Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt
Kazuho Oku <kazuhooku@gmail.com> Wed, 19 July 2017 04:50 UTC
Return-Path: <kazuhooku@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E11F12EA74 for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcROW-faYjkV for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:50:00 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4AE812EB5F for <tls@ietf.org>; Tue, 18 Jul 2017 21:49:59 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id 125so930087pgi.3 for <tls@ietf.org>; Tue, 18 Jul 2017 21:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jQh4pcl0Capv4KvrRZgrwyrQ3fPmRg8WH6CvRAxuBmk=; b=kU6XnBTk2+SmNKGbm0SW/3YEZ3y/MLhdXq79mYa/1067QJEqGA1ARKCYLf2rXmCTAu hda6OVG5GyIgdsQitseHqWjpTn821lGzbXz4sa5VvwjhcKYQdMAJGUJL4K6X6ol2Akbz mdHSxXhrvmpYkrgowJVRt0vZUINYW5JSBJqKgKnuYugYxJVSBXVBF+Ht2/pjBoyHfBon aBXbxABnnWY6vHABFdP/jz7c91ncfMDbwNbNUTYgrhyS/V6G2dibNnZ7kRPEYDZc0a2z dMz7WZvMXT4vBqM30xyx782Edu9yq8z81Als5MZMI0LWlvZWIrFrp9rCEvgHMkgR0OUh arMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jQh4pcl0Capv4KvrRZgrwyrQ3fPmRg8WH6CvRAxuBmk=; b=k3DAgPZqQlZ3/0f+9ZS2eEAiDSZXeVTEpJtSIvc/dFIkGBOaswI8tJKG5Iiqcge/Fg 680PxcJ8d5llliyhz1uI1I3gEhRWs7ILDLfBA+808or0dZJXQqjH1eh9/xKoX/Nm0x40 KDwEHrQ7r9tIVsba3M0g8kR1HnbN5Smttbgc12rGDHP/YkqdsfONHvuoRyxxudp7OP+9 lplKX08g9U3dhAriMfkiQ/FRVVVVJb4wJ45VxoM5+5C+CXnXrbFYW3KtA4SMflxaR2Lr j5sftgo/wNFhAtdXPLbE7xDGKnUMn3L+ZMugYf0eGdLwIuz2PmFjHW1qGNW0bsZjGPZK 4pHg==
X-Gm-Message-State: AIVw111hU14SdgZ68qnkyHIsRtDf4SKt+WuRbby9DdctFUQ+gmYmwfdM xZc7anjJg4mYEKD/qykC42+kjW5ZaA7T
X-Received: by 10.99.98.71 with SMTP id w68mr1179372pgb.100.1500439799353; Tue, 18 Jul 2017 21:49:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.130.3 with HTTP; Tue, 18 Jul 2017 21:49:58 -0700 (PDT)
In-Reply-To: <CA+cU71k8=jgQ3q0_tGGO1ZUW_Y0qJC62XfGcPeKsW+T1umWruw@mail.gmail.com>
References: <150043553129.25392.13213180786681889232.idtracker@ietfa.amsl.com> <CANatvzyus----nLQE4qAVY4E3sfnXetUHJLAMj3JcCahkhZGRA@mail.gmail.com> <CA+cU71k8=jgQ3q0_tGGO1ZUW_Y0qJC62XfGcPeKsW+T1umWruw@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 19 Jul 2017 06:49:58 +0200
Message-ID: <CANatvzyYcE0+dc571AdctzEhTKKVYmVDhtgTVDMVoQ80jp5s2Q@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IUHYo04LV_Z1lZ0QLJV4sqHi3x0>
Subject: Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 04:50:02 -0000
Hi, Thank you for the response. I was not aware that the penetration rates of minor DNS records were low. I will read the I-D and the mailing list archive. OTOH, I think that the penetration rate being low might not be a killer for the proposal, since in the short term, SNI encryption can be an opportunistic feature, considering the fact that DNS packets will be sent in cleartext anyways. It might be possible to query for the A record and the bootstrap record simultaneously and activate SNI protection only if responses to both queries are obtained. 2017-07-19 6:03 GMT+02:00 Tom Ritter <tom@ritter.vg>: > If I remember correctly, the idea of enabling SNI encryption (and > 0RTT) via DNS had been brought up very early on in the discussion. > draft-nygren-service-bindings was the first (only? major?) concrete > proposal. > > In general, I think the feedback was "DNS gets filtered to only > A/CNAME records so frequently that anything that relies on other DNS > records isn't going to work an appreciable portion of the time". > > I'm disappointed by this also; but as we are also trying to deploy DNS > privacy - mechanisms that rely on an easily surveilled, censored, or > blocked mechanism to enable other sorts of privacy are concerning. > > -tom > > > On 18 July 2017 at 22:42, Kazuho Oku <kazuhooku@gmail.com> wrote: >> Hi, >> >> I am happy to see us having discussions on how to protected SNI. I am >> also happy to see that draft-huitema-tls-sni-encryption [1] proposes >> actual methods that we might want to use, and that the I-D discusses >> about various attack vectors that we need to be aware of. >> >> On the other hand, as stated on the mailing list an on the mic, I am >> not super happy with the fact that the proposed methods have a >> negative impact on connection establishment time. >> >> So here goes my straw-man proposal, as an Internet Draft: >> https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/. >> >> In essence, the draft proposes of sending information (e.g., >> semi-static (EC)DH key) to bootstrap encryption in ClientHello as a >> DNS record. Clients will use the obtained (EC)DH key to encrypt SNI. >> >> Since DNS queries can run in parallel, there would be no negative >> performance impact, as long as DNS responses can be obtained in a >> single RTT. >> >> The draft mainly discusses about sending a signed bootstrap >> information together with the certificate chain, since doing so is not >> only more secure but opens up other possibilities in the future (such >> as 0-RTT full handshake). However, since transmitting a bootstrap >> record with digital signature and identity is unlikely to fit in a >> single packet (and therefore will have negative performance impact >> until DNS over TLS or QUIC becomes popular), the draft also discusses >> the possibility of sending the EC(DH) key unsigned in the "Things to >> Consider" section. >> >> I would appreciate it if you could give me comments / suggestions on >> the proposed approach. Thank you in advance. >> >> [1] https://datatracker.ietf.org/doc/draft-huitema-tls-sni-encryption/ >> >> >> ---------- Forwarded message ---------- >> From: <internet-drafts@ietf.org> >> Date: 2017-07-19 5:38 GMT+02:00 >> Subject: New Version Notification for draft-kazuho-protected-sni-00.txt >> To: Kazuho Oku <kazuhooku@gmail.com> >> >> >> >> A new version of I-D, draft-kazuho-protected-sni-00.txt >> has been successfully submitted by Kazuho Oku and posted to the >> IETF repository. >> >> Name: draft-kazuho-protected-sni >> Revision: 00 >> Title: TLS Extensions for Protecting SNI >> Document date: 2017-07-19 >> Group: Individual Submission >> Pages: 9 >> URL: >> https://www.ietf.org/internet-drafts/draft-kazuho-protected-sni-00.txt >> Status: https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/ >> Htmlized: https://tools.ietf.org/html/draft-kazuho-protected-sni-00 >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-kazuho-protected-sni-00 >> >> >> Abstract: >> This memo introduces TLS extensions and a DNS Resource Record Type >> that can be used to protect attackers from obtaining the value of the >> Server Name Indication extension being transmitted over a Transport >> Layer Security (TLS) version 1.3 handshake. >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> -- >> Kazuho Oku >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls -- Kazuho Oku
- [TLS] Fwd: New Version Notification for draft-kaz… Kazuho Oku
- Re: [TLS] Fwd: New Version Notification for draft… Tom Ritter
- Re: [TLS] Fwd: New Version Notification for draft… Kazuho Oku
- Re: [TLS] Fwd: New Version Notification for draft… Ilari Liusvaara
- Re: [TLS] Fwd: New Version Notification for draft… Kazuho Oku