Re: [TLS] About encrypting SNI
Eric Rescorla <ekr@rtfm.com> Tue, 15 April 2014 18:28 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0149A1A0330 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 11:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qu6MHJffPsNL for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 11:27:55 -0700 (PDT)
Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDE61A0772 for <tls@ietf.org>; Tue, 15 Apr 2014 11:27:55 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id d1so202877wiv.13 for <tls@ietf.org>; Tue, 15 Apr 2014 11:27:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=fy6eU9/MuRTL/9HffBoHVslvMPXnJu0WoBroqKwqnxw=; b=GOwDjW1VljDcBNfLUuPckvhDCUzdyxdoSE6NHOjVps6VjT0fjdNKvJIze4nueqH/OP zWJaJU7KJlzzULu9zp8eFjV4rlKkvg6ph02Og4LafnO/8QBckJwww5lk0KEPQaaTvf4A 2K1hohnhX2/+zxZxLkpaeJHdgF95M1UcKLB+v6ht9aEdK2F09nBwPPkunSeIJHmNSdKI QNbGLKNMmR1EybWlktQUCRpLePKkeQQ1ZkWHOPYPAtY3ATXKuBk1ynJfVgztAhrLVeV0 vnpQfxO/0olM4wSXVCBQIEeZ1w6HIC9Ayg0GiD3OL15/lvQm7OGR2B3wSEG7Xh9sNWB4 ww0w==
X-Gm-Message-State: ALoCoQmllnwO8F+0zaMVxm/nLolocxshSsmcaPsr3hID5hETQvDXT3hf3CM3bA7sbs6VYB7TKBPc
X-Received: by 10.180.81.228 with SMTP id d4mr15525634wiy.49.1397586471939; Tue, 15 Apr 2014 11:27:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Tue, 15 Apr 2014 11:27:11 -0700 (PDT)
X-Originating-IP: [63.245.221.34]
In-Reply-To: <CABcZeBNUdCvPnPJBfMRTie+y9+Gn+HHZO6vueUAhBngWbwA=BA@mail.gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490291@USMBX1.msg.corp.akamai.com> <A4745833-76B0-45C3-B926-B240602F2289@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B4902B5@USMBX1.msg.corp.akamai.com> <CABcZeBOL62uRa+OM0Q2gf=PpJKjBJNHCSm-Gui24H3Ldy_J+1w@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B4903F3@USMBX1.msg.corp.akamai.com> <CABcZeBNUdCvPnPJBfMRTie+y9+Gn+HHZO6vueUAhBngWbwA=BA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 15 Apr 2014 11:27:11 -0700
Message-ID: <CABcZeBO9yi9Z-8L6OeC1EeH6dXF36xoUUE5GtwKpUSuoYBqjcg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="f46d043bdb0e3438fa04f718f57d"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5HyZebrv0OhcydhssWOzy2hmWNk
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 18:28:00 -0000
On Tue, Apr 15, 2014 at 10:01 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > Obviously this requires messing with DNS to provide confidentiality and > secure > delegation, but we would need confidentiality in any case, and secure > delegation > is mostly a matter of working out the record semantics once you've solved > the > big problem of securing the DNS. [0] > Martin Thomson pointed out to me offline that this sort of conflates two forms of DNS security: 1. End-to-end resolution security (e.g., DNSSEC or something like DNSCurve where there is a chain of delegations all the way down to the leaf node). 2. Client-to resolver security (e.g., DNScrypt or where the attacker is not on-path to your resolver but is on-path to the server) where you hope that your activities are hidden by DNS caching. Clearly, this proposal will only work when integrity is provided down the entire chain, although it might work if there was DNSSEC + client-to-resolver confidentiality. However, note that: (a) IETF is just starting to look at standardizing DNS encryption (b) the existing DNS encryption systems have seen limited deployment (c) most of the problems with DNSSEC deployment have to do with intermediate elements which would either block DNS encryption or (alternately) could use DNS encryption to bypass the intermediary messing with the DNSSEC records Given these issues, it still seems like it's at least plausible to consider DNS integrity a prerequisite here. -Ekr I only just wrote this down, so maybe it's totally messed up, but it seems > like a > natural extension of Rich's idea. What do people think? > > -Ekr > > > > [0] Note: I'm not saying this is solved since DNSSEC deployment isn't good > right now, but if it's not solved then SNI encryption doesn't buy us much. > > > > > > > > >> >> >> /r$ >> >> >> >> -- >> >> Principal Security Engineer >> >> Akamai Technology >> >> Cambridge, MA >> >> >> > >
- [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Martin Thomson
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Watson Ladd
