Re: [quicwg/base-drafts] SIN requirement (#794)
hardie <notifications@github.com> Mon, 25 September 2017 22:51 UTC
Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8841D1345E0 for <quic-issues@ietfa.amsl.com>; Mon, 25 Sep 2017 15:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UsPN438dqi7o for <quic-issues@ietfa.amsl.com>; Mon, 25 Sep 2017 15:51:05 -0700 (PDT)
Received: from o10.sgmail.github.com (o10.sgmail.github.com [167.89.101.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F70B1345DF for <quic-issues@ietf.org>; Mon, 25 Sep 2017 15:51:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Iklg6p9BEron74Fdi0531UeiL00=; b=D4/F7MApGiEBZ5aQ 40AqWQDmoRUiVngVonI4/LSqYAAZ+t6tGcxTg8jMMODyjXkGlMyjD0Omax8CT9ri nHrAJMFo5AUR1Q0UivofikbO0h00HLBW5PLYAgPzeP9PPiIojDnnpNIECwa3V6Z3 ACbD29qbibiD/Ba8M6Cj2bjtE1I=
Received: by filter0514p1mdw1.sendgrid.net with SMTP id filter0514p1mdw1-13312-59C9883F-F 2017-09-25 22:50:39.196188103 +0000 UTC
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0016p1iad2.sendgrid.net (SG) with ESMTP id CLOyBRHWSNmXJETwQO4JDw for <quic-issues@ietf.org>; Mon, 25 Sep 2017 22:50:39.114 +0000 (UTC)
Date: Mon, 25 Sep 2017 22:50:39 +0000
From: hardie <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab3e2d13e08666e39bbd6b00a3be206e956411cdd592cf0000000115e14a3f92a169ce0f85e734@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/794/332036205@github.com>
In-Reply-To: <quicwg/base-drafts/issues/794@github.com>
References: <quicwg/base-drafts/issues/794@github.com>
Subject: Re: [quicwg/base-drafts] SIN requirement (#794)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59c9883ff192_6d93fb072b0af8810933d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: hardie
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak0he9BMMYgnOkk7IqGzvK5b7PhdfLIVntILr3 IY7Sy3br49EylpAO3CrAYW5FDyHrGaOi2tkdFmtATBSK0a92BgAZhmEfXqF4wIhVZv4KbbU5sJ5JLB ryntjqdLYEYikYBfjBPBEytGFVZIX7thq2SsywtCfKFWvfP5ojBzokrWpQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/dM6U418pYEgQUnJ4dhBw4CplDJE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2017 22:51:07 -0000
On Mon, Sep 25, 2017 at 3:25 PM, Igor Lubashev <notifications@github.com> wrote: > Per @martinthomson <https://github.com/martinthomson> in #495 > <https://github.com/quicwg/base-drafts/issues/495>, SNI is currently not > required to be used in QUIC, while it is required to be used in HTTP/2. TLS > 1.3 requires SNI to be implemented but apparently does not require it be to > used. > > This is a proposal to require SNI for QUIC. > > The main reason for this is the scarcity of IPv4 addresses. As long as > something is not required, someone will not implement it. As long as there > are enough clients that do not use SNI, virtual service providers will > continue to require a large number of IPv4 addresses. Since IPv4 address > conservation is currently a high priority for the Internet, QUIC should > strongly encourage (or, better, require) technologies that further this > conservation goal. > > Nit: I believe you mean to require SNI, not SIN, though no doubt we'll get the latter some way or another. Substantive: I believe that if we require SNI, we require some method of preserving the privacy of that SNI. I'm not sure that the TLS in TLS tunneling solution for encrypted SNI that https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00 puts forward is as neat in the QUIC case. If the fronting server isn't a QUIC service but is purely a TLS-in-TLS tunneling proxy, then it probably works as described. But if it is both a QUIC service and fronting for other QUIC-in-TLS-in-TLS services, then I think we need to carefully work through how the second aspects fits in with other QUIC assumptions about where the transport/application boundary fits. I think the dual service is something that we need to consider for some of the same reasons set out in sni-encyption-00 regarding replay attacks: if at attacker connecting to a fronting service doesn't connect to a hidden service behind it and thus gets a "blank service", it will make the server stand out as a fronting server. To avoid that, I suspect folks would like to present servers that are both fronting services and servers for an existing application protocol. > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > <https://github.com/quicwg/base-drafts/issues/794>, or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABVb5MQtFXGsG_sBF9SbxmdC55nGWG2aks5smChQgaJpZM4PjbM9> > . > -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/794#issuecomment-332036205
- [quicwg/base-drafts] SIN requirement (#794) Igor Lubashev
- Re: [quicwg/base-drafts] SIN requirement (#794) hardie
- Re: [quicwg/base-drafts] SIN requirement (#794) Martin Thomson
- Re: [quicwg/base-drafts] SNI requirement (#794) Igor Lubashev
- Re: [quicwg/base-drafts] SNI requirement for HTTP… Igor Lubashev
- Re: [quicwg/base-drafts] SNI requirement for HTTP… Mike Bishop
- Re: [quicwg/base-drafts] SNI requirement for HTTP… Mike Bishop
- Re: [quicwg/base-drafts] SNI requirement for HTTP… Jacob
- Re: [quicwg/base-drafts] SNI requirement for HTTP… Lucas Pardue