IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Andy Lutomirski <luto@amacapital.net> Tue, 13 May 2014 00:46 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 259631A0382 for <tls@ietfa.amsl.com>; Mon, 12 May 2014 17:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xa05v7ic06tZ for <tls@ietfa.amsl.com>; Mon, 12 May 2014 17:45:58 -0700 (PDT)
Received: from mail-ve0-f174.google.com (mail-ve0-f174.google.com [209.85.128.174]) by ietfa.amsl.com (Postfix) with ESMTP id DBA3F1A037F for <tls@ietf.org>; Mon, 12 May 2014 17:45:57 -0700 (PDT)
Received: by mail-ve0-f174.google.com with SMTP id jw12so9697553veb.5 for <tls@ietf.org>; Mon, 12 May 2014 17:45:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=UjdXezuQAHUK6cu1J0T7mcaQl3HU+jmEmnt4M8sBopk=; b=aeUZcExzaIy9umkjnbk4USY++ClK9ukZhsd22xaUJfwMD454SBL6bXuSvq1J+OjIx+ 4Zq0Bwe/d2JZNYLl5o1swDg476ayv+rAIgWpVh4/VdRk+wLoWBXIhnosHp8dqsHYNZDa gnf3wgTnpN64oll1XqJsLDz6+vqTi3rTtECLN4EbzlfgJzrcjegUUOG5So6R1SuS30kh sVimKYF3qYO8ww+u2s6w3hZEtXSQBtUXXlJtw6x9ZiwjSrpqQ/AaFX3sYrof9GoGEU1/ PeE72vgelqh2E9Xlq+7VzILzOGeApkCEmMnaIKrJyj9ki69Px3T7O52gtnA7wfRQAyAE DtQQ==
X-Gm-Message-State: ALoCoQmaHnoyzLG8lc9RuNRafAxApc/WxhFWq7xTZ5MF3TmkP7ZX14ZVHrvLD5VTmzWAWGbVFbX7
X-Received: by 10.58.107.65 with SMTP id ha1mr26184497veb.1.1399941950793; Mon, 12 May 2014 17:45:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.246.39 with HTTP; Mon, 12 May 2014 17:45:30 -0700 (PDT)
In-Reply-To: <CAK3OfOi1x9huaazwcO=d72mfOFuV_RyXnfHmFRduhhbJE2miYw@mail.gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <534DB18A.4060408@mit.edu> <CABcZeBOJ7k8Hb9QqCAxJ_uev9g_cb4j361dp7ANvnhOOKsT7NA@mail.gmail.com> <CA+cU71kFo6EihTVUrRRtBYEHbZwCa9nZo-awt4Sub2qXcKHC7g@mail.gmail.com> <CAK3OfOi1x9huaazwcO=d72mfOFuV_RyXnfHmFRduhhbJE2miYw@mail.gmail.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Mon, 12 May 2014 17:45:30 -0700
Message-ID: <CALCETrWukS2QJSb01n7OpXD2iaK43OhZr4E8YZyJ6JaorCdBKw@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/GObKZKDp-eiExbkG8WsPCbeSBes
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 00:46:00 -0000

On Mon, May 12, 2014 at 5:38 PM, Nico Williams <nico@cryptonector.com> wrote:
> On Wed, Apr 16, 2014 at 8:53 AM, Tom Ritter <tom@ritter.vg> wrote:
>> ....But... There once was a thing called DNSSEC Stapled Certs
>> (https://www.imperialviolet.org/2011/06/16/dnssecchrome.html) where a
>> SSL certificate had a chain of DNSSEC signatures in it, validating it
>> via DANE (or at that time, a DANE-like mechanism.)  It violates a
>
> I've been thinking of this for a while...
>
>> layering principal that people hold dearly, shoving DNS information in
>> other corners it shouldn't be.  But I think it would be necessary for
>> the wildcard approach to be reliable for clients like browsers.
>
> Layers aren't pure though.  Some things show through the various
> layers' interfaces, sometimes several layers through.
>
> For example, many apps have to deal with all of DNS and TCP/IP, with
> IP addresses and TCP port numbers used together in socket APIs.  It
> might have been a lot better if the sockets APIs had deal with
> hostnames from the start, but here we are.  Abstractions are leaky.
>
> Now in this case I think saving a client a number of DNSSEC lookups
> could be convenient.  We should -of course- make sure that this works
> out securely -- we don't want to end up with a cache poisoning attack
> here.

I think that we could get a lot of mileage out of the idea of having
some kind of DNSSEC-backed service binding.  There are all kinds of
interesting fields we could stick in there if we had such a thing and,
if we do it right, clients that can't read the service binding would
just fall back to normal (plaintext SNI, PKIX) TLS.

I'm planning on talking about this at the meeting this week.

--Andy

v2.23.0 | Report a Bug | By Email