IETF Logo Mail Archive

Re: http2 opportunistic security negotiation

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 06 February 2015 08:15 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84EA41A1A4D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Feb 2015 00:15:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OYCSNblCLXNT for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Feb 2015 00:15:05 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CAF71A19F8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 6 Feb 2015 00:15:04 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YJe0I-0007zf-Gp for ietf-http-wg-dist@listhub.w3.org; Fri, 06 Feb 2015 08:11:06 +0000
Resent-Date: Fri, 06 Feb 2015 08:11:06 +0000
Resent-Message-Id: <E1YJe0I-0007zf-Gp@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1YJe0B-0007vo-7v for ietf-http-wg@listhub.w3.org; Fri, 06 Feb 2015 08:10:59 +0000
Received: from emh03.mail.saunalahti.fi ([62.142.5.109]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1YJe09-00083H-T5 for ietf-http-wg@w3.org; Fri, 06 Feb 2015 08:10:59 +0000
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id 0DF0F1887F5; Fri, 6 Feb 2015 10:10:33 +0200 (EET)
Date: Fri, 06 Feb 2015 10:10:33 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Erik Nygren <erik@nygren.org>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20150206081033.GA23827@LK-Perkele-VII>
References: <CAKC-DJhOm-4AqfvsdvTL1NBn1kauTBcsah8MBhushsS=5Ods=A@mail.gmail.com> <20150205162845.GA13872@LK-Perkele-VII> <CAKC-DJjArVEBCEeY47mKYceP5Lt+RThbKWwp7_WZCOmsoXWbag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAKC-DJjArVEBCEeY47mKYceP5Lt+RThbKWwp7_WZCOmsoXWbag@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Received-SPF: pass client-ip=62.142.5.109; envelope-from=ilari.liusvaara@elisanet.fi; helo=emh03.mail.saunalahti.fi
X-W3C-Hub-Spam-Status: No, score=-3.2
X-W3C-Hub-Spam-Report: AWL=-3.176, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: maggie.w3.org 1YJe09-00083H-T5 b7f530984fdcb4eb012853a23b899ee5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: http2 opportunistic security negotiation
Archived-At: <http://www.w3.org/mid/20150206081033.GA23827@LK-Perkele-VII>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28767
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Feb 05, 2015 at 05:21:26PM -0500, Erik Nygren wrote:
> On Thu, Feb 5, 2015 at 11:28 AM, Ilari Liusvaara <
> ilari.liusvaara@elisanet.fi> wrote:
> 
> >
> > Even TLS 1.3 won't encrypt the ALPN (at least as TLS 1.3 currently is).
> 
> 
> 
> Why can't the server's ALPN response be in EncryptedExtensions for a TLS
> 1.3 ServerHello
> even if the client's ALPN (a superset so less interesting) is in-the-clear
> in the ClientHello?

Ah yeah, Server's ALPN. Client's ALPN would be always constant per client.


Also, it occurs to me that if one can tell from certificate if it is
supposed to be valid or not, the ALPN leak does not add much:

- On TLS 1.2, one can inspect certificate of connection before deciding
  to MITM or not (since nothing before it has any commitments).
- In TLS 1.3, where that isn't possible (there are commitments from
  both sides before), one can still connect to the server and probe
  the certificate.


Then there are some servers where getting good certificate is
much less of a problem than dealing with the https:// scheme
(due to legacy internal baggage).


-Ilari

v2.43.4 | Report a Bug | By Email | System Status