IETF Logo Mail Archive

Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3

Ralf Skyper Kaiser <skyper@thc.org> Thu, 07 November 2013 17:03 UTC

Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E3D21E81D1 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 09:03:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sgOWdh7pCWcA for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 09:03:04 -0800 (PST)
Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [IPv6:2607:f8b0:4001:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 6F48D11E821C for <tls@ietf.org>; Thu, 7 Nov 2013 09:03:02 -0800 (PST)
Received: by mail-ie0-f178.google.com with SMTP id x13so1323896ief.9 for <tls@ietf.org>; Thu, 07 Nov 2013 09:03:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=grNzsMpQ/QOXg0Z/nVWUe1e1Ohx8WRnM/aM7VrktwN4=; b=X7Pba+DF26WA2ftO3LDibwxmT6V7hTNzAzgjALN4Ke7JZGcGjsQOGpsxcvLdgltY/2 qPPrHZM1ehP3eamdnsrIIiGSNg5RvnDUQT9T+Uva/ULVjqNH63A5ik0DUCpOJR4FH6lj LrwZ7ZkCQBI+iftyfd9/pdyXuP75K38pz0lxA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=grNzsMpQ/QOXg0Z/nVWUe1e1Ohx8WRnM/aM7VrktwN4=; b=basGXahYltGM8LCxht6ETWu2MmngMrpKe1wPHdjAVAWDmgXRTH1wjkq4t2LYXtXUFm 6jJ1FgbEXo0oRyYHGGMtoYCIBY9jCzmeUMg83q2Iep5aHsKuQLNAYFa9D1D+7Ght9kTy 0ZXncrP/RE8gezS7cxJSNQPEk4EwDvhNCMETbEwHJ10JbTg+D2mEJqfEus5cpPdko/2P kosa2SAsLfKpdLcR657Rb0YqDyFoKKux/QAVxNEcA35RaJOoW4cDFMjVYUQgNDH/FsGI fwjbwG9KIXtSYdUHg6gvfk8qnqROgs7FCuR4dA4Yai5rm2HXcTxowLU94BeR1so8q8px Yt4A==
X-Gm-Message-State: ALoCoQlQrlCyMuDhAORhDUE/orzKgg5qt4XLZANKhtHRMzzzrEt9/7SQTO6WmK7PTBtYP9jVGytO
MIME-Version: 1.0
X-Received: by 10.51.16.35 with SMTP id ft3mr2754867igd.46.1383843781825; Thu, 07 Nov 2013 09:03:01 -0800 (PST)
Received: by 10.64.231.100 with HTTP; Thu, 7 Nov 2013 09:03:01 -0800 (PST)
X-Originating-IP: [70.42.240.24]
In-Reply-To: <CACsn0c=VWmsfxvE_17+FyBASUXPCNrS1FQQ02fzhF5rA6zx4wQ@mail.gmail.com>
References: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com> <CACsn0c=VWmsfxvE_17+FyBASUXPCNrS1FQQ02fzhF5rA6zx4wQ@mail.gmail.com>
Date: Thu, 07 Nov 2013 17:03:01 +0000
Message-ID: <CA+BZK2oAj6FmXTbDoY0oRHpHFVzeN-NmDJde2mJTwOzBW0CdiQ@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134bc1e0b03aa04ea993d98"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 17:03:08 -0000

On Thu, Nov 7, 2013 at 4:39 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> On Thu, Nov 7, 2013 at 8:32 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote:
> >
> >
> > 1. Meta-data is important. Meta-data tells a lot about a person.
> > Meta-data can get a user killed or worse. Transmitting the host-name
> > (meta-data) in clear in TLS is not good (as in ‘not good because it
> > can get you killed’ and there is no alternative for the user – unless
> > the user is a tech-wizard.).
> They can use Tor. They need to anyway: reverse DNS lookups are not
> rocket science.
>

[...]

>
> > There are other ways how an adversary can extract the same meta-data.
> > This should not deter us from fixing it in TLS. Maybe we will find a
> > solution for the other problems as well (like confidential DNS).
> No, the other problem is you connect to the server and ask it to show
> you a page,
> and learn what the server is. The sole exception is multihosting,
> which is getting
> less common for various reasons.
>

As a hacker I would love TLS to leak the host information. It would enable
me
to find out which user connects to admin.blubb.com and who connects just to
www.blubb.com (both domains hosted on same server).

Your comments are wrong in this scenario: Connecting to the server does not
help
the hacker to gain above information. Neither does reverse lookup.

TLS leaks it and there is no other way the hacker would get this
information if
TLS would not leak it. Transport Layer Kind-off-Security protocol is the
problem.



regards,

ralf

v2.23.0 | Report a Bug | By Email