IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

mrex@sap.com (Martin Rex) Fri, 25 April 2014 01:32 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1441A02B9 for <tls@ietfa.amsl.com>; Thu, 24 Apr 2014 18:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIifw5cCLP7r for <tls@ietfa.amsl.com>; Thu, 24 Apr 2014 18:32:47 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 754471A0173 for <tls@ietf.org>; Thu, 24 Apr 2014 18:32:46 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s3P1WdEa026970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 25 Apr 2014 03:32:39 +0200 (MEST)
In-Reply-To: <0B76075A-D9F1-4780-8834-7FF0A1C82999@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
Date: Fri, 25 Apr 2014 03:32:39 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140425013239.7FE5E1ACE1@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-m2XsbSy6KW_btrM4OkJdEKoQAg
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Apr 2014 01:32:48 -0000

Russ Housley wrote:
> 
> > I think Rich Salz has outlined very compelling reasons not to support SNI.
> 
> While I might quibble with a detail here or there, I do agree with the
> conclusion.  If you need to protect SNI, then TOR or to a lesser extent
> TLS-in-TLS can be used.

I agree.  If you need TOR, you should use TOR.

Encrypted SNI comes at a huge cost, and could at best provide
a benefit somewhere between completely negligible and absolutely none.

Whether the service provider uses multiple services on a host at
all, is up to the service provider.

What name the service provider chooses is up to the service provider.

Whether the content of the individual hosts is (close to) 100%
distinguishable by its traffic patterns is up to the hosting provider,
the service providers, the nature of their contents and the amount
of (or lack of) cooperation/synchronization among the service providers.


It would be crazy if any of the secret three agencies would spent
a huge amount of protective efforts so that they could refer to
their "secret hideout at 17, umpteen street" under the term
"secret hideout at 17, umpteen street", instead of simply
calling it an office or a laundry, or whatever.


The server name is simply routing information.  And it is not just
load-balancers that may want to be able to use that information
without having to open/terminate/participate the TLS communication,
it's also easier and cleaner for implementations at the endpoint
to do the server-side of TLS extension SNI "outside" of the TLS stack.


-Martin

v2.37.1 | Report a Bug | By Email | System Status