Re: Last Call: <draft-ietf-tls-sni-encryption-05.txt> (Issues and Requirements for SNI Encryption in TLS) to Informational RFC
Benjamin Kaduk <kaduk@mit.edu> Sat, 24 August 2019 20:07 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22997120020 for <ietf@ietfa.amsl.com>; Sat, 24 Aug 2019 13:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R06OgaRzLI2F for <ietf@ietfa.amsl.com>; Sat, 24 Aug 2019 13:07:06 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C615F120013 for <ietf@ietf.org>; Sat, 24 Aug 2019 13:07:05 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x7OK6wM5001667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 24 Aug 2019 16:07:01 -0400
Date: Sat, 24 Aug 2019 15:06:58 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Mike Bishop <mbishop@evequefou.be>
Cc: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Last Call: <draft-ietf-tls-sni-encryption-05.txt> (Issues and Requirements for SNI Encryption in TLS) to Informational RFC
Message-ID: <20190824200657.GM60855@kduck.mit.edu>
References: <156622314492.19744.12076098510309117385.idtracker@ietfa.amsl.com> <BN6PR2201MB120217250B277A106CB7DAB2DAAA0@BN6PR2201MB1202.namprd22.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BN6PR2201MB120217250B277A106CB7DAB2DAAA0@BN6PR2201MB1202.namprd22.prod.outlook.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/U_3Kv93XezkZT_0daxid3kaKCEo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Aug 2019 20:07:08 -0000
Hi Mike, Thanks for this. The first two at least are already fixed in the editor's copy, and I'll make sure that the rest get addressed before publication. -Ben On Wed, Aug 21, 2019 at 07:26:29PM +0000, Mike Bishop wrote: > Section 3.6: > The downside is the the > client will not verify the identity of the fronting service with > risks discussed in , but solutions will have to mitigate this risks. > Overall, end-to-end TLS to the protected service is preferable. > > "the the" => "that the" > "discussed in ," presumably was intended to include a reference to... something. > "this risks" => "these risks" > > Section 3.7: > These applications > too will benefit of SNI encryption. HTTP only methods like those > described in Section 4.1 would not apply there. In fact, even for > the HTTPS case, the HTTPS tunneling service described in Section 4.1 > is compatible with HTTP 1.0 and HTTP 1.1, but interacts awkwardly > with the multiple streams feature of HTTP 2.0 [RFC7540]. This points > to the need of an application-agnostic solution, that would be > implemented fully in the TLS layer. > > "benefit to" => "benefit from" > "HTTP only" => "HTTP-only" > "HTTP 2.0" => "HTTP/2" > "solution, that would" => "solution which can" > > Section 4.2 > This requires a > controlled way to indicate which fronting ferver is acceptable by the > hidden service. > > "ferver" => "server" > > We can observe that content distribution network have a similar > requirement. They need to convince the client that "www.example.com" > can be accessed through the seemingly unrelated "cdn-node- > xyz.example.net". Most CDNs have deployed DNS-based solutions to > this problem. > > It might be worth mentioning that when a CDN deploys a "DNS-based solution to this problem," it also holds the authoritative certificate of the origin.. There is simultaneously verification of a relationship between the origin and the CDN (because the certificate can be verified) and a risk that the CDN can spoof the content from the origin. > > Section 5 > > Having described in 2.3 that encrypting SNI will simultaneously thwart invasions of the TLS exchange whose purpose is to improve some forms of security, I suspect this is worth a mention in the Security Considerations as well.. > > Section 7 > > "Martin Rex Martin Thomson and" => "Martin Rex, Martin Thomson, and" > > -----Original Message----- > From: IETF-Announce <ietf-announce-bounces@ietf.org> On Behalf Of The IESG > Sent: Monday, August 19, 2019 9:59 AM > To: IETF-Announce <ietf-announce@ietf.org> > Cc: draft-ietf-tls-sni-encryption@ietf.org; tls@ietf.org; tls-chairs@ietf.org > Subject: Last Call: <draft-ietf-tls-sni-encryption-05.txt> (Issues and Requirements for SNI Encryption in TLS) to Informational RFC > > > The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Issues and Requirements for SNI Encryption in TLS' > <draft-ietf-tls-sni-encryption-05.txt> as Informational RFC > > The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf..org mailing lists by 2019-09-02. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. > > Abstract > > > This draft describes the general problem of encrypting the Server > Name Identification (SNI) TLS parameter. The proposed solutions hide > a Hidden Service behind a fronting service, only disclosing the SNI > of the fronting service to external observers. The draft lists known > attacks against SNI encryption, discusses the current "co-tenancy > fronting" solution, and presents requirements for future TLS layer > solutions. > > In practice, it may well be that no solution can meet every > requirement, and that practical solutions will have to make some > compromises. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > > > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-announce >
- RE: Last Call: <draft-ietf-tls-sni-encryption-05.… Mike Bishop
- Re: Last Call: <draft-ietf-tls-sni-encryption-05.… Benjamin Kaduk