IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Eric Rescorla <ekr@rtfm.com> Tue, 15 April 2014 18:28 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0149A1A0330 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 11:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qu6MHJffPsNL for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 11:27:55 -0700 (PDT)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDE61A0772 for <tls@ietf.org>; Tue, 15 Apr 2014 11:27:55 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id d1so202877wiv.13 for <tls@ietf.org>; Tue, 15 Apr 2014 11:27:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=fy6eU9/MuRTL/9HffBoHVslvMPXnJu0WoBroqKwqnxw=; b=GOwDjW1VljDcBNfLUuPckvhDCUzdyxdoSE6NHOjVps6VjT0fjdNKvJIze4nueqH/OP zWJaJU7KJlzzULu9zp8eFjV4rlKkvg6ph02Og4LafnO/8QBckJwww5lk0KEPQaaTvf4A 2K1hohnhX2/+zxZxLkpaeJHdgF95M1UcKLB+v6ht9aEdK2F09nBwPPkunSeIJHmNSdKI QNbGLKNMmR1EybWlktQUCRpLePKkeQQ1ZkWHOPYPAtY3ATXKuBk1ynJfVgztAhrLVeV0 vnpQfxO/0olM4wSXVCBQIEeZ1w6HIC9Ayg0GiD3OL15/lvQm7OGR2B3wSEG7Xh9sNWB4 ww0w==
X-Gm-Message-State: ALoCoQmllnwO8F+0zaMVxm/nLolocxshSsmcaPsr3hID5hETQvDXT3hf3CM3bA7sbs6VYB7TKBPc
X-Received: by 10.180.81.228 with SMTP id d4mr15525634wiy.49.1397586471939; Tue, 15 Apr 2014 11:27:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Tue, 15 Apr 2014 11:27:11 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <CABcZeBNUdCvPnPJBfMRTie+y9+Gn+HHZO6vueUAhBngWbwA=BA@mail.gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490291@USMBX1.msg.corp.akamai.com> <A4745833-76B0-45C3-B926-B240602F2289@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B4902B5@USMBX1.msg.corp.akamai.com> <CABcZeBOL62uRa+OM0Q2gf=PpJKjBJNHCSm-Gui24H3Ldy_J+1w@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B4903F3@USMBX1.msg.corp.akamai.com> <CABcZeBNUdCvPnPJBfMRTie+y9+Gn+HHZO6vueUAhBngWbwA=BA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 15 Apr 2014 11:27:11 -0700
Message-ID: <CABcZeBO9yi9Z-8L6OeC1EeH6dXF36xoUUE5GtwKpUSuoYBqjcg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="f46d043bdb0e3438fa04f718f57d"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5HyZebrv0OhcydhssWOzy2hmWNk
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 18:28:00 -0000

On Tue, Apr 15, 2014 at 10:01 AM, Eric Rescorla <ekr@rtfm.com> wrote:
>
> Obviously this requires messing with DNS to provide confidentiality and
> secure
> delegation, but we would need confidentiality in any case, and secure
> delegation
> is mostly a matter of working out the record semantics once you've solved
> the
> big problem of securing the DNS. [0]
>

Martin Thomson pointed out to me offline that this sort of conflates two
forms of DNS security:

1. End-to-end resolution security (e.g., DNSSEC or something like DNSCurve
    where there is a chain of delegations all the way down to the leaf
node).
2. Client-to resolver security (e.g., DNScrypt or where the attacker is
     not on-path to your resolver but is on-path to the server) where you
hope
     that your activities are hidden by DNS caching.

Clearly, this proposal will only work when integrity is provided down the
entire
chain, although it might work if there was DNSSEC + client-to-resolver
confidentiality. However, note that:

(a) IETF is just starting to look at standardizing DNS encryption
(b) the existing DNS encryption systems have seen limited deployment
(c) most of the problems with DNSSEC deployment have to do with
intermediate elements which would either block DNS encryption
or (alternately) could use DNS encryption to bypass the intermediary
messing with the DNSSEC records

Given these issues, it still seems like it's at least plausible to consider
DNS
integrity a prerequisite here.

-Ekr





I only just wrote this down, so maybe it's totally messed up, but it seems
> like a
> natural extension of Rich's idea. What do people think?
>
> -Ekr
>
>
>
> [0] Note: I'm not saying this is solved since DNSSEC deployment isn't good
> right now, but if it's not solved then SNI encryption doesn't buy us much.
>
>
>
>
>
>
>
>
>>
>>
>>                 /r$
>>
>>
>>
>> --
>>
>> Principal Security Engineer
>>
>> Akamai Technology
>>
>> Cambridge, MA
>>
>>
>>
>
>

v2.23.0 | Report a Bug | By Email