Re: [TLS] Encrypted SNI

Jacob Appelbaum <jacob@appelbaum.net> Sun, 06 December 2015 08:48 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D8E21ACCE9 for <tls@ietfa.amsl.com>; Sun, 6 Dec 2015 00:48:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVoOFNgTn2KT for <tls@ietfa.amsl.com>; Sun, 6 Dec 2015 00:48:38 -0800 (PST)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33BA71ACD0C for <tls@ietf.org>; Sun, 6 Dec 2015 00:48:38 -0800 (PST)
Received: by iouu10 with SMTP id u10so158109016iou.0 for <tls@ietf.org>; Sun, 06 Dec 2015 00:48:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appelbaum-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=APXOvXaiEKT6NGa26qQVQdTT28IyVN7Ic6eCcZSVKYo=; b=AG0hYuf9eQsDtRMZULKt8hh86D7Csph5XzP0tyNjkNa9n7mt1gmpMcNFjaVkaHdGCR IEONATAg1zZcxQOCB+eLkzyI52pFtTuGLbggdpd9v/eJs5jYywRrnBsW0h2gveFBKNBH SkQfi3azMb/3LUU47DN+OtaRXf9QQJrxalOZVqHlW/Nl74MTXumVnNcekByzlWKvMgNZ BTbrmBZiqo0LX/YDUs51B0P7ynzLY6S7NxVZDx5BF7n0rB5FO8EtSgGkwH6PqcJiqyht HJ10bKo6xPJwrxzjN3eW9B96TvHmgWlGZ66LvhNFgBpJ6euGcq6fMTH7yOZALHCJQMga UsWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=APXOvXaiEKT6NGa26qQVQdTT28IyVN7Ic6eCcZSVKYo=; b=BSTeUTXkpkga3VeNnpxH/WLJQsIGf1SxuQYgMZXPdLL3//PWwZndZVNe1cAMC5yTlp 2CRALqKPltzGDsTtPwYcaDn52SD4aOMqKPWIUBfVe3cEh2MiZ03xmdjlt1QA8CP0SIMF yt3tVn/1EjBMvLnMCeIKfPELH5jyLzxEoEk/zV6ZIl/5jRUS9TOZZ4gQ/DfALfu7C7kd Y9u8Aa3pmg4JDVeU0y5hYWYFaIC+15PHJeMBa17zc1jHH9ey66TSyn0EFiXfrZgrSS0f Hsz2nT9FoJFuVRrHm7jIQ4EzMQbeHEJGUGj13UdNAi9t0MvFSq7VgqySAt/K7t+jNglU KDSg==
X-Gm-Message-State: ALoCoQlDA3g2QfrujhDBYj163KYmG9V/D7tmwTJBl9Ly9+pbq/tOxsX68YZdToyieiCkrdLnCBoG
MIME-Version: 1.0
X-Received: by 10.107.137.19 with SMTP id l19mr18772585iod.138.1449391717566; Sun, 06 Dec 2015 00:48:37 -0800 (PST)
Received: by 10.79.70.71 with HTTP; Sun, 6 Dec 2015 00:48:37 -0800 (PST)
X-Originating-IP: [18.238.2.85]
In-Reply-To: <201512060242.51979.davemgarrett@gmail.com>
References: <CABcZeBPFAp4hD3ykY9pAA4=ELsAkNoa2yDhaoiSP917v5XgAiw@mail.gmail.com> <36a3b8e463f444ec9fd10c552ce702c4@usma1ex-dag1mb1.msg.corp.akamai.com> <201512060242.51979.davemgarrett@gmail.com>
Date: Sun, 6 Dec 2015 08:48:37 +0000
Message-ID: <CAFggDF1O9QQEFHJzCE1=H8hTsDq+OEcswPo3KsB8eb1b2OX74w@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/KiOQsgx6qcbGgU3luxyKiSn-fKA>
Cc: tls@ietf.org
Subject: Re: [TLS] Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 08:48:39 -0000

On 12/6/15, Dave Garrett <davemgarrett@gmail.com> wrote:
> On Saturday, December 05, 2015 08:58:58 pm Salz, Rich wrote:
>> Can we embed an EncryptedExtension inside an existing EE?  That would let
>> us do TOR purely within TLS, right?
>
> If clients are allowed to send any encrypted extensions other than the
> tunneling extension (that contains the tunneled hello), then we would have
> to allow sending an EncryptedExtension through it, otherwise tunneled peers
> would have less capabilities than non-tunneled. I don't see anything in this
> design that would prohibit recursively doing this as many times as desired.
> (e.g. tunnel of a tunnel of a tunnel of a...) That does sound somewhat
> TOR-like, though obviously, lots more would be needed to actually do
> anything with that. If this can actually be done, it sounds very promising.
>

I had a similar thought.

There needs to be a way to blind each server that is two hops away to
make it work:

Alice connects to a server_0, the server routes to server_1, server_1
routes to server_2 and that passes the final TLS to Bob.

Alice's TLS message needs to be passed to server_1 without every
indicating in an encrypted fashion that server_2 is in the path. In
this analogy, server_0 is like the Tor guard, server_1 is the middle
node, and server_2 is the exit node.

There are some issues with such a design - which is why Tor's design
is to use TLS as an outer link layer and then internally to use 512
byte (or slightly larger) cells. I won't get into those here but I
find the general idea of tls within tls to be useful.

All the best,
Jacob