Internet-Draft | Well-Known URI for ECH | July 2024 |
Farrell, et al. | Expires 8 January 2025 | [Page] |
We define a well-known URI at which an HTTP origin can inform an authoritative DNS server, or other interested parties, about its Service Bindings. The data can include Encrypted ClientHello (ECH) configurations, allowing the origin, in collaboration with DNS infrastructure elements, to publish and rotate its own ECH keys.¶
This note is to be removed before publishing as an RFC.¶
The source for this draft is in https://github.com/sftcd/wkesni/ Issues and PRs are welcome there too.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 January 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Encrypted ClientHello (ECH) [I-D.ietf-tls-esni] for TLS1.3 [RFC8446] defines a confidentiality mechanism for server names and other ClientHello content in TLS. Many applications will require publication of ECHConfigList data structures in the DNS, where an ECHConfigList structure contains a list of ECHConfig values. Each ECHConfig value contains the public component of a key pair that will typically be periodically (re-)generated by a web server. Many web infrastructures will have an API that can be used to dynamically update the DNS RR values containing ECHConfigList values. Some deployments, however, will not, and those deployments could benefit from a mechanism like the one defined here.¶
Note that this is not intended for universal deployment, but rather for cases where the web server doesn't have write access to the relevant zone file (or equivalent). That zone file will eventually include an HTTPS or SVCB RR [RFC9460] containing the ECHConfigList in an "ech=" SvcParamKey. [I-D.ietf-tls-svcb-ech] This mechanism is extensible to deliver other kinds of information about the origin, that can be of use in these circumstances, but is mainly intended to provide the functionality necessary for ongoing management of ECH keys.¶
We use the term "zone factory" (ZF) for the entity that does have write access to the zone file. We assume the ZF can also make HTTPS requests to the web server with the ECH keys. We define a well-known URI [RFC8615] on the web server that allows the ZF to poll for changes to ECHConfigList values. For example, if a web server generates new ECHConfigList values hourly and publishes those at the well-known URI, the ZF can poll that URI. When the ZF sees new values, it can check if those work, and if they do, then update the zone file and re-publish the zone.¶
If ECH is being operated in split-mode then the web server (backend) can similarly poll the ECH client-facing server at the well-known URI and then create it's own value to publish for the ZF to read. ECH split-mode is defined in [I-D.ietf-tls-esni] and some examples are shown below (Section 3).¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
We define or re-use the following terms:¶
Some example deployments are described here.¶
The shared-mode ECH server generates new ECHConfigList values every "regeninterval" seconds via some regular, automated process (e.g., a cronjob). ECHConfigList values are "current" for an hour, and remain usable for three hours from the time of generation. The automated process updates the ECHConfigList values in a JSON resource (see Figure 3) at the well-known URI, https://backend.example.com/.well-known/origin-svcb.¶
These steps then occur:¶
When "regeninterval" seconds have passed, the ZF attempts to refresh its cached copy of the JSON resource. If the resource has changed, it repeats this process.¶
The following diagram, and this entire section, is a place-holder just to have something on which to base discussion, and will change.¶
In this topology, the overall process is as in the previous section, but with the following differences:¶
If the backend wants to convey information to the Zone Factory, it publishes the JSON content defined in Section 5 at: https://backend.example.com/.well-known/origin-svcb¶
The well-known URI defined here MUST be an https URL and therefore the ZF can verify the correct backend is being accessed.¶
If no new ECHConfig value verifies (as per Section 6), then the zone factory MUST NOT modify the zone.¶
The JSON file at the well-known URI MUST contain an object with two keys: "regeninterval", whose value is a number, and "endpoints" whose value is an array of objects. All other keys MUST be ignored.¶
The "regeninterval" must be a positive integer and specifies the number of seconds between key generation actions at the origin, i.e. a replacement ECHConfigList may be generated this often. This is used by the ZF to generate DNS TTL values and to determine when to next poll the origin for updates.¶
More precise expiration times are common (e.g., the "notAfter" field in certificate lifetime validity, discussed in Section 4.1.2.5 of [RFC5280]), but are too stringent for this use-case. The ZF cannot afford to fail open (by removing the HTTPS records) or fail closed (by removing the IP addresses), but it can safely "stretch" the lifetime of the HTTPS records because of ECH's "retry_configs" behavior. Since we have to accept this stretching, it makes sense to avoid an explicit expiration time and instead speak about the intended update frequency. This also make it clear the origin must tolerate some amount of version skew, and gives operational flexibility to avoid unreasonable update frequencies.¶
The "endpoints" key is an array of objects.¶
An endpoints array with one element can be one of three things:¶
This format is designed to allow full use of the capabilities of HTTPS records [RFC9460] in natural JSON while minimizing the risk of invalid configurations.¶
The following keys are defined for ServiceMode entries:¶
A JSON Dictionary representing the SVCB SvcParams. Each key in the dictionary is a string containing a registered SvcParamKey name (e.g., "ipv6hint") or a SvcParamKey in generic form (e.g., "key65528"). The default value is "{}".¶
The following key is defined for AliasMode entries.¶
These definitions, taken with the ZF behaviour (Section 6) specified below, provide the following important properties:¶
If the ZF is unable to convert the JSON into a DNS zone fragment (e.g., due to an unrecognized SvcParamKey), or if the resulting zone fails validation checks, the ZF MUST NOT update the DNS. Such failures will not be directly visible to the client-facing server, so ZF implementations will need to provide some form of reporting so that the situation can be resolved. Note that this can lead to inconsistent behavior for a single origin served by multiple ZFs.¶
