Re: [TLS] Adam Roach's Yes on draft-ietf-tls-sni-encryption-05: (with COMMENT)

Christian Huitema <huitema@huitema.net> Wed, 18 September 2019 21:10 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFE5A120052 for <tls@ietfa.amsl.com>; Wed, 18 Sep 2019 14:10:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcuMpYS5xdWk for <tls@ietfa.amsl.com>; Wed, 18 Sep 2019 14:10:26 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143671200FE for <tls@ietf.org>; Wed, 18 Sep 2019 14:10:25 -0700 (PDT)
Received: from xse240.mail2web.com ([66.113.196.240] helo=xse.mail2web.com) by mx63.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1iAhDT-00025I-9j for tls@ietf.org; Wed, 18 Sep 2019 23:10:24 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 46YXgf2YlfzP7h for <tls@ietf.org>; Wed, 18 Sep 2019 14:10:22 -0700 (PDT)
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1iAhDS-0006Q8-7b for tls@ietf.org; Wed, 18 Sep 2019 14:10:22 -0700
Received: (qmail 32530 invoked from network); 18 Sep 2019 21:10:21 -0000
Received: from unknown (HELO [192.168.200.66]) (Authenticated-user:_huitema@huitema.net@[72.235.197.82]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <tls@ietf.org>; 18 Sep 2019 21:10:21 -0000
To: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-sni-encryption@ietf.org, tls-chairs@ietf.org, tls@ietf.org
References: <156877530949.17386.10408818675097603080.idtracker@ietfa.amsl.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <c9dc7cd0-e008-3263-4bb3-8c74a1eb1474@huitema.net>
Date: Wed, 18 Sep 2019 14:10:21 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <156877530949.17386.10408818675097603080.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Originating-IP: 66.113.196.240
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.240/32
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.240/32@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: ham
X-Spampanel-Outgoing-Evidence: Combined (0.05)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0dWQ8c9lblW44odAlK6ziUapSDasLI4SayDByyq9LIhVaiYorKYn/7Dv ARa0hTDoC0TNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDoOWO0i/H75teRGzF9TgV+efH zJ6mVE7ewsipSVIfs4ZfQedmIgcRzvVndWKJvi62gyWFxOA5dILPypvKxNVhWQwOVcNrdpWfEYrY fLBY3+cNeCzkayK9X+vYtyDmRenUmdySlZou9qHIGOZDEEo7O2nS6C1mWTD2n8BB0gTSSfCrE2rb Hpkagd3yMuHMqQJIX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8SnwqlUrBK2R/GBg9vCpMGFHw53FxnHnL50HZvyS1o3x98IkV0bm2vWdo8usP65i82q1C dZgGrpL44wdx9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3fuQgzT3K9JUHTNiGwfwAm/WxnoDhSIwu dyqaU1JgcKMOW4CkjtZBB9EE1lU6QPXuUc3+A9TXbHW74ZDcQhNf+QeYUOp7A73HI6oJg7w/VodM CwE0/K0yS6CNubzqprBQrRsc+Q8R8NeLbwFtWbb+zl1677oPXF7r5zsW33ZNlioeEsGOJOKU/kLG nxJMOi7dgR5HQnz9aKh/kKqc7JL0pdQ84QG89JN6MvpNdzLqW7oUoKT1uMOAhgj4P6B0N+OTHHAS JNUmoOHSoqgqxfHmWRWcrRhLeB34s3hUb32GO+0FgKqS9fO0LOOKGQNJzO5V08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9TASzes4YQAyGOIGtQdf4wAV_PE>
Subject: Re: [TLS] Adam Roach's Yes on draft-ietf-tls-sni-encryption-05: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 21:10:29 -0000

Thanks, Adam

I appreciate the feedback, and in fact I need to apologize. We have a
new version of the draft ready at
https://github.com/tlswg/sniencryption, which takes into account the
comments received before Saturday 15, but does not take into account the
latest round of comments from Alissa, Éric and Roman. It resolves almost
all the nits that many of you have noticed. I probably hesitated too
long before publishing a new version of the draft. I knew the ballot was
in progress, and I was trying to not force everybody to read the draft a
second time. Also, I was concerned that comments would keep coming as
long as the ballot progressed, and I kind of hoped resolving all of them
before cutting a new version. But then, several of you end up stumbling
on the same issues that are already fixed in the editor copy. My bad.

At that point, I could either publish a new draft version right know, or
wait a couple of days and address the last comments. I wonder what is
best for the IESG members. Any opinion?

-- Christian Huitema



On 9/17/2019 7:55 PM, Adam Roach via Datatracker wrote:
> Adam Roach has entered the following ballot position for
> draft-ietf-tls-sni-encryption-05: Yes
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> Thanks to everyone who worked on this. It seems that it will be a useful
> tool for evaluating potential solutions.
>
> ---------------------------------------------------------------------------
>
> §3.1:
>
>>  Regardless of the encryption used,
>>  these designs can be broken by a simple replay attack, which works as
>>  follow:
> Nit: "...as follows:"
>
> ---------------------------------------------------------------------------
>
> §3.6:
>
>>  These solutions offer more protection against a Man-In-The-
>>  Middle attack by the fronting service.  The downside is the the
>>  client will not verify the identity of the fronting service with
>>  risks discussed in , but solutions will have to mitigate this risks.
> This final sentence appears to be missing some kind of citation before the
> comma.
>
> ---------------------------------------------------------------------------
>
> §3.6:
>
>>  Adversaries can also attempt to hijack the traffic to the
>>  regular fronting server, using for example spoofed DNS responses or
>>  spoofed IP level routing, combined with a spoofed certificate.
> It's a bit unclear why this is described as part of the injection of
> a third party into the scenario. As far as I understand, the described
> attack exists today, in the absence of any SNI encrypting schemes.
> If there's a new twist introduced by a multi-party security context,
> the current text doesn't seem to explain what it is.
>
> ---------------------------------------------------------------------------
>
> §3.7:
>
>>  Multiple other applications currently use TLS, including for example
>>  SMTP [RFC5246], DNS [RFC7858], or XMPP [RFC7590].
> Nit: "...including, for example, SMTP..."
> Nit: "...and XMPP..."
>
>>  These applications
>>  too will benefit of SNI encryption.  HTTP only methods like those
>>  described in Section 4.1 would not apply there.
> Nit: "...benefit from SNI..."
> Nit: "HTTP-only..."
>
> ---------------------------------------------------------------------------
>
> §4.2:
>
>>  This requires a
>>  controlled way to indicate which fronting ferver is acceptable by the
>>  hidden service.
> Nit: "...server..."
>
> ---------------------------------------------------------------------------
>
> §7:
>
>>  Thanks to Stephen Farrell, Martin Rex Martin Thomson
>>  and employees of the UK National Cyber Security Centre for their
>>  reviews.
> I think you're missing a comma between the two Martins.
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls