Re: [TLS] Server Name Indication (SNI) in an IPv6 world?

Matt McCutchen <> Wed, 27 October 2010 02:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3A0113A6825 for <>; Tue, 26 Oct 2010 19:14:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mTddRwV6O90P for <>; Tue, 26 Oct 2010 19:14:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 101913A6907 for <>; Tue, 26 Oct 2010 19:14:37 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id A8EDD25C06A; Tue, 26 Oct 2010 19:16:25 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s=; b=c9Yahoc4YjwIU2HEMZuKi4OjcLexS01f0s8A0+HhcR7 sxL3t6ZcI6mYcHRHzQJpjsMsYSv177tIQfC1VL/7FXVrynvtpe4j8Oy1ZxcLCTIb y4lNT6tUbu6LzGqaUMVzDYPoC2bHrxeifjy4AdQVCmxgL/ziK4srY+NhuL348YeU =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s=; bh=Oh5Rx71ej5keCIrolZsJ6lodb2c=; b=Q6+3+emAlz xRpb7I4KvWTj+5D1BNaTzObJS5gARRXEgdyjTE/rSvX8SxhZTG03ijYflxZKRcU+ COTjEKCwW7PGAkJhezA5WrB9bti2nMYX3q7siX0naCc8FfAO+DsutVM7HzydrRMI AaCwIX1okkBwxatAjcaqzeEn7nka/fglM=
Received: from [] (unknown []) (Authenticated sender: by (Postfix) with ESMTPA id 5952F25C064; Tue, 26 Oct 2010 19:16:25 -0700 (PDT)
From: Matt McCutchen <>
To: =JeffH <>
In-Reply-To: <>
References: <>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 26 Oct 2010 22:16:20 -0400
Message-ID: <1288145780.6053.50.camel@mattlaptop2.local>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.4
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Server Name Indication (SNI) in an IPv6 world?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Oct 2010 02:14:45 -0000

On Tue, 2010-10-26 at 16:35 -0700, =JeffH wrote: 
> What do folks think, will the TLS SNI extension still be employed as much in 
> the IPv6 world as it is in the IPv4 world?
> The question stems from the simple observation (on some folks' part) of the 
> IPv6 world ostensibly having multitudinous addresses available, hence instead 
> of virtual-hosting via one IPv4-addressed entity (and employing SNI in order to 
> properly have a cert per virtual host, rather than one cert with a mutitude of 
> subjectAltName:dNSNames), one can instead just multi-home such hosting entities 
> with an IPv6 addr per virtual host.

SNI has another potential application to provide TLS-level protection
against connection redirection to a server that has a certificate for
the requested host name but does not wish to actually serve it.

For example, the web server has a certificate
valid for *  Presumably the admin
team trusts that server, but they still need to make sure it won't
unintentionally serve content to a client that
wanted if an attacker redirects the connection.
The server can reject connections with a server_name extension other
than (note that the server_name is integrity
protected as part of the handshake).  Some application protocols have
similar mechanisms, such as the HTTP Host header, that can be checked as
a fallback.  Connections that don't specify the desired host name via
either SNI or an application-level mechanism will be vulnerable unless
the server is willing to refuse all such connections.

Incidentally, it looks like does not check
either SNI or the HTTP Host header.  I made a connection and indicated in both places and it happily served me wrong
content.  I will file a ticket.