Re: [TLS] In support of encrypting SNI
"Salz, Rich" <rsalz@akamai.com> Wed, 14 May 2014 20:35 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5491A0129 for <tls@ietfa.amsl.com>; Wed, 14 May 2014 13:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nho8iJnVLelr for <tls@ietfa.amsl.com>; Wed, 14 May 2014 13:35:11 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 8B8951A00AE for <tls@ietf.org>; Wed, 14 May 2014 13:35:11 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 32E5D28137; Wed, 14 May 2014 20:35:04 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 5788528465; Wed, 14 May 2014 20:35:03 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub6.kendall.corp.akamai.com [172.27.105.22]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id E33612026; Wed, 14 May 2014 20:35:02 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.79]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Wed, 14 May 2014 16:35:02 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Dan Blah <dan@blah.is>, ietf tls <tls@ietf.org>
Date: Wed, 14 May 2014 16:35:01 -0400
Thread-Topic: [TLS] In support of encrypting SNI
Thread-Index: Ac9vrADfZ3N25646TKauUy41u37QwgAB2pDQ
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7130ABEA846@USMBX1.msg.corp.akamai.com>
References: <5373C4F3.3010602@blah.is>
In-Reply-To: <5373C4F3.3010602@blah.is>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/CtfWAfs6gxCg-wNSzJdshpk3228
Subject: Re: [TLS] In support of encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 20:35:13 -0000
Dan, thanks for writing the passionate and detailed note. > . Surely any crucial increase of free expression we here can give others out weighs technicalities. I just want to let you know that, somewhat sadly, I disagree with the quoted sentence, and I'm not alone. (Even the author of the "it's an attack" RFC has said that barring good technical solutions we're unlikely to do it.) Encrypting the handshake will not prevent passive surveillance. From a technical view, it's not clear it provides enough privacy to justify the non-inconsiderable costs. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rsalz@jabber.me; Twitter: RichSalz
- [TLS] In support of encrypting SNI Dan Blah
- Re: [TLS] In support of encrypting SNI Salz, Rich
- Re: [TLS] In support of encrypting SNI Seth David Schoen
- Re: [TLS] In support of encrypting SNI Stephen Farrell
- Re: [TLS] In support of encrypting SNI Watson Ladd
- Re: [TLS] In support of encrypting SNI Michael Carbone
- Re: [TLS] In support of encrypting SNI Fabrice
- Re: [TLS] In support of encrypting SNI Christian Huitema
- Re: [TLS] In support of encrypting SNI Daniel Kahn Gillmor
- Re: [TLS] In support of encrypting SNI Robert Ransom
- Re: [TLS] In support of encrypting SNI Stephen Farrell
- Re: [TLS] In support of encrypting SNI Marsh Ray
- Re: [TLS] In support of encrypting SNI Watson Ladd
- Re: [TLS] In support of encrypting SNI Martin Rex
- Re: [TLS] In support of encrypting SNI Watson Ladd
- Re: [TLS] In support of encrypting SNI Martin Rex
- Re: [TLS] In support of encrypting SNI (off-topic) S Moonesamy
- Re: [TLS] In support of encrypting SNI (off-topic) Michael Carbone
- Re: [TLS] In support of encrypting SNI (off-topic) S Moonesamy