Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3

mrex@sap.com (Martin Rex) Fri, 08 November 2013 12:32 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1BD611E8147 for <tls@ietfa.amsl.com>; Fri, 8 Nov 2013 04:32:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.157
X-Spam-Level:
X-Spam-Status: No, score=-10.157 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUKkveXBp+XB for <tls@ietfa.amsl.com>; Fri, 8 Nov 2013 04:32:01 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id E652D21E80BB for <tls@ietf.org>; Fri, 8 Nov 2013 04:31:57 -0800 (PST)
Received: from mail06.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id rA8CVmpA024000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 8 Nov 2013 13:31:48 +0100 (MET)
In-Reply-To: <68078EDD-F924-4AA5-A605-E7B688509EE3@checkpoint.com>
To: Yoav Nir <ynir@checkpoint.com>
Date: Fri, 08 Nov 2013 13:31:48 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20131108123148.AFCC01AA70@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 12:32:06 -0000

Yoav Nir wrote:
> 
> With SNI is it currently stands, the site you are looking for is sent in
> the clear. If we keep the choose-certificate functionality in 1.3, we
> still leave it exposed in either the SNI or in the certificate that the
> server sends. A generic certificate is the only one that hides what the
> client is browsing.

Unless you go down the Tor path in its entirety, the site you're
accessing will be fairly close to always trivially distinguishable
by simple traffic analysis (sizes,amount and frequency of requests).

Next protocol will regularly suffer from the very same problem,
characteristic/distinct traffic patterns.

-Martin