Re: [TLS] In support of encrypting SNI

[Michael Carbone <michael@accessnow.org>]

Seth Schoen writes:

>> Dan Blah writes: Many of the discussions and subsequent decisions 
>> that move forward here are incredibly important to OTF's work. As 
>> such, I wanted to toss in our support for the coming version of TLS
>> 1.3 to "Encrypt as much of the handshake as possible". This should
>> include all of the metadata and TLS-layer routing information. We
>> think by default is important for those threatened users we work
>> closely with.

> I would like to add the Electronic Frontier Foundation's support to 
> this view.  We have been learning so much recently about the privacy 
> significance of communications metadata.  At the time that many basic
> Internet protocols and mechanisms were created, the cutting edge of
> privacy was providing merely optional mechanisms to protect session
> content.

Hi folks,

Access shares this view and we would like to add our strong support with
Dan at OTF and Seth at EFF for encrypting the TLS handshake by default
in TLS 1.3 --  protecting the server certificate, a client certificate
if used, and all TLS-layer metadata/routing information, such as SNI and
ALPN.

Access is an international human rights organization that uses policy,
user engagement, and direct technical support to defend and extend the
digital rights of users at-risk around the world. The global Access
community is nearly half a million strong, and we have provided
technical support to civil society organizations and human rights
defenders in over 35 countries. This direct technical support is
provided by our digital security helpline staff to individuals and
organizations in high-risk environments, helping these targeted groups
securely host content online, mitigate digital attacks such as DDoS,
secure their communications, bypass censorship, and defend against
surveillance.

In addition to helping protect the privacy of such users from
surveillance, encrypting the TLS handshake by default would better
enable the access to otherwise censored websites and services,
especially if they are served through unblocked content delivery
networks (see the "Collateral Freedom" report for further details on
this particular access strategy). As Dan and Seth have mentioned, we
recognize that such a move will not solve all access or surveillance
problems by itself (hence DNSCrypt etc), but I hope we all recognize
that it would be a tremendous step forward in enabling users to more
securely exercise their rights online, especially those most at-risk.

For us, attempting to encrypt TLS handshakes by default is part of a
broader movement of platforms, companies, and projects to rethink the
default security position they provide users. Given the ease by which
unauthorized actors can access large amounts of personal information
without any judicial process or oversight, and the lack of awareness or
control users have in the security of their online interactions, we all
need to evaluate the ways we can make encryption more accessible and
ubiquitous for users. Our Encrypt All The Things campaign
(https://encryptallthethings.net) outlines some steps designed to ensure
a minimum level of default security for users online, and we believe
supporting the IETF in its consideration of more ubiquitous default
security for internet users fits strongly into this movement.

We hope the IETF considers the needs of at-risk users as well as of all
of us targeted by pervasive monitoring in supporting encrypted TLS
handshakes by default.

Best,
Michael

-- 
Michael Carbone
Manager of Tech Policy & Programs
Access | https://www.accessnow.org

GPG: 0x81B7A13E
Fingerprint: 25EC 1D0F 2D44 C4F4 5BEF EF83 C471 AD94 81B7 A13E