I am not sure how important these findings are, but I've noticed three > instances of unnecessarily predictable inputs in ESNI: > > 1) Trailing padding after domain names are zeros. > 2) The checksum calculation seems to start with predict

[TLS] predictability of inputs in ESNI

2019-11-01 Thread Rob Sayre
Hi, I am not sure how important these findings are, but I've noticed three instances of unnecessarily predictable inputs in ESNI: 1) Trailing padding after domain names are zeros. 2) The checksum calculation seems to start with predictable version bytes in draft -04, and in shipping implementatio