Off the cuff, folding it into the transcript sounds tricky, since existing TLS servers won't know to do it, and, as with any other DNS hints, we need to accommodate the DNS being out of sync with the server. It'll also be more difficult to deploy due to needing changes in the TLS stack and generally require much, much tighter coordination between DNS and TLS. I'd like for that coordination to be more viable (see my comments on the .well-known draft), but I don't think we're there yet.
But I'm certainly open to continue discussing it and this problem space! The original version of the draft actually tried a lot harder to handle the downgrade story. Rather than mess with the transcript, it defined away all the negotiation algorithms where this would be a problem and keyed the NamedGroup codepoints to know when you could be guaranteed of the narrower server behavior. My read of the feedback was that people thought this was an unnecessary complication and that servers doing a key-share-first selection were doing so intentionally because they believed the options roughly equivalent. So I took all that out and replaced it with text to that effect. David On Tue, May 21, 2024, 08:54 Eric Rescorla <e...@rtfm.com> wrote: > I agree that it's attractive to be able to hint in the HTTPS RR, but I'm > less sure about addressing the basic insecurity of the DNS channel with the > approach this draft takes. I don't have a complete thought here, but what > if we were to somehow fold the hint into the handshake transcript? I > suppose we can sort this out post-adoption, but I'd like the question to be > on the table. > > -Ekr > > > On Fri, May 3, 2024 at 3:05 PM Joseph Salowey <j...@salowey.net> wrote: > >> This is a working group call for adoption >> for draft-davidben-tls-key-share-prediction. This document was presented >> at IET 118 and has undergone some revision based on feedback since then. >> The current draft is available here: >> https://datatracker.ietf.org/doc/draft-davidben-tls-key-share-prediction/. >> Please read the document and indicate if and why you support or do not >> support adoption as a TLS working group item. If you support adoption >> please, state if you will help review and contribute text to the document. >> Please respond to this call by May 20, 2024. >> >> Thanks, >> >> Joe, Deidre, and Sean >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
