[TLS] Network Tokens I-D and TLS / ESNI

Yiannis Yiakoumis <yiannis@selfienetworks.com> Thu, 25 June 2020 20:29 UTC

Return-Path: <yiannis@selfienetworks.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625323A0FF7 for <tls@ietfa.amsl.com>; Thu, 25 Jun 2020 13:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=selfienetworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDMITe_yK10V for <tls@ietfa.amsl.com>; Thu, 25 Jun 2020 13:29:29 -0700 (PDT)
Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEF993A0F56 for <tls@ietf.org>; Thu, 25 Jun 2020 13:29:28 -0700 (PDT)
Received: by mail-vs1-xe33.google.com with SMTP id e15so4304750vsc.7 for <tls@ietf.org>; Thu, 25 Jun 2020 13:29:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfienetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to; bh=RLxmzLaG8mKow+IApNGl0Ad/kjaxMNzgnqDtxgGnegs=; b=qI0XOpaW8uUw/C5ggt1uYonhD/IqXumLfPt1ce2rvb+8z05K7zrMGxER9Ps9c0k4iI wBVrWo/gwpdtR54L4qiudC0Ehoo9B0SZgCGU/znkzWhKg4u64UW7DJDlL74n8npv4m6o JVXVXIkddQmYN5KTxx+8eERAdXnZ2liEEwCPGg9vHjE+Z9T/khLFcUxUZEONoU74FcH/ UrPCBmD8X8P3GSktOH9nVcFoi5rmRwRTqNd+hbEbMP+1oDjWl5zcA30zMptWA6G/Vxll V5dFsG0X+MlHkD11QfEH9n+F6ZPl3RWfTYcDpGG87OXJDtUcvzckW6ZaMAv7iqG5EISP vsVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=RLxmzLaG8mKow+IApNGl0Ad/kjaxMNzgnqDtxgGnegs=; b=MC1MwStejwCA4KPTWdFRem3qCIzqhDR1Wh1OzY8GDb5xGifuqG9CbIrm1dF3dkFs5q Nu0Zuo0yxVNFGb4aQiK/GCsHqKOyStnk4+zMIOit3kTrWTfT1HwCuMVi5r0u0DZxmTsh CfZTjTZP6mcoVpw9aDzgpuURwljikPoRQq1SGbmXe3BLq4FeEHF6s6VtLPCeZHgjrqyB d99mQCgZdWEFczZtXTT0gaDVgfVFLCH1hwzPUnLTho2scF9iNmZ6Yysj6xhIzNQNGbF0 TI+rgRjdvg7Y5lwthU2uGVIux9QCqTHseAnhxIY+USguA0QtfqR+k6nP3xlG1ywSVa/1 iCCA==
X-Gm-Message-State: AOAM532KSydtbFsS2X80o7bmnMFXXU95oPjHdtPpxXX/35rZ0Y+eEZSe TUcNNBhvQ+9o4YgxbGdA/S0mmVs4CmY=
X-Google-Smtp-Source: ABdhPJwqRaRwGRRRJaBigNNI3YTFGal0VrCIGZa9ANAoa48vMCN3WE4kICzy8u25nM8FUyvzLqjmqQ==
X-Received: by 2002:a67:efd2:: with SMTP id s18mr8282463vsp.129.1593116967350; Thu, 25 Jun 2020 13:29:27 -0700 (PDT)
Received: from localhost (0.92.231.35.bc.googleusercontent.com. [35.231.92.0]) by smtp.gmail.com with ESMTPSA id d3sm2211240vko.51.2020.06.25.13.29.27 for <tls@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 25 Jun 2020 13:29:27 -0700 (PDT)
Mime-Version: 1.0
X-Superhuman-ID: kbv8p2nq.aff97c29-172a-4561-abff-1bd6d6c99274
Date: Thu, 25 Jun 2020 20:29:26 +0000
Message-ID: <kbsy4785.3cb5b3af-12b1-4d09-9944-6e4e487b103d@we.are.superhuman.com>
X-Mailer: Superhuman Desktop (2020-06-25T18:26:57Z)
X-Superhuman-Draft-ID: draft00b88c146cdc92dd
X-Superhuman-Thread-ID: draft001206cc1f7ffca3
From: "Yiannis Yiakoumis" <yiannis@selfienetworks.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=3e2d6228006edcdcbf3c41ee0ad58b4ead692f243030f1ecd1d75f04d2c1
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GMnfsz-CeRU1S-pwXAaG4OZ9Uj4>
Subject: [TLS] Network Tokens I-D and TLS / ESNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2020 20:29:31 -0000

Hi all,

I wanted to briefly introduce network tokens ( https://networktokens.org ) into this list, how they relate with TLS and ESNI, and kindly ask anyone that is interested to share feedback and join the discussion.

Network tokens is a method for endpoints to explicitly and securely coordinate with networks about how their traffic is treated. They are inserted by endpoints in existing protocols, interpreted by trusted networks, and may be signed or encrypted to meet security and privacy requirements. Network tokens provide a means for network operators to expose datapath services (such as a zero-rating service, a user-driven QoS service, or a firewall whitelist), and for end users and application providers to access such services. Network tokens are inspired and derived by existing security tokens (like JWT and CWT), borrowing several of their security and privacy properties, and adjusting them for use in a networking context.

There are two ways that network tokens relate with TLS:

* They can support ESNI adoption: in a world where ESNI is widely adopted, network tokens can enable use cases where endpoint-network coordination is required, without having to go back to plaintext SNI that everyone can read.

* Network tokens are embedded as TLS handshake extensions (among others).

We are shooting for a BoF in November, and are very much interested into feedback around the concept, use cases, what we need to do to make network tokens adopted as a TLS handshake extension, and folks that are interested to get involved in the effort!

Links to an IETF I-D, a mailing list, and initial implementation are available at https://networktokens.org ( https://networktokens.org/ ).

Best,

Yiannis

=====================
Yiannis Yiakoumis
Co-Founder & CEO
https://selfienetworks.com | +1-650-644-7857