IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Marsh Ray <maray@microsoft.com> Mon, 12 May 2014 18:26 UTC

Return-Path: <maray@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E7C01A077D for <tls@ietfa.amsl.com>; Mon, 12 May 2014 11:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A5DAYn2bQE1T for <tls@ietfa.amsl.com>; Mon, 12 May 2014 11:26:18 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0144.outbound.protection.outlook.com [207.46.163.144]) by ietfa.amsl.com (Postfix) with ESMTP id 3811A1A0727 for <tls@ietf.org>; Mon, 12 May 2014 11:26:15 -0700 (PDT)
Received: from BY2PR03MB554.namprd03.prod.outlook.com (10.141.141.156) by BY2PR03MB556.namprd03.prod.outlook.com (10.141.142.145) with Microsoft SMTP Server (TLS) id 15.0.939.12; Mon, 12 May 2014 18:26:08 +0000
Received: from BY2PR03MB554.namprd03.prod.outlook.com ([10.141.141.156]) by BY2PR03MB554.namprd03.prod.outlook.com ([10.141.141.156]) with mapi id 15.00.0939.000; Mon, 12 May 2014 18:26:08 +0000
From: Marsh Ray <maray@microsoft.com>
To: David Holmes <d.holmes@f5.com>, Eric Rescorla <ekr@rtfm.com>, Brian Sniffen <bsniffen@akamai.com>
Thread-Topic: [TLS] About encrypting SNI
Thread-Index: Ac9SbYXhdiDYEiy3R5ypSW7DwlHnYAFrg7cAAAF5JoAAAihjAAAEDgQAAAduIoAABKNTgAAjtNIAAAtlDQAAFRL3gAABWWmAAABDDoAACPT9gAAAc8kAAA/5B4AAAMGRAAAVQESAAANUywAAA59MgAAAme4AAAaECQAAALFTAATkec2AAABi72A=
Date: Mon, 12 May 2014 18:26:08 +0000
Message-ID: <26ad05857efc44758420e30fdeee5f4d@BY2PR03MB554.namprd03.prod.outlook.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <534DB18A.4060408@mit.edu> <CABcZeBOJ7k8Hb9QqCAxJ_uev9g_cb4j361dp7ANvnhOOKsT7NA@mail.gmail.com> <CA+cU71kFo6EihTVUrRRtBYEHbZwCa9nZo-awt4Sub2qXcKHC7g@mail.gmail.com> <m2k3apmjk2.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CALCETrU6zn52yX=Q-_h4epR6W9+f2oTr3yfyK1sxiwGa2dvWGw@mail.gmail.com> <CAKC-DJgNvF=hhwoyRNkJ3vKz9EZ_JpoM84bCip6eProLwsQsEg@mail.gmail.com> <CALCETrWY_-N+nM9N0_gbeffkX5Jo8vn7XKeFCezGiwq2A74Wjw@mail.gmail.com> <CAKC-DJg6kRLezM+Q60VLY=dBU9C_Q9hb_0u7WD-HHWVJ5Y6tRQ@mail.gmail.com> <CALCETrX7Dv9_+uM7VqotHGurS+k6K5wKzeXEj7zuekd8+0qOJQ@mail.gmail.com> <566E6D8E-ACD5-4B21-9586-84C149F6A1B9@akamai.com> <CALCETrUi+fc9LW1iqx0bFuAsgygmeorR9AnzLN+abGx08y152A@mail.gmail.com> <5204AB60-0B32-4953-9D3D-C2756883D39D@akamai.com> <CALCETrXOaNihRRNQ3RQsctbipAGq67cSUofOm0AOb-YWENFFwQ@mail.gmail.com> <m238hblob1.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CABcZeBN0i9Su1SuY6AZE7MBbPEPXRKAVQ1k7b+vOJKfpPEw3Ww@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA9037D56@SEAEMBX02.olympus.F5Net.com>
In-Reply-To: <859F43324A6FEC448BFEA30C90405FA9037D56@SEAEMBX02.olympus.F5Net.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::2]
x-forefront-prvs: 0209425D0A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(189002)(199002)(51704005)(31966008)(81342001)(21056001)(81542001)(64706001)(74502001)(86362001)(20776003)(76482001)(19580405001)(83322001)(77982001)(74662001)(101416001)(77096999)(85852003)(54356999)(4396001)(92566001)(76176999)(2656002)(87936001)(83072002)(74316001)(50986999)(46102001)(99286001)(79102001)(33646001)(80022001)(19580395003)(99396002)(76576001)(3826001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB556; H:BY2PR03MB554.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=maray@microsoft.com;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6JdPq_8L4YelAIwVSVx7ACeses4
Cc: "tls@ietf.org" <tls@ietf.org>, Andy Lutomirski <luto@amacapital.net>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 18:26:26 -0000

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of David Holmes
> ➢ so a server under load can, in the initial opportunistic encryption phase, push back to a client and ask for a puzzle to be solved?
>
> I was describing this idea to a colleague, and the first thing he
> said was "could you have the client mine some bitcoin for you? As a show of good faith?"

Even better, ask the client to perform some computation which will usefully offload work from the server somehow.

E.g., a ridiculous naïve strawman idea would be for the client to perform the server-side modular exponentiation needed for another client's DHE connection. Obviously this would not be secure, but perhaps some 21st century cryptosystem could do it securely. Nevertheless, there would still be issues about reliability and latency.

- Marsh
------------------------
My own personal opinions, boilerplate disclaimers apply.

v2.23.0 | Report a Bug | By Email