IETF Logo Mail Archive

[TLS] Tonight's Encrypted SNI Hangout Session

Bret Jordan <jordan.ietf@gmail.com> Mon, 13 November 2017 13:28 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1684C1243F3 for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 05:28:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bg02lh28E4tF for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 05:28:24 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57EB3129445 for <tls@ietf.org>; Mon, 13 Nov 2017 05:28:24 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id b5so3029249itc.3 for <tls@ietf.org>; Mon, 13 Nov 2017 05:28:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=fv1OY5YeIN8XHQgSM4My09fkR+fNRbtAOPgDaXCy01o=; b=o2LmwHclGSxxjXbvVxEpYbf8wuoQUjSQ5EtBn5qkLIolvt9kIeY66oZgTk3v8iajgi s7RsMbG7qprp6VafNHuiJ8aiSGQN3Mg/YBhvLgj/URxuY4Y8ZNTzSa/XHzxanMs44IrN jHuvtgge/nfAR/oavy22qnRUcHrWQIohutPyQNSULKEw7WSDskLr7eK1d3bLhx/bJq8T SBZJc6KUL/CiWAuCtuKHpBufQ6ZMSeAuyma0OzENoBUyqBtqBTWnQPGZ1/Qe9avLsOIF zZlABXpbiIdRg0Bq2H4GCAx1MElZSBvttK60C4Ip8pjCsyHKt6Q+qhYaftoOCNsr9x95 IoHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fv1OY5YeIN8XHQgSM4My09fkR+fNRbtAOPgDaXCy01o=; b=t6fM5q2UqUZNel3l+mCmnKIX9WSvlucj1nJT2KK1OHeX1nWKMiQaKaD3wj+MBwxD5w n7qcqpDFXqHxUGjjCZHlivaO/V/qq356UT0Z4cCAM2NXHwRH6AvZccYqhzQuWDUikA8B cQnnyAkG1+dawPxRxHJZhrLB3qHKFFnv5DxTkd3MvBMKceLfCHlCznYeaV05nn/Oj9XT g46UCNVhT4zzboDcprUwj93XHP3tiXyZIpf+cSAg4eHN+lCf+lifz3/0iC2mk2RIQp9V hctlqFk3YIifSSSbYauLd9DtFtJCT9mF/t91KGHisVUtqmGeTan8NWshEVLMEs9j5C7Y dDCg==
X-Gm-Message-State: AJaThX5lHrPJDMNL60QnlgBF4y+nQusVYfb4rX/95zURdLdhO4CL/XvI lozt941iO3xbwJ1Wt6zA2r1au+f/6/ZeJkmSi5wdOA==
X-Google-Smtp-Source: AGs4zMYOq3kXT+DGiPjIIrnANqXnEgg5EgWNyql2AbAwsxnkriC1wFJNL79rhrfEsard7uWPvK2RpivlrPYGkRG2DOY=
X-Received: by 10.36.250.72 with SMTP id v69mr4713647ith.120.1510579703600; Mon, 13 Nov 2017 05:28:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.47.141 with HTTP; Mon, 13 Nov 2017 05:28:23 -0800 (PST)
From: Bret Jordan <jordan.ietf@gmail.com>
Date: Mon, 13 Nov 2017 21:28:23 +0800
Message-ID: <CAPCpN4t4m9M6u=E29u=TQnBScjRTfA91K9pdyPG3nvyi+GHC3w@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c030cc8a35b9d055ddd3ebf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BArXwayBFZ4qobvhqJ9Cj7nqfmQ>
Subject: [TLS] Tonight's Encrypted SNI Hangout Session
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 13:35:17 -0000

All,

We had a great turnout tonight for the encrypted SNI hangout session.
Everyone seemed open and willing to work together to understand the
complexities that sit before us. Several interesting and important views
were expressed, and I feel that the meeting was ultimately a success. In
fact, I believe we should do more hangout sessions like this.

Take aways from the meeting:
1) We are starting to understand the problem that we are trying to solve

2) We need to ensure that any potential solution will in fact solve the
problems as we understand it and not make the problem worse

3) We need to compile a list of use cases and scenarios in a draft document
that talk about how the SNI (for good or for bad) is being used today and
what an encrypted SNI will mean for these use cases.

4) We need to make sure we get feedback and information from at least the
telco sector, large enterprise, financial sector, and the health care
sector.


I believe this information will help us better understand both sides of the
issue, shed light in to what it will mean, help us define the "why" we are
doing this, and ultimately feed and foster a better technological solution.
If you have or know of scenarios or use-cases where the SNI is being used
by network operators, system administrators, security engineers, products,
etc, please send them to me so I can start compiling them in to a draft
document.

Side question, it feels like this effort could represent a lot of work and
require a lot of dedicated cycles. Does it make sense to continue this
effort inside of the TLS WG?  If it does, will the WG give us the time,
mindshare, and cycles to focus on it (just asking the hard question)?

Once again, thanks all for attending the session tonight.

Bret

-- 

Sent from my TI-99/4A

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

v2.23.0 | Report a Bug | By Email