Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt

Ben Schwartz <bemasc@google.com> Wed, 23 May 2018 14:38 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A207812E045 for <tls@ietfa.amsl.com>; Wed, 23 May 2018 07:38:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.21
X-Spam-Level:
X-Spam-Status: No, score=-18.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9GKeOy1-sR4I for <tls@ietfa.amsl.com>; Wed, 23 May 2018 07:38:40 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57EB912E03C for <tls@ietf.org>; Wed, 23 May 2018 07:38:40 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id f21-v6so23043684iob.13 for <tls@ietf.org>; Wed, 23 May 2018 07:38:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PbQ89LhJxT/FHO0DegaYWy/NkQGt27pdi0z5kLf0PXE=; b=arQ9/YezidSaZSA+ExEv0/Z3QmAuxhU3SnBHoPBPkASjl/Tiv/UN+EvQKv3sJ3Lvwb amZ1pmQN32QyCF8IPNteeiKaxxpDcHIvmYPHptAFfOZ1dH5AiA92EBvozzbWufBGRv1p Esth3Wno4MMlVjMG2dQrwwHe3NLsoer9L1KruGFl+bJNcleTK3/rDEbVasP2OnM76FtY 4guGgoVOBjPJyf2XxbxHJ2Om/7hD75JCblsb7vlcAc9OcjKLBA8NI4Nig0ay3duZloFa E2M90N0nTZ94tpAWvksWrbqu+dv398Gj2z18nS3ehQ8dAwFvc2bMO7PHc6Nk/CNA3NcT diaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PbQ89LhJxT/FHO0DegaYWy/NkQGt27pdi0z5kLf0PXE=; b=t8jIrCPLcA6BSob47LYbLZD5gv4x03PJH1GERy302aFDgItl8LPOqoEBydEqmRjP+l d3qNuGUrZGN04Mk1hwhS7ux7/eknMg1+AZsh6k4yR8IMpQwr9yf721+H7m8Kbzbmw64s NY5p46Kuwt03UoSejNZXOt9enz0sCyV1Ywdilb8cQKyis+Tjfn9hOJa/Zck1X6tBIan5 8S2s9d+hSRvRrxF49A4XRa/1Ugzo0rPpsom8gwn+ct/Q870Ese4euGRtOA5nTFSeHKY2 gwzcrcqNwd1pwgSszTMOhI46X5m9IVfl/6W9xLM6pqvEHmjTviEwEHbf3tDqKygascU3 T5XA==
X-Gm-Message-State: ALKqPwd8ncC3hjaMWx4n0QttTTeVK1ZgrsRaIXrbywEeDSrYjTdqkbig ZbWc+Giib8soAuQSXYnGwFx6ydF6lw2JGjA4n+NI4Pun
X-Google-Smtp-Source: ADUXVKIDEQvglTWvhZJuy/SSAbxeskPg1FfvTvRz7ojKS5vJHk6TqzvGZLh6vf130F95KBV9JHOqJ666JACyiXm8lAI=
X-Received: by 2002:a6b:a50c:: with SMTP id o12-v6mr2748899ioe.16.1527086319165; Wed, 23 May 2018 07:38:39 -0700 (PDT)
MIME-Version: 1.0
References: <152684342781.2913.14066810928653071971@ietfa.amsl.com> <f0d20cd1-136f-7c27-cad0-69c95d19ba17@huitema.net>
In-Reply-To: <f0d20cd1-136f-7c27-cad0-69c95d19ba17@huitema.net>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 23 May 2018 10:38:27 -0400
Message-ID: <CAHbrMsDFsWT4kjQv-LWq6QLgrX8SZfm7zGLoaR_NNjiGxTSkkw@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000a3da3a056ce07d3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/88mV41nKG-hvzb2ABezVIMkjGsE>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 14:38:47 -0000

Thanks for this document, Christian.  I think this is a very clear and
cogent exposition of the SNI Encryption problem.

There have been some questions about whether this SNI encryption work is in
conflict with the Alt-Svc-SNI proposal in HTTPBIS.  My view is that there
is no conflict: that proposal is HTTP-specific and does not alter TLS,
whereas this work is aimed toward TLS changes that may also conceal other
ClientHello parameters, like ALPN.