IETF Logo Mail Archive

Re: [TLS] In support of encrypting SNI

"Christian Huitema" <huitema@huitema.net> Thu, 15 May 2014 06:30 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 989421A03DC for <tls@ietfa.amsl.com>; Wed, 14 May 2014 23:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yo52b88PfM0x for <tls@ietfa.amsl.com>; Wed, 14 May 2014 23:30:18 -0700 (PDT)
Received: from xsmtp04.mail2web.com (xsmtp04.mail2web.com [168.144.250.231]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA941A03DD for <tls@ietf.org>; Wed, 14 May 2014 23:30:18 -0700 (PDT)
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1WkpBB-0003vc-S2 for tls@ietf.org; Thu, 15 May 2014 02:30:10 -0400
Received: (qmail 12631 invoked from network); 15 May 2014 06:30:08 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <fabrice.gautier@gmail.com>; 15 May 2014 06:30:08 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Fabrice' <fabrice.gautier@gmail.com>, 'Watson Ladd' <watsonbladd@gmail.com>
References: <5373C4F3.3010602@blah.is> <5373d656.84c5440a.1a9b.25a0SMTPIN_ADDED_BROKEN@mx.google.com> <CACsn0cmOcJF=VmCD-=1iNg=gP+THU2ZBXn_wtPOWRhaG-BeQMg@mail.gmail.com> <498BFB9F-EF8D-48E2-92A9-4287491FB9B7@gmail.com>
In-Reply-To: <498BFB9F-EF8D-48E2-92A9-4287491FB9B7@gmail.com>
Date: Wed, 14 May 2014 23:30:04 -0700
Message-ID: <04d201cf7007$1c24ced0$546e6c70$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQKg8SzXu2Eac0zVv95W4046OeJi6wIjRBBYAlsl78cAmpui1Jl1Y0sg
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8Jm4eUCGB-4uK4tUZZooG2ljfeQ
Cc: 'ietf tls' <tls@ietf.org>
Subject: Re: [TLS] In support of encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 06:30:20 -0000

> If a comprehensive solution to the surveillance problem also involve
changes to
> plug leaks by DNS, wouldn't it be reasonable that the TLS portion of the
solution
> depends on the DNS bits being deployed as well?

This is a bit close to the "your side of the boat is leaking more than mine"
argument. Let's plug both leaks, and not have each wait for the other.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email