IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Brian Sniffen <bsniffen@akamai.com> Thu, 15 May 2014 15:05 UTC

Return-Path: <bsniffen@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E101A02A5 for <tls@ietfa.amsl.com>; Thu, 15 May 2014 08:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtgdpknAlOxI for <tls@ietfa.amsl.com>; Thu, 15 May 2014 08:05:51 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id 974EF1A029B for <tls@ietf.org>; Thu, 15 May 2014 08:05:51 -0700 (PDT)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 53E3D4820D; Thu, 15 May 2014 15:05:44 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (unknown [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 47E57481DB; Thu, 15 May 2014 15:05:44 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub4.kendall.corp.akamai.com [172.27.105.20]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 20BDC1E041; Thu, 15 May 2014 15:05:44 +0000 (GMT)
Received: from Tereva.local (172.19.115.218) by USMA1EX-CASHUB4.kendall.corp.akamai.com (172.27.105.20) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 15 May 2014 11:05:43 -0400
From: Brian Sniffen <bsniffen@akamai.com>
To: Marsh Ray <maray@microsoft.com>, David Holmes <d.holmes@f5.com>, Eric Rescorla <ekr@rtfm.com>
In-Reply-To: <15d5a50ed2244e8595edfa57d7055e2b@BY2PR03MB554.namprd03.prod.outlook.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <534DB18A.4060408@mit.edu> <CABcZeBOJ7k8Hb9QqCAxJ_uev9g_cb4j361dp7ANvnhOOKsT7NA@mail.gmail.com> <CA+cU71kFo6EihTVUrRRtBYEHbZwCa9nZo-awt4Sub2qXcKHC7g@mail.gmail.com> <m2k3apmjk2.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CALCETrU6zn52yX=Q-_h4epR6W9+f2oTr3yfyK1sxiwGa2dvWGw@mail.gmail.com> <CAKC-DJgNvF=hhwoyRNkJ3vKz9EZ_JpoM84bCip6eProLwsQsEg@mail.gmail.com> <CALCETrWY_-N+nM9N0_gbeffkX5Jo8vn7XKeFCezGiwq2A74Wjw@mail.gmail.com> <CAKC-DJg6kRLezM+Q60VLY=dBU9C_Q9hb_0u7WD-HHWVJ5Y6tRQ@mail.gmail.com> <CALCETrX7Dv9_+uM7VqotHGurS+k6K5wKzeXEj7zuekd8+0qOJQ@mail.gmail.com> <566E6D8E-ACD5-4B21-9586-84C149F6A1B9@akamai.com> <CALCETrUi+fc9LW1iqx0bFuAsgygmeorR9AnzLN+abGx08y152A@mail.gmail.com> <5204AB60-0B32-4953-9D3D-C2756883D39D@akamai.com> <CALCETrXOaNihRRNQ3RQsctbipAGq67cSUofOm0AOb-YWENFFwQ@mail.gmail.com> <m238hblob1.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CABcZeBN0i9Su1SuY6AZE7MBbPEPXRKAVQ1k7b+vOJKfpPEw3Ww@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA9037D56@SEAEMBX02.olympus.F5Net.com> <m2lhu6kgb9.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <15d5a50ed2244e8595edfa57d7055e2b@BY2PR03MB554.namprd03.prod.outlook.com>
User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-apple-darwin12.4.0)
Date: Thu, 15 May 2014 09:05:45 -0600
Message-ID: <m2siobhyk6.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-owI5UTShjbCdyw2njJnSXoTtIk
Cc: "tls@ietf.org" <tls@ietf.org>, Andy Lutomirski <luto@amacapital.net>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 15:05:53 -0000

Marsh Ray <maray@microsoft.com> writes:

> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Brian Sniffen
>>
>> Bitcoin's also hard to check: if the client says it found no bitcoin in a
>> particular region, how do you know?  And a whole bitcoin's too
>> much to ask.
>> 
>> An identity scheme tied to giving away bitcoin---much like a credit
>> rating ties to many transactions profitable for the counterparty---
>> has a lot in its favor.  It would make a great (research) extension
>> on top of TLS 1.3, and I hope that any puzzle mechanism will be
>> flexible enough to support that.
>
> Years back, Microsoft was looking into a proof-of-work scheme for antispam sender-pays email.
> http://research.microsoft.com/en-us/projects/pennyblack/

Thanks!  I hadn't remembered the name, but that work was surely on my
mind as I wrote.

> One challenge is that botnets (that are conduits for most of the spam) also have plenty of spare CPU capacity.

Yes, but each bad node's CPU capacity only outstrips many good node's
capacities by a little bit---compared to network bandwidth, where very
often botnets outstrip good nodes' capacity by orders of magnitude.  Of
course the bad nodes will beat out cell phone CPUs; a client puzzle
scheme has to be about, in some part, "acceptable losses."  If we can
drop new mobile nodes and the botnet, but keep service up for (say)
established connections and "real" computers, that may be okay.

-Brian

-- 
Brian Sniffen
Information Security
Akamai Technologies

v2.23.0 | Report a Bug | By Email