[TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS
"Viktor S. Wold Eide" <viktor.s.wold.eide@gmail.com> Mon, 24 August 2015 20:57 UTC
Return-Path: <viktor.s.wold.eide@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1181A8766 for <tls@ietfa.amsl.com>; Mon, 24 Aug 2015 13:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmqji1Er2D0I for <tls@ietfa.amsl.com>; Mon, 24 Aug 2015 13:57:34 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4B061A1C02 for <TLS@ietf.org>; Mon, 24 Aug 2015 13:57:33 -0700 (PDT)
Received: by iods203 with SMTP id s203so163920004iod.0 for <TLS@ietf.org>; Mon, 24 Aug 2015 13:57:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=DSvw1o/mVWQRYM2xgkz20CJAzB0qfFt0NP6dWT6HmTY=; b=pOXNWxkFZMKSwFjTODoQSjJrvfjUqXPTG1PIF5Ad4RYXg105Zbkk+fBXZi1bKIqPPD EZnK8bUZP+JKNG4Zw/MKy7KR9Skp6tZIrIrUGLd2gwtceoMTOhKC2W9J+b3xqKsq++jB cFNG7Of7s/+ADa9MoqA+a3LWb+oCFfURtIH93vd/egMOvKzv3iKmZeAMa3KBqs5L+fw4 TtxaR4zW3jeQW7vJh545QMgHKlYKbGhhqYrgS5hCGsLJYUTk7zECnaxjLXJJdxvms2XV Ue7X+8cU2wdhG9z8jjnmP9VyWw3vz0JOBX6JeyF8k+/Bsn1c3+QaPCTWRxIYg1/RT+nv CE1g==
X-Received: by 10.107.151.194 with SMTP id z185mr21076404iod.63.1440449853215; Mon, 24 Aug 2015 13:57:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.4.210 with HTTP; Mon, 24 Aug 2015 13:56:53 -0700 (PDT)
From: "Viktor S. Wold Eide" <viktor.s.wold.eide@gmail.com>
Date: Mon, 24 Aug 2015 22:56:53 +0200
Message-ID: <CAL6x8mchyh2Qpqcd5Rv-rXgZ+1_CAbV7vkib+-yU4DEDFx82Yg@mail.gmail.com>
To: TLS@ietf.org
Content-Type: multipart/alternative; boundary="001a1140e36ad15d11051e14ddc4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/D1eMxYkWiDtztfEBU8pZEW-T5Tk>
Subject: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 21:12:25 -0000
Hi, I am looking for a way to achieve identity hiding for DTLS 1.2, which also hopefully can be used in (D)TLS 1.3, when available. >From what I understand, for (D)TLS 1.2 it would be possible to perform an anonymous unencrypted handshake and then to renegotiate the connection with authentication within the encrypted channel, e.g., according to the expired draft [1]. From the latest TLS 1.3 draft [2] it appears that renegotiation will be removed in the upcoming 1.3 version. What is likely to be the recommended way to achieve identity hiding for (D)TLS 1.3, if any? [1] Transport Layer Security (TLS) Encrypted Handshake Extension, draft-ray-tls-encrypted-handshake-00, expired in 2012 [2] The Transport Layer Security (TLS) Protocol Version 1.3, draft-ietf-tls-tls13-07 Best regards Viktor S. Wold Eide
- [TLS] Privacy considerations - identity hiding fr… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Paul Wouters
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Badra
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- Re: [TLS] Privacy considerations - identity hidin… Paul Wouters
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- Re: [TLS] Privacy considerations - identity hidin… Pascal Urien
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- [TLS] Encrypted SNI (was: Privacy considerations … Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Viktor Dukhovni
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Daniel Kahn Gillmor
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Jacob Appelbaum
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Joseph Lorenzo Hall
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Nick Mathewson
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Martin Rex
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Martin Rex
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dang, Quynh