Re: [TLS] Possible blocking of Encrypted SNI extension in China
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 09 August 2020 17:14 UTC
Return-Path: <prvs=54903fc4af=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDEBD3A0DA0 for <tls@ietfa.amsl.com>; Sun, 9 Aug 2020 10:14:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JmjjPrACd9GW for <tls@ietfa.amsl.com>; Sun, 9 Aug 2020 10:14:29 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BC723A0D8C for <tls@ietf.org>; Sun, 9 Aug 2020 10:14:28 -0700 (PDT)
Received: from LLE2K16-MBX04.mitll.ad.local (LLE2K16-MBX04.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id 079HENDW026842; Sun, 9 Aug 2020 13:14:23 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: David Fifield <david@bamsoftware.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Possible blocking of Encrypted SNI extension in China
Thread-Index: AQHWZo5BUbmTHXlbRU6M57VPWdb9gakgsSEAgA+KOACAABpeAA==
Date: Sun, 09 Aug 2020 17:09:49 +0000
Message-ID: <3EF34460-F688-453E-867E-9699480BD199@ll.mit.edu>
References: <20200809153526.vf5zlongieoswb22@bamsoftware.com>
In-Reply-To: <20200809153526.vf5zlongieoswb22@bamsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
Content-Type: multipart/signed; boundary="Apple-Mail-635CE843-5921-4BCB-9025-69724BD091A3"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-09_09:2020-08-06, 2020-08-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2008090132
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CYwgs21UqZC-S_MqdtYyLHEAkA0>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2020 17:14:41 -0000
I’m pretty sure your reasoning is wrong. In the ideal world, if *everybody* enabled ESNI - then *maybe* the GFW would relent. The way things are - is not smart pretending reality is not what it is. Using your terminology - better blend with the crowd, because you aren’t likely to live long enough to see the crowd change to match you. There are a lot of technical details why the whole crowd won’t change regardless of your wishes - e.g., who controls TLS implementations in various devices - but I won’t go there. Regards, Uri > On Aug 9, 2020, at 11:36, David Fifield <david@bamsoftware.com> wrote: > > On Thu, Jul 30, 2020 at 11:16:50AM -0700, Christian Huitema wrote: >> Thanks for the report. I think this relates to our ambivalence about the >> requirement for ESNI to not "stick out". That requirement is hard to >> meet, and designs have drifted towards an acceptation that it is OK to >> stick out as long as a sufficiently large share of the traffic does it. >> If that share is large, goes the reasoning, it would be too costly for >> censors to just "drop everything that looks like ESNI". Well, given >> actors like the Great Firewall, one wonders. > > There's nothing wrong with that reasoning, in my opinion. To blend in > with a crowd, you can change yourself to match the crowd; or you can > change the crowd to match yourself. My feeling is that ESNI is currently > easy to block (or to put it in terms I like, *inexpensive* to block) > because very few TLS connections use it--nothing valuable depends on it > yet. Whereas if encrypted SNI were somehow deployed suddenly and > massively such that it became a normal feature of TLS connections both > essential and inessential, it would be more difficult (read: expensive) > to block. > > After all, even the GFW is not all-powerful. Surely it would prefer to > abolish TLS altogether, but it's too late for that. At this point, > blocking TLS would cost too much--not in terms of implementing firewall > rules, but in how much essential communication it would damage. Put > another way, the GFW itself, and the people who operate/manage it, would > feel some of the pain of blocking. > > I don't mean to imply that coordinated deployment is the only path to > success, just saying that if SNI encryption were already widespread, > even an obvious tag like 0xffce would not be a useful distinguisher. And > though I find it useful to think of these things in terms of the costs > of overblocking, it's not an infallible guide. A large organization like > the GFW is made up of many conflicting motivations, and it is as prone > as any other to making bad decisions and enacting policies that are > evidently against its own interests. For that reason I believe it's > possible to reduce the risk surrounding the deployment of encrypted SNI, > but not eliminate it completely. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Possible blocking of Encrypted SNI extensio… onoketa
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Possible blocking of Encrypted SNI exte… Dmitry Belyavsky
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christopher Wood
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Salz, Rich
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Christian Huitema
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Nick Sullivan
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… Peter Gutmann
- Re: [TLS] Possible blocking of Encrypted SNI exte… Rob Sayre
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield
- Re: [TLS] Possible blocking of Encrypted SNI exte… Carrick Bartle
- Re: [TLS] Possible blocking of Encrypted SNI exte… David Fifield