Re: [TLS] ESNI padding the Certificate message
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 13 December 2018 16:02 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5ED128CFD for <tls@ietfa.amsl.com>; Thu, 13 Dec 2018 08:02:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zvbfh5NzvwWV for <tls@ietfa.amsl.com>; Thu, 13 Dec 2018 08:02:56 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 406091271FF for <tls@ietf.org>; Thu, 13 Dec 2018 08:02:56 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 80780AE0B6; Thu, 13 Dec 2018 11:02:54 -0500 (EST)
Date: Thu, 13 Dec 2018 11:02:54 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20181213160254.GJ79754@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <876187a2-df66-2eb0-5a55-b6e67cf668f6@cs.tcd.ie> <B3D20A93-3332-4541-8108-E4EFB08FBF6F@dukhovni.org> <CABcZeBM+ekw7xSzbz6Kh4aRbWXpy5f1U-iUu8W1fDKjVuUJ+3A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBM+ekw7xSzbz6Kh4aRbWXpy5f1U-iUu8W1fDKjVuUJ+3A@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Dno_l0vZv0kE4-ZJ0ekVl1imP-U>
Subject: Re: [TLS] ESNI padding the Certificate message
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 16:02:59 -0000
On Thu, Dec 13, 2018 at 07:51:17AM -0800, Eric Rescorla wrote: > Random padding does poorly with repeated trials. So, for instance, > if I get to observe a large number of requests from the same client > to the same server, you can gradually infer the length of the cert > chain. Yes, I was aware of this. But one might also note that may services are not behind a CDN, and that data traffic patterns after the handshake can also fingerprint the target service. Session resumption helps to reduce the number of full handshakes that leak some information about the certificate size. Users who really want (better) protection against traffic analysis should use Tor. TLS traffic analysis protection from ESNI et. al. is IMHO best-effort protection for casual use. If a user visits just one site (and no others) at a particular CDN, absent traffic flow obfuscation ala Tor, the user's TLS traffic will eventually stand out from the noise. -- Viktor.
- [TLS] ESNI padding the Certificate message Stephen Farrell
- Re: [TLS] ESNI padding the Certificate message Matt Caswell
- Re: [TLS] ESNI padding the Certificate message Stephen Farrell
- Re: [TLS] ESNI padding the Certificate message Eric Rescorla
- Re: [TLS] ESNI padding the Certificate message Viktor Dukhovni
- Re: [TLS] ESNI padding the Certificate message Eric Rescorla
- Re: [TLS] ESNI padding the Certificate message Viktor Dukhovni
- Re: [TLS] ESNI padding the Certificate message Eric Rescorla
- Re: [TLS] ESNI padding the Certificate message David Fifield
- Re: [TLS] ESNI padding the Certificate message Stephen Farrell