IETF Logo Mail Archive

Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 07 November 2013 19:08 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CC0611E81B3 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 11:08:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aog+g4zUsrTR for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 11:07:55 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 4CB7411E81BD for <tls@ietf.org>; Thu, 7 Nov 2013 11:07:54 -0800 (PST)
Received: from [192.168.13.154] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 6774FF984; Thu, 7 Nov 2013 14:07:50 -0500 (EST)
Message-ID: <527BE507.6090507@fifthhorseman.net>
Date: Thu, 07 Nov 2013 14:07:51 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.0
MIME-Version: 1.0
To: mrex@sap.com, Ralf Skyper Kaiser <skyper@thc.org>
References: <20131107185957.8B48C1AA69@ld9781.wdf.sap.corp>
In-Reply-To: <20131107185957.8B48C1AA69@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 19:08:00 -0000

On 11/07/2013 01:59 PM, Martin Rex wrote:

> But you are aware that there is no such thing as a
> "confidential DNS lookup" (confidential towards whom anyways),
> so that in general, what your browser is connecting will be
> directly preceded by a cleartext DNS lookup with that very name...

Sure, but that is a bug in DNS, not a bug in TLS, and there are 
proposals (however farfetched) to work around that, like DNSCurve [0]. 
But fixing DNS leakage is out-of-scope for this working group.

Fixing TLS is in-scope, though, and TLS shouldn't leak information just 
because other related protocols also leak information.

Putting SNI info in an encrypted handshake would make that information 
unavailable to passive attackers.  Despite still being vulnerable to 
active attackers (possibly at the cost of a connection failure) this is 
a win, and if we can offer this protection in the protocol, we should.

	--dkg

[0] http://dnscurve.org/

v2.23.0 | Report a Bug | By Email