- Re: [TLS] About encrypting SNI Russ Housley
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Alyssa Rowan
- Re: [TLS] About encrypting SNI Nick Mathewson
- Re: [TLS] About encrypting SNI Daniel Kahn Gillmor
- Re: [TLS] About encrypting SNI Sniffen, Brian
- Re: [TLS] About encrypting SNI Yoav Nir
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Seth David Schoen
- Re: [TLS] About encrypting SNI Nico Williams
- Re: [TLS] About encrypting SNI Watson Ladd
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Yoav Nir
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Watson Ladd
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Alyssa Rowan
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Martin Rex
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Tom Ritter
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Watson Ladd
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Sniffen, Brian
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Alyssa Rowan
- Re: [TLS] About encrypting SNI Michael D'Errico
- Re: [TLS] About encrypting SNI James Cloos
- Re: [TLS] About encrypting SNI Jacob Appelbaum
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Erik Nygren
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Jacob Appelbaum
- [TLS] Forged RST (was: About encrypting SNI) Alyssa Rowan
- Re: [TLS] Forged RST (was: About encrypting SNI) Eric Rescorla
- Re: [TLS] About encrypting SNI Paul Lambert
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Erik Nygren
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] Forged RST (was: About encrypting SNI) Yoav Nir
- Re: [TLS] About encrypting SNI Sniffen, Brian
- Re: [TLS] Forged RST (was: About encrypting SNI) Erik Nygren
- Re: [TLS] About encrypting SNI James Cloos
- Re: [TLS] Forged RST Stephen Farrell
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] Forged RST (was: About encrypting SNI) Nico Williams
- Re: [TLS] About encrypting SNI Erik Nygren
- Re: [TLS] About encrypting SNI Sniffen, Brian
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Martin Thomson
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Eric Rescorla
- Re: [TLS] About encrypting SNI Sniffen, Brian
- Re: [TLS] About encrypting SNI Erik Nygren
- Re: [TLS] Forged RST (was: About encrypting SNI) Bill Frantz
- Re: [TLS] Forged RST (was: About encrypting SNI) Yoav Nir
- Re: [TLS] Forged RST (was: About encrypting SNI) Bill Frantz
- Re: [TLS] Forged RST (was: About encrypting SNI) Eric Rescorla
- Re: [TLS] Forged RST (was: About encrypting SNI) Watson Ladd
- Re: [TLS] Forged RST (was: About encrypting SNI) Eric Rescorla
- Re: [TLS] About encrypting SNI Marsh Ray
- Re: [TLS] About encrypting SNI Martin Rex
- Re: [TLS] About encrypting SNI David Holmes
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Marsh Ray
- Re: [TLS] About encrypting SNI Marsh Ray
- Re: [TLS] About encrypting SNI Nico Williams
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI Michael D'Errico
- Re: [TLS] About encrypting SNI Watson Ladd
- Re: [TLS] About encrypting SNI Erik Nygren
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Daniel Kahn Gillmor
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI - Traffic Analysis… Michael StJohns
- Re: [TLS] About encrypting SNI - Traffic Analysis… Nico Williams
- Re: [TLS] About encrypting SNI - Traffic Analysis… Stephen Farrell
- Re: [TLS] About encrypting SNI - Traffic Analysis… Martin Rex
- Re: [TLS] About encrypting SNI Nikos Mavrogiannopoulos
- Re: [TLS] About encrypting SNI Salz, Rich
- Re: [TLS] About encrypting SNI Stephen Farrell
- Re: [TLS] About encrypting SNI Andy Lutomirski
- Re: [TLS] About encrypting SNI - Traffic Analysis… Martin Thomson
- Re: [TLS] About encrypting SNI - Traffic Analysis… Tom Ritter
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Fabrice
- Re: [TLS] About encrypting SNI Jacob Appelbaum
- Re: [TLS] About encrypting SNI Paul Lambert
- Re: [TLS] About encrypting SNI Yoav Nir
- Re: [TLS] About encrypting SNI Daniel Kahn Gillmor
- Re: [TLS] About encrypting SNI Tim Bray
- Re: [TLS] About encrypting SNI Jacob Appelbaum
- Re: [TLS] About encrypting SNI Paul Hoffman
- Re: [TLS] About encrypting SNI Viktor Dukhovni
- Re: [TLS] About encrypting SNI Brian Sniffen
- Re: [TLS] About encrypting SNI Yoav Nir