Open Bug 1712647 Opened 3 years ago Updated 2 years ago

Different extension contents for custom extensions in ECH CHInner and CHOuter

Categories

(NSS :: Libraries, enhancement, P5)

enhancement

Tracking

(Not tracked)

People

(Reporter: mt, Assigned: mt)

Details

Attachments

(1 file)

One of the ways in which ECH potentially improves privacy is through being able to present different values in the inner and outer ClientHello. As the outer is used for fallback, the values often do not matter. The outer ClientHello can use a generic value in many cases without compromising functionality. This is particularly true for QUIC, where transport parameters in the outer ClientHello only need to cover mandatory information.

As QUIC uses a custom extension handler, providing different inner and outer values is something that NSS would need to support through custom extension handlers.

There is a trade-off here as identical values are easier to compress. Even if values are minimal, they still likely take up more space if inner and outer ClientHello differ. The configuration we use for QUIC is generic enough that sharing values is probably harmless.

I have a patch for this, written when I thought QUIC might need different capabilities. It's modest in size, so it might be worth considering.

A new function SSL_CallExtensionWriterOnEchInner() allows applications to have
custom extension handlers called separately for CHInner and CHOuter.

This is a little tricky as ECH needs to construct two versions of CHInner: one
compressed and one not. This just calls the write handler twice in that case.

The other complication is that a handler might make different choices for
CHInner and CHOuter. This forces us to stop compressing that extension and any
that follow it when that occurs. In order to ensure that extensions are
consistently placed, we need to track what can be compressed during both
invocations.

I've retained the quirk where the extensions are built twice. That might be
something that can be removed in future, but for now it creates a negative
externality that I've noted in documentation.

Attachment #9223284 - Attachment description: WIP: Bug 1712647 - Split custom extension handling for ECH → Bug 1712647 - Split custom extension handling for ECH
Attachment #9223284 - Attachment description: Bug 1712647 - Split custom extension handling for ECH → WIP: Bug 1712647 - Split custom extension handling for ECH
Attachment #9223284 - Attachment description: WIP: Bug 1712647 - Split custom extension handling for ECH → Bug 1712647 - Split custom extension handling for ECH. r=bbeurdouche,mt
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: