Re: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS

Paul Wouters <paul@nohats.ca> Tue, 25 August 2015 01:56 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E2AD1AD0A7 for <tls@ietfa.amsl.com>; Mon, 24 Aug 2015 18:56:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IhVIn6RL6ID6 for <tls@ietfa.amsl.com>; Mon, 24 Aug 2015 18:56:56 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA0A01AD0A5 for <tls@ietf.org>; Mon, 24 Aug 2015 18:56:56 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3n0YN64fT2z8t for <tls@ietf.org>; Tue, 25 Aug 2015 03:56:54 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=APpWO4/d
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id STfPb1Foary3 for <tls@ietf.org>; Tue, 25 Aug 2015 03:56:52 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <tls@ietf.org>; Tue, 25 Aug 2015 03:56:52 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id E4F528009D for <tls@ietf.org>; Mon, 24 Aug 2015 21:56:50 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1440467810; bh=vOxh37OLO1Bt1Py4utiXezRTNa5aiaWbs205BJx/J3c=; h=Date:From:To:Subject:In-Reply-To:References; b=APpWO4/dxyYFo7/KODNK+wn4OI/fxdipMT/EkzgM36k17G7pCvMCxDa4/ae1mAEMP vyMsJZRdwnA/gTS2U6dvqlWVLbtj9lrN5vr2Pu2oIc/tRbnwcUkm5Kt+tBAyQY2nm6 +hVe6Vd8UL9nTKwWHdyXMiyWPU0xjGjnQvBjMJJI=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.2/8.15.2/Submit) with ESMTP id t7P1uoQe009977 for <tls@ietf.org>; Mon, 24 Aug 2015 21:56:50 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 24 Aug 2015 21:56:50 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: tls@ietf.org
In-Reply-To: <20150825011913.GR9021@mournblade.imrryr.org>
Message-ID: <alpine.LFD.2.20.1508242155120.6928@bofh.nohats.ca>
References: <CAL6x8mchyh2Qpqcd5Rv-rXgZ+1_CAbV7vkib+-yU4DEDFx82Yg@mail.gmail.com> <CABcZeBNP8SZeWWVj4_fGxZm-SvYG-cmtQoJ1xBaLLWsLKsNc4Q@mail.gmail.com> <alpine.LFD.2.20.1508241730590.31517@bofh.nohats.ca> <20150825011913.GR9021@mournblade.imrryr.org>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EJcTOLvqvdgqTc-xVwhhD43M1rg>
Subject: Re: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 01:56:58 -0000

On Tue, 25 Aug 2015, Viktor Dukhovni wrote:

>> Not having read the TLS 1.3 draft, in IKE parties can send a hash of the
>> CAs they trust, so unless you receive a hash of a known CA to you, you
>> can withold your own certificate from being sent.
>>
>> Is a similar mechanism not planned for TLS 1.3?
>
> This would break DANE, unless the mechanism also allowed the client
> to send a TLSA RRset instead, with the server then needing code to
> figure out which chains match which TLSA RRs.  This is I think too
> complex.

If you publish your public key in DNS you would also just always
send your public key over TLS. There is no privacy issue there,
so no reason to withhold it.

Paul