Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 23 May 2018 18:10 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D63B1276AF for <tls@ietfa.amsl.com>; Wed, 23 May 2018 11:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cbBcpXHlG6-R for <tls@ietfa.amsl.com>; Wed, 23 May 2018 11:10:57 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F6E81270A3 for <tls@ietf.org>; Wed, 23 May 2018 11:10:57 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id f21-v6so23877405iob.13 for <tls@ietf.org>; Wed, 23 May 2018 11:10:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rRBbii2L0qwHm/D3T6+5LrmvLUgYlA6GcLvrvZDsScE=; b=FlELt0+Xd4r8RJicENyQXj1glbB9Uu+h5FalASHGXPu4c2QT5hpk4jE7xvnpCq5o0O Ri7WXQ0SuhxQE1fNPbcowbXf3IKyqgk2Eanrt+aQe7L+Yy5nZ6hlYkDj/IjavUJi8HXK qpY8erCyIvA1W7dRRLvShTdxHpUJKD+bzYecfAAQ4DH3KHXPGRx6wodgULWtEC3YXc1D XaLtG0l/Kott6sm0cZ+uk7AKqD0RXajEYgaP+ysmaL9xBLjqn1gbYlbZPQbJa5LvHfT8 IEY00YeVRrt9HF8Ck4z6rK5uhG5snMzmXLqeDwSXq3xtRP4pQc7p3u7b8zu41kn12rRk guIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rRBbii2L0qwHm/D3T6+5LrmvLUgYlA6GcLvrvZDsScE=; b=Rtnpn09EMkw0KukkwWrW24mnSdo3astFAlOi3Ek9nfCxnXYnLJCwxh77Kvy/aom1cY bepbukgKg4UjJureWNVKTJgM5R8qDFrBB3lk6xCv31XWTX8EvXeY4/5469FfQ5cyxhhS qY+DogATsjDfzjRkiThe1Invb9tOhQHmL4suoWEgLIzgyn87xsR3UUktV7Nz1pwyiyUu dQZaVvGhaC6dyDBIeMbLa43L5ZkuHaWCA6CW7zAhihtwbjUklvR6/yhaA05vUpkEe0p0 bZQ9/7Ayxjz6qKvhmcYnt3vxIb9iOgPV0JWrVs9Ggm5IHbKXuKyhCyrxGQeZTLSTGsXA zOwQ==
X-Gm-Message-State: ALKqPweHku+L2VqCfEabst7V1SGiohYhesQfT3uGvxUoVNoC9dqzAY9Y bG3BeG9SsCwKrWKfg+Wy0B7lrrHvSToN7/jSd3c=
X-Google-Smtp-Source: AB8JxZqmpiJ6kfbB/2pc3QepO2+u7q9E9XvuBQSjqqXiKoc3c3Yw4hXokhNUqMjBSj8tCODxS84Wh8qP9R3/Qz4dYNs=
X-Received: by 2002:a6b:c006:: with SMTP id q6-v6mr3561729iof.61.1527099056877; Wed, 23 May 2018 11:10:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac0:bc01:0:0:0:0:0 with HTTP; Wed, 23 May 2018 11:10:16 -0700 (PDT)
In-Reply-To: <F821665A-F2A6-4BC6-AF1E-F6B2D02C72D1@sn3rd.com>
References: <152684342781.2913.14066810928653071971@ietfa.amsl.com> <f0d20cd1-136f-7c27-cad0-69c95d19ba17@huitema.net> <CAHbrMsDFsWT4kjQv-LWq6QLgrX8SZfm7zGLoaR_NNjiGxTSkkw@mail.gmail.com> <F821665A-F2A6-4BC6-AF1E-F6B2D02C72D1@sn3rd.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 23 May 2018 14:10:16 -0400
Message-ID: <CAHbuEH6RKizDShsk=mhxqQs3jms4Nhm-AR1UppqE=tV0aUzZMw@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: Christian Huitema <huitema@huitema.net>, TLS WG <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LWgy60po8B9PHVkzbEcqFDP9Gak>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-sni-encryption-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 18:11:00 -0000
Hi Christian, Thanks for including text on the known uses of SNI. Hopefully if there are other known uses, they will be contributed for evaluation of this problem space. In section 2.2, enterprises can still use proxy based or active interception solutions to enable inspection of traffic on their network. I suspect that will be the method of choice over the endpoint for some time to come. I also don't think it would be universally accepted that enterprise interception, where they have agreements from users to monitor (employment agreements - common in US and EU, with Germany being an exception here as apparently they have a law for users to have an expectation of privacy when doing personal business from the work place), should be classified as an 'attack'. I think rephrasing for that use case would be helpful for the neutrality of the document. Section 3.8.1 - TLSv1.3 already encrypts the ALPN response via EncryptedExtensions. Is this argument for TLSv1.2? The response is where the answer on the negotiated protocol is provided and it's already hidden, so I'm not clear on why this is here except if it is for earlier versions. This draft just says hide the ALPN, are you concerned about the request too with the list of possible protocols? Thanks, Kathleen On Wed, May 23, 2018 at 10:49 AM, Sean Turner <sean@sn3rd.com> wrote: > > >> On May 23, 2018, at 10:38, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote: >> >> Thanks for this document, Christian. > > +1 for keeping this going. > > spt > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Best regards, Kathleen
- [TLS] I-D Action: draft-ietf-tls-sni-encryption-0… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Christian Huitema
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Ben Schwartz
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Sean Turner
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Kathleen Moriarty
- Re: [TLS] I-D Action: draft-ietf-tls-sni-encrypti… Artyom Gavrichenkov