Re: [quicwg/base-drafts] SNI encryption (#795)
hardie <notifications@github.com> Wed, 25 October 2017 22:44 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D2613A1C7 for <quic-issues@ietfa.amsl.com>; Wed, 25 Oct 2017 15:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.02
X-Spam-Level:
X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvYSG-FRO_nh for <quic-issues@ietfa.amsl.com>; Wed, 25 Oct 2017 15:44:39 -0700 (PDT)
Received: from github-smtp2b-ext-cp1-prd.iad.github.net (github-smtp2-ext6.iad.github.net [192.30.252.197]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF48C1396DD for <quic-issues@ietf.org>; Wed, 25 Oct 2017 15:44:38 -0700 (PDT)
Date: Wed, 25 Oct 2017 15:44:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1508971477; bh=7KmqoXGYNR+gsSjYK4dSvY4V12fk9jUc8IEj2OfVukc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=mUgM51Qbax5Hay6Nkeedtwx0HwoXPoGqAAjARR/6ZZBFU5cYgmhWxJF9t0MG77f4+ RxfT4I69pwqReY82fp0q5XveKIiPWt9gcNM7adOtr6y4cNpV/Q+sh25DUjG1aKlXAs XBkfVtjHLYgrC6SOs1tAMsqHR7nHEBpvYb0vbAqI=
From: hardie <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab82d93b331ced03eb1d7d1038d8e74589e6d3dd5292cf000000011608d5d592a169ce0f861fa8@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/795/339496867@github.com>
In-Reply-To: <quicwg/base-drafts/issues/795@github.com>
References: <quicwg/base-drafts/issues/795@github.com>
Subject: Re: [quicwg/base-drafts] SNI encryption (#795)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59f113d5de6e4_37723fbd03848f28933b8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: hardie
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/KcNvynlU7EmJBrv_3Zv4irZG-1g>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 22:44:40 -0000
On Wed, Oct 25, 2017 at 2:39 PM, Mike Bishop <notifications@github.com> wrote: > Secondary certificates seems like a good way to achieve this for HTTP/* > over TLS. Put your CERTIFICATE_REQUEST for the real hostname in 0-RTT data. > A more general possibility would be the "tls1.3" ALPN token, where you > carry a TLS 1.3 session on Stream 1, with the ClientHello (in 0-RTT data if > you can) and use of other streams is discouraged or prohibited. > > I think that means that the ALPN token can't be used to select the protocol. When we get to the point of having multiple protocols, some subset of which might be present but served by different back end processes, that could pose a problem. Would you be okay with $PROTOCOL.tls1.3 as a pattern? That can still get you to the point where the server name is encrypted, even if the protocol is known to anyone able to observe the ALPN token. Ted > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/quicwg/base-drafts/issues/795#issuecomment-339479877>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABVb5GJOEkjMNuD9_e8EVqxvrUafm5Hrks5sv6qMgaJpZM4PjfJL> > . > -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/795#issuecomment-339496867
- Re: [quicwg/base-drafts] SNI encryption (#795) ekr
- Re: [quicwg/base-drafts] SNI encryption (#795) Lars Eggert
- Re: [quicwg/base-drafts] SNI encryption (#795) Juha-Matti Tilli
- Re: [quicwg/base-drafts] SNI encryption (#795) ianswett
- Re: [quicwg/base-drafts] SNI encryption (#795) Juha-Matti Tilli
- [quicwg/base-drafts] SNI encryption (#795) Martin Thomson
- Re: [quicwg/base-drafts] SNI encryption (#795) hardie
- Re: [quicwg/base-drafts] SNI encryption (#795) Mike Bishop
- Re: [quicwg/base-drafts] SNI encryption (#795) Martin Thomson
- Re: [quicwg/base-drafts] SNI encryption (#795) Martin Thomson
- Re: [quicwg/base-drafts] SNI encryption (#795) Martin Thomson
- Re: [quicwg/base-drafts] SNI encryption (#795) Martin Thomson
- Re: [quicwg/base-drafts] SNI encryption (#795) MikkelFJ
- Re: [quicwg/base-drafts] SNI encryption (#795) Martin Thomson