A ZF MAY apply additional processing according to its own policy, such as adjusting TTL values and correcting common misconfigurations.¶
ZF SHOULD check that ECH with the presented endpoints succeeds with the backend before publication. In order to make such checks, the ZF SHOULD attempt to access the well-known URI defined here while attempting ECH.¶
A bespoke TLS client is likely needed for this check, that does not require the ECHConfigList value to have already been published in the DNS. The TLS client also needs to allow checking for the success or failure of ECH.¶
If more than one ECHConfig is present in an ECHConfigList, then the ZF SHOULD explode the ECHConfigList value presented into "singleton" values with one public key in each, and then test each of those separately.¶
If ipv4hints or ipv6hints are present, and if those are not the same values as are published in A/AAAA RRs for the backend, then the ZF SHOULD check that webPKI based authentication of the backend works at all of the relevant addresses.¶
ZF SHOULD publish all the endpoints that are presented in the JSON file that pass the checks above.¶
ZF SHOULD set a DNS TTL less than regeninterval, i.e. short enough so that any cached DNS resource records are likely to have expired before the JSON object's content is likely to have changed. The ZF MUST attempt to refresh the JSON object and regenerate the zone before this time. This aims to ensure that ECHConfig values are not used longer than intended by backend.¶
This document defines a way to publish SVCB/HTTPS RR values. If the wrong values were published in the DNS, then TLS clients using ECH might suffer a privacy leak, or degraded service due to overuse of ECH retry_configs.¶
Similarly, a ZF that also has write access to A/AAAA RRs for a backend, SHOULD NOT publish HTTPS RRs that contain ipv4hints or ipv6hints that are in conflict with the correct A/AAAA values unless those have been verified (via webPKI) as belonging to the same backend.¶
When considering the content of SVCB/HTTPS RRs, the general argument for the security of this scheme is that, this scheme has the backend server authenticate the JSON structure that is mapped directly to the SVCB/HTTPS RR, to eventually be used by TLS clients when interacting with the backend server, via the client-facing server.¶
ECH split-mode security also requires that the backend server acquire SvcParamKey values from the client-facing server via some authenticated means. If the backend server acquires the JSON data from the well-known URL and it is properly authenticated via HTTPS from the client-facing server's public_name then that satisfies this requirement.¶
The system described here depends on the webPKI for authentication of entities and results in publication of new SVCB/HTTPS RRs. The webPKI itself, however, often depends on the DNS to demonstrate control over a DNS name, e.g. when using the ACME protocol [RFC8555] with the HTTP-01 challenge type. A temporary breach of a backend server that allows the attacker to contol the JSON content described here could be used to bootsrap more long-lasting control over the backend's DNS name if the attacker were to request new certificates during the time when the attacker's chosen values were published in the DNS, and if the ACME server doing the validation solely depended on content from the backend's HTTPS RR, e.g. preferring ipv6hints over the AAAA for the backend. It would seem prudent for ACME servers to be cautious if using ipv4hints and ipv6hints, e.g. flagging divergence between those values and A/AAAA RRs.¶
Although the .well-known URL defined here may well be publicly accessible, general HTTP clients SHOULD NOT attempt to use this resource in lieu of HTTPS records queries through their preferred DNS server for the following reasons:¶
The .well-known URI chosen here means that services running on different ports of the same backend are trusting the service running on the default port (443) for that backend to provide correct endpoint information.¶
As described, in mutlti-CDN and simlar scenarios, a ZF might only test ECH success against one of the CDNs unless the ZF can make use of the ipv4hints and/or ipv6hint values, or the ZF has out of band information about the different addresses at which backend.example.com can be accessed.¶
Thanks to Niall O'Reilly, Martin Thomson and David Black for reviews.¶
Stephen Farrell's work on this specification was supported in part by the Open Technology Fund.¶
IANA is requested to take two actions: registering a new well-known URI in the registry at https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml#well-known-uris-1 and creating a new registry for defining items in the JSON object found at that endpoint.¶
IANA is requested to add the following entry to the Well-Known URIs table:¶
Column | Value |
URI Suffix | origin-svcb |
Change Controller | IETF |
Reference | {This RFC} |
Status | permanent |
Related Information | Must be fetched via HTTPS |
Date Registered | {When registered} |
Date Modified |
Items in curly braces should be replaced with their actual values.¶
If approved, this specification requests the creation of an IANA registry named "JSON Service Binding Info" with a Standards Action registration policy. The request is to put the table in a new file "json-svcb.xml" in the existing "dns-svcb" registry group. The table has three columns:¶
The table should be populated with the following two entries, where Items in curly braces should be replaced with their actual values, and the "Notes" column is empty.¶
Name | Reference | Notes |
endpoints | {This RFC} | |
regeninterval | {This RFC} |
This section is to be removed before publishing as an RFC.¶
The -00 WG draft replaces draft-farrell-tls-wkesni-03.¶
Version 01 changed from a special-purpose design, carrying only ECHConfigs and port numbers, to a more general approach based on Service Bindings.¶
Version 02 is just a keep-alive¶
Version 03 reflects some local implementation experience with -02¶
Version 04 matches a proof-of-concept bash script implementation and results of IETF-117 discussion.¶
Version 05 responds to early artart and dnsop reviews, and some list discussion/github issues.¶