Re: [saag] Ubiquitous Encryption: content filtering
Tom Ritter <tom@ritter.vg> Tue, 23 June 2015 04:44 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D2A61A0275 for <saag@ietfa.amsl.com>; Mon, 22 Jun 2015 21:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MBDxZhmv2E6 for <saag@ietfa.amsl.com>; Mon, 22 Jun 2015 21:44:31 -0700 (PDT)
Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 159B51A0270 for <saag@ietf.org>; Mon, 22 Jun 2015 21:44:31 -0700 (PDT)
Received: by qged89 with SMTP id d89so60051046qge.0 for <saag@ietf.org>; Mon, 22 Jun 2015 21:44:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/7dOzq8qQK9ZXrj+AoTMNeSBsyndAmhYaqJQc3D5r+M=; b=U2Zmk/nsQMpN0GcmZNUQvJJWLtRpTo0nCYueOtagVswNDwU15eKmXL5982/BenqjWK 3I8T/E6IV/1dhbiwn4axsHG5gpkgaNnA7/IpYwOlTqcdPyTwg2Azek1a1sfaETONE+VY joTd4PKYQ/425Cmx/0HEi9V0CpDolFk/Bl4JQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=/7dOzq8qQK9ZXrj+AoTMNeSBsyndAmhYaqJQc3D5r+M=; b=W9pnnkzCPrHTjz4FyGcN0n7rOYNSRVNTtc12UqvsUTbtCoCiyMJGKFkIZvFQ/n43O/ Tpx6q+VJBGQaqmu6fKKoI6dV5Wl9gtAUYuvl7n1R2DPyBXVcT412mSEclbWqM2mMwFGD WUcsa9gSaFeDhHNssaY4tjyqO34pL1vxfd8WjE/F/pFTC37KxaLWGS6jOcT7Ay37Ix9h xPCSNTt38X9lK7p9u1CoNK7e/dG4z+/CGyQ40eTXrvG7m9+9pb/rwN2BOWavkyfGhsGx lKoZT042KKj/lLfSXoYCG7ACdYU7jSuNdQROWbFdLrlVV+SbovQKLzlewvq3MmX/Lmgq iSGA==
X-Gm-Message-State: ALoCoQlO7hi+UJz0OOb04oqAy79aOxkwD4jHqXmXEqrTvG4gOwC/RtRarOXy2yKlqVap65KS5ZPu
X-Received: by 10.55.56.213 with SMTP id f204mr69622899qka.78.1435034670308; Mon, 22 Jun 2015 21:44:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.51.103 with HTTP; Mon, 22 Jun 2015 21:44:10 -0700 (PDT)
In-Reply-To: <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <99DC814A-2B7D-4802-A1C7-399E77F37BD7@gsma.com> <CABtrr-U9kLfq4GQbWSgPN=wCD=Cdi0uQ+bQqXj35j+PFtuE8Pg@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F108E070156@VOEXM17W.internal.vodafone.com> <55844743.4030300@cs.tcd.ie> <55886F38.4030906@bbn.com> <20150622211207.GM6117@localhost> <DM2PR0301MB06554ECDB1166C32CF70366CA8A10@DM2PR0301MB0655.namprd03.prod.outlook.com>
From: Tom Ritter <tom@ritter.vg>
Date: Mon, 22 Jun 2015 23:44:10 -0500
Message-ID: <CA+cU71ksYZpzg_7jX1xz3aqg-ZVMC-22hCevATrgmHj3h5bVrA@mail.gmail.com>
To: Christian Huitema <huitema@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/fORXJzQyKDupKPRuteW9v6WeQlM>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] Ubiquitous Encryption: content filtering
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 04:44:32 -0000
On 22 June 2015 at 16:24, Christian Huitema <huitema@microsoft.com> wrote: > If the site used a shared address, then the TLS packets contain a clear text SNI, and firewall magic could drop these connections. > > I am not very happy about the clear text SNI, but it does not seem to be going away any time soon. Many of us aren't, as it's been used at the nation level for censorship. We're working on TLS 1.3, and our hope now is that it will have the capability to do encrypted SNI through the use of pre-shared keys provided over (e.g.) DNS or a prior connection. DNS leaks it also, but it's already possible to configure a local unbound instance to talk to a remote resolver over TLS; so that protocol a way forward for DNS Privacy (which is also being worked on) that already has some running code. -tom
- [saag] Ubiquitous Encryption: content filtering Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Smith, Kevin, (R&D) Vodafone Group
- Re: [saag] Ubiquitous Encryption: content filteri… Joseph Lorenzo Hall
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Farrell
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Christian Huitema
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Ted Hardie
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Randy Bush
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Yoav Nir
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Stephen Kent
- Re: [saag] Ubiquitous Encryption: content filteri… Nico Williams
- Re: [saag] Ubiquitous Encryption: content filteri… Phillip Hallam-Baker
- Re: [saag] Ubiquitous Encryption: content filteri… Tom Ritter
- Re: [saag] Ubiquitous Encryption: content filteri… Natasha Rooney
- Re: [saag] Ubiquitous Encryption: content filteri… Kathleen Moriarty