IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Yoav Nir <ynir.ietf@gmail.com> Mon, 14 April 2014 21:40 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C662E1A075F for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 14:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pW5cyg-iDlcr for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 14:40:14 -0700 (PDT)
Received: from mail-ee0-x236.google.com (mail-ee0-x236.google.com [IPv6:2a00:1450:4013:c00::236]) by ietfa.amsl.com (Postfix) with ESMTP id 64BE91A0755 for <tls@ietf.org>; Mon, 14 Apr 2014 14:40:14 -0700 (PDT)
Received: by mail-ee0-f54.google.com with SMTP id d49so7080005eek.13 for <tls@ietf.org>; Mon, 14 Apr 2014 14:40:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=nQjofRyRRoIT7/xCk3mp8Y0+Lk3Rop7BKHiLCc3XImA=; b=odm0E8te+pyfDVfZ1wqilMYgqKKUvW9EBwZVSnjOIQQtOyZxODYS6UjLDQJuonT5WQ EDtQj7E3Ks1sShepqpJyB4dk0+oxXC8TWipM4ryNYo5saPPBzNsuRM78cMdTGyIHd3Hz TeNkY81xbq2StcSR7Yr9uh95zLUGIVuiiaO/vN4lbqQgtWEWdskJ8N/KkvGvG6r8e3FJ y1b8RGK5q7GfK1fJY7HI7HN0kuO87zGHj5RGgYnNlEok6HBROvA4qMtc/s4yuFAmz9PQ QcSWdp7MlCD9eVWjtI2JgJJDY3vWXgkV0u1sMyrFKzCWvWVgw7kMryKUPWG+06m/QRJK wSxw==
X-Received: by 10.14.99.68 with SMTP id w44mr5428525eef.82.1397511611318; Mon, 14 Apr 2014 14:40:11 -0700 (PDT)
Received: from [192.168.1.101] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id t44sm44102876eeo.6.2014.04.14.14.40.09 for <tls@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Apr 2014 14:40:10 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <474FAE5F-DE7D-4140-931E-409325168487@akamai.com>
Date: Tue, 15 Apr 2014 00:40:08 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8XNkPUva_ySdLqQd4b7AyWxbnJg
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 21:40:17 -0000

Hi

While I understand dkg’s argument for privacy in accessing sites on shared hosting, I don’t find that argument compelling.

What both web hosting providers and CDNs offer is not server name privacy. What they sell is cost reduction (because getting however many 9s they give you on your own servers would be way more expensive), and CDNs add reduced latency to that. Tacking on a security feature onto somebody else’s cost-cutting feature is not likely to provide good security (or privacy).

Hiding the SNI only helps if the same IP address has multiple properties, and access to those properties cannot be distinguished except by looking at the SNI. Suppose for example that the one “subversive” site on a server has a landing page with a certain size for the main HTML resource. Assuming everyone who lands there fetches the HTML page and none of the other sites has a landing page of the same size, you can pretty much find these people by traffic analysis. The hosting providers or CDNs will have to actively help make the sites resistant to identification through traffic analysis, and that is expensive to do and it is not what they’re selling. 

On balance, I think hiding SNI offers very little for the trouble it would take to make it happen. Perhaps a better privacy option would be to avoid sending SNI and then have the server demux based on an HTTP Host header. You will need some mechanism to associate the certificate that you’re getting with the property, and a DANE record might be able to help there.

Yoav

v2.23.0 | Report a Bug | By Email