Re: [DNSOP] Proposal for a new record type: SNI

"Adrien de Croy" <> Wed, 15 February 2017 00:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9B85A12945D for <>; Tue, 14 Feb 2017 16:51:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eKIXfl8btAJ4 for <>; Tue, 14 Feb 2017 16:51:03 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E272612706D for <>; Tue, 14 Feb 2017 16:51:02 -0800 (PST)
Received: From [] (unverified []) by SMTP Server [] (WinGate SMTP Receiver v9.0.4 (Build 5915)) with SMTP id <>; Wed, 15 Feb 2017 13:51:00 +1300
From: "Adrien de Croy" <>
To: "Ben Schwartz" <>, "Robert Edmonds" <>
Date: Wed, 15 Feb 2017 00:51:00 +0000
Message-Id: <em7c413932-28f0-4bd0-814e-c8450c0a8182@bodybag>
In-Reply-To: <>
References: <> <> <>
User-Agent: eM_Client/7.0.27943.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB18CF7FD7-3BF0-403F-B801-54CF9AEEDC36"
Archived-At: <>
Cc: "" <>
Subject: Re: [DNSOP] Proposal for a new record type: SNI
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Adrien de Croy <>
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Feb 2017 00:51:05 -0000

presuming that the client will have to look up the hostname of the 
destination at some stage, and presuming that a passive network attacker 
may see DNS requests as well as TCP connections, how does this help?

Or does this require the use of DNS over TLS.

And also there will be leakage of certificate IDs in OCSP lookups which 
cannot be secured due to the paradox that would create.  An attacker 
could mine sites for cert IDs and do a reverse mapping from that.


------ Original Message ------
From: "Ben Schwartz" <>
To: "Robert Edmonds" <>
Cc: "" <>
Sent: 15/02/2017 9:03:09 AM
Subject: Re: [DNSOP] Proposal for a new record type: SNI

>On Tue, Feb 14, 2017 at 2:16 PM, Robert Edmonds <> 
>>Ben Schwartz wrote:
>> > Hi dnsop,
>> >
>> > I've written a draft proposal to improve the privacy of TLS 
>>connections, by
>> > letting servers use the DNS to tell clients what SNI to send.
>> >
>> > 
>> >
>> > I've incorporated some helpful feedback [1] from the TLS WG, but now 
>> > could use your help analyzing the DNS side. All comments welcome; 
>> > draft will change based on your feedback.
>> >
>> > One particular issue that I could use advice on: should this be a 
>> > record type, or should it reuse/repurpose an existing type like SRV 
>>or PTR?
>> >
>> > Thanks,
>> > Ben
>> >
>> > [1] 
>>Hi, Ben:
>>I'm kind of curious: your examples are pretty HTTP-centric, and HTTP
>>already has some pretty strong features for origins to persistently
>>modify how clients perform TLS, i.e., HTTP Strict Transport Security 
>>HTTP Public Key Pinning, along with preloading of those settings by 
>>browser vendors. Why not follow that same model for the functionality 
>>your draft?
>>Robert Edmonds
>Hi Robert,
>While this technique would apply to any use of TLS, you're right that 
>I'm mainly motivated by improvements for HTTPS.
>It's true, we could accomplish something like this by preloading a data 
>file into browsers.  In some sense, this is also true for any aspect of 
>DNS!  Obviously, preloading fares very badly when the data in question 
>is valid for short times, or applies to many thousands or millions of 
>domains, and I think both problems apply here.
>For example, a CDN that operates DNS on behalf of its customers could 
>apply SNI records to all of their domains.  Preloading all of those 
>domains into every browser seems impractical, and the list will quickly 
>become outdated.
>Without preloading, we cannot solve the problem of revealing the 
>destination in the initial connection.
>I would also note that HSTS and HPKP could not have been implemented 
>using insecure DNS, given their adversary model.  The SNI record is 
>very different, and does not require DNSSEC.