IETF Logo Mail Archive

Re: [TLS] In support of encrypting SNI

"Salz, Rich" <rsalz@akamai.com> Wed, 14 May 2014 20:35 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5491A0129 for <tls@ietfa.amsl.com>; Wed, 14 May 2014 13:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nho8iJnVLelr for <tls@ietfa.amsl.com>; Wed, 14 May 2014 13:35:11 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 8B8951A00AE for <tls@ietf.org>; Wed, 14 May 2014 13:35:11 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 32E5D28137; Wed, 14 May 2014 20:35:04 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 5788528465; Wed, 14 May 2014 20:35:03 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub6.kendall.corp.akamai.com [172.27.105.22]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id E33612026; Wed, 14 May 2014 20:35:02 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.79]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Wed, 14 May 2014 16:35:02 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Dan Blah <dan@blah.is>, ietf tls <tls@ietf.org>
Date: Wed, 14 May 2014 16:35:01 -0400
Thread-Topic: [TLS] In support of encrypting SNI
Thread-Index: Ac9vrADfZ3N25646TKauUy41u37QwgAB2pDQ
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7130ABEA846@USMBX1.msg.corp.akamai.com>
References: <5373C4F3.3010602@blah.is>
In-Reply-To: <5373C4F3.3010602@blah.is>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/CtfWAfs6gxCg-wNSzJdshpk3228
Subject: Re: [TLS] In support of encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 20:35:13 -0000

Dan, thanks for writing the passionate and detailed note.

> . Surely any crucial increase of free expression we here can give others out weighs technicalities.

I just want to let you know that, somewhat sadly, I disagree with the quoted sentence, and I'm not alone.  (Even the author of the "it's an attack" RFC has said that barring good technical solutions we're unlikely to do it.) Encrypting the handshake will not prevent passive surveillance. From a technical view, it's not clear it provides enough privacy to justify the non-inconsiderable costs.

	/r$
 
--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz@jabber.me; Twitter: RichSalz

v2.23.0 | Report a Bug | By Email