IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Yoav Nir <ynir.ietf@gmail.com> Tue, 20 May 2014 20:02 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E986F1A03C6 for <tls@ietfa.amsl.com>; Tue, 20 May 2014 13:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YlqfHk_nGk71 for <tls@ietfa.amsl.com>; Tue, 20 May 2014 13:02:21 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D94BC1A03B4 for <tls@ietf.org>; Tue, 20 May 2014 13:02:20 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id l18so1019176wgh.11 for <tls@ietf.org>; Tue, 20 May 2014 13:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=wzfxCPCzOq2YVMS7KrpTbkh6LyvJ0I47AtB1sHJmv2o=; b=ceEzcZaeqKHN5nE92ROsV/KdhtsU2TOSnCWc1FAJaBEm4us0nFdHsFFlVgStZ35nTR yuyaJGud6WEp+ERuZ6239XOqO9YvTp3/ryj4W2z6XPsaoRfyUJL4m8UvrWJfGSYR9Ufw 2QlIy1gBBupGB7gilJWJ+a5wrFhrooVQESxUCYFo6vxSv1n1AevStpal20ba+UxIenos o0qbbS9W4VH7tUyZ9NZaaTwcRWrF3QN982wQ4bSsygjPVHloN3QGUI/E6KRKaru5PAco RsP20TwttY9RZSwHH83kECiEN1WFtzAyf9r+FJvYhnxnFUfnTXG2FZZbUMd2Dr174t7t FyMw==
X-Received: by 10.194.177.131 with SMTP id cq3mr18902327wjc.23.1400616139147; Tue, 20 May 2014 13:02:19 -0700 (PDT)
Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id hr4sm19601487wjb.28.2014.05.20.13.02.17 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 20 May 2014 13:02:18 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_D6594574-D07D-4535-8303-1F6349BB60C6"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAFggDF3u1R+540x6SM3Rt5u+GNQ44ZKozCoTSU1k+XMPU9V-tQ@mail.gmail.com>
Date: Tue, 20 May 2014 23:02:15 +0300
Message-Id: <C81C96A7-0878-4C84-AB8C-CF0BF11841F2@gmail.com>
References: <0B76075A-D9F1-4780-8834-7FF0A1C82999@vigilsec.com> <20140425013239.7FE5E1ACE1@ld9781.wdf.sap.corp> <CAFggDF3u1R+540x6SM3Rt5u+GNQ44ZKozCoTSU1k+XMPU9V-tQ@mail.gmail.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/1zqBB4v6Kj-Zl22gckvuKqLSUR4
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 20:02:23 -0000

On May 20, 2014, at 8:17 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:

> On 4/25/14, Martin Rex <mrex@sap.com> wrote:
>> Russ Housley wrote:
>>>> I think Rich Salz has outlined very compelling reasons not to support
>>>> SNI.
>>> 
>>> While I might quibble with a detail here or there, I do agree with the
>>> conclusion.  If you need to protect SNI, then TOR or to a lesser extent
>>> TLS-in-TLS can be used.
>> 
>> I agree.  If you need TOR, you should use TOR.
>> 
> 
> This is curious - what specific property do you think you need from Tor?
> 
> To protect from information leaks in TLS or other protocols? If so,
> sure, use Tor.
> 
> One doesn't need the anonymity of Tor or the censorship circumvention
> of Tor per se - rather, this is basically compensating for a protocol
> that leaks plaintext information.

The requirement for encrypted SNI is very simple. I want to browse certain web sites such that if people knew I was browsing them it might get me in trouble. We all like the example of a gay teenager in Uganda, but it could just as well be an American browsing a website advocating Shari’a law for all western countries landing in a no-flight list.

Encrypting SNI would help if the “suspicious” web site is hosted by a hosting service, and there are multiple innocuous sites on the same IP address, and the traffic from the innocuous sites dominates the traffic to the server, and traffic for this site is not distinguishable by other means such as traffic analysis.  That’s a lot of ‘if’s up there, and if any of them fails, the adversary will know that I browsed the suspicious site. AFAIK Tor provides a far more robust protection of this kind of activity.

So I’m with Martin on this. If you need Tor, use Tor.

Yoav

v2.23.0 | Report a Bug | By Email