IETF Logo Mail Archive

Re: [TLS] Encrypted hellos (was Re: "Encrypted" SNI)

Christian Huitema <huitema@huitema.net> Sat, 13 May 2017 03:20 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E10EA12EA8C for <tls@ietfa.amsl.com>; Fri, 12 May 2017 20:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.099
X-Spam-Level:
X-Spam-Status: No, score=0.099 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0VEqvzbteUp for <tls@ietfa.amsl.com>; Fri, 12 May 2017 20:20:20 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B22201275AB for <tls@ietf.org>; Fri, 12 May 2017 20:17:51 -0700 (PDT)
Received: from xsmtp31.mail2web.com ([168.144.250.234] helo=xsmtp11.mail2web.com) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1d9NYz-0006sa-Gp for tls@ietf.org; Sat, 13 May 2017 05:17:49 +0200
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1d9NYw-0007jy-WA for tls@ietf.org; Fri, 12 May 2017 23:17:47 -0400
Received: (qmail 25325 invoked from network); 13 May 2017 03:17:46 -0000
Received: from unknown (HELO [192.168.200.68]) (Authenticated-user:_huitema@huitema.net@[72.235.151.78]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <hkario@redhat.com>; 13 May 2017 03:17:46 -0000
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <3768598.32hupQ9b2b@pintsize.usersys.redhat.com> <b117285e-4820-3ed8-9eb8-0f0d09e17f09@huitema.net> <87ziekihp6.fsf@fifthhorseman.net> <201705122258.49117.davemgarrett@gmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <156700d9-b0fa-fbee-befe-7245bc768ab5@huitema.net>
Date: Fri, 12 May 2017 20:17:45 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <201705122258.49117.davemgarrett@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: 168.144.250.234
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.26)
X-Recommended-Action: accept
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlVTHAar8Je/lORhy3PZJU8LERWeKKG4PAQY Nyavp7c49FXKwZbSflcvTu2SSy6NnOlTugiLDom8V25hond3K4RsO76XSTAwtV4mg4i2ouCDa4AU hvIWAV5xUW/+gAh4vXpFhIrfazkiIQ2S64PDBtdgRcOb18WfxGyg6Om6u4YYmyY2Uciy+YsO2eLh j7pTswg5hjoyEb9Oq0NWpyO3vrfYzS02aeiYw+GANPqwVsDMNz3dKxLhoxcmaInYbR5vlqGudzLe k2TYFBStSOMccbr5Uz0sPgnpAk2KA2vJwMd1uWhCmLzOxTAcQmFWVARhgNqBNFD3an3wiMp49rVr ybSBcKaDTe3QRRhTm1Fh3Md1t3TFgIfDMShmlQFqCr5hA8xAXSGwpLGc/Znuh3MoIpK0VTUxNuBj oncVGg5uN2OqgLbRF0J+AL6gRRwFcty0/RGJ+cv73CChOPjKA0/DVd83mzKXD5o/Ia+BqyQ7Q0nt IZ2PVtMHd8bHCmdzlxzVIEgwyGTHIAoNFX+jcW7DGmdE6eBVl9/A6GtGi+mfMSANmgQ9/T0zHbtC pLbhgZ6Z/Qhqxiuap5uKiBpffUsHYsfmrbtbs8GJuRKR6hnrta1usy6F/SOWlhnS7qkS/mOkSgD5 8bDUIriOSOQTK7vaz2jBsjp0rjSY76LAIHA6cW4Oa3gnTgPyST4gCHH+dS+0nfbQ44+/NmJ+fq0I Iixf9GclxdwDV/LdQk4Dnvnv/o4ZpIN8Tfe43vaXKX/yihCEqxIlRZaHuAWSnHeK3PdSA6Q+2n/k rhIYlNMbfS0wdTtG+6JGvz6FazW2uq9LM3++XT4UhuDAoR32cV4eNY9hrm4n
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FjkI0i31VS-FDRGuOEC03o6l_BY>
Subject: Re: [TLS] Encrypted hellos (was Re: "Encrypted" SNI)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 May 2017 03:20:27 -0000


On 5/12/2017 7:58 PM, Dave Garrett wrote:
> Encrypted SNI has been talked to death, and coming up with new schemes that warrant air quotes in the subject around "encrypted" feels like a waste of time. Wouldn't it be better to just focus on finishing the encrypt-all-the-things approach and plan out a way to distribute a host DH key (+ a few params, e.g. port(s)+protocol(s) to use with encrypted hellos) via DNS to encrypt everything straight from the ClientHello? Stick a supported_groups in there as well and we can make HRR unneeded while we're at it. This would also protect against 3rd parties attempting to fingerprint clients via ClientHello parameters. (probably a few other things that could be listed that could be helped, too)
The "server DH Key" poses a significant forward secrecy issue. Suppose
that the key is compromised. Now the secret police can find out what
nasty sites was accessed by whom. That can be plus plus not good for
said dissidents.
> Simply put, some of us were convinced a while ago that encrypted SNI isn't nearly as useful as it first seems, however fully encrypted hellos address that problem and more. I think it'd be better to work towards a more complete solution here than just worrying about SNI.
EKR did propose a TLS in TLS tunnel back in December 2015:
https://mailarchive.ietf.org/arch/msg/tls/tXvdcqnogZgqmdfCugrV8M90Ftw.
It would effectively encrypt the "inner" Client Hello.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email