Re: [TLS] Accepting that other SNI name types will never work.

Richard Moore <> Tue, 08 March 2016 19:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1E4D612D9E1 for <>; Tue, 8 Mar 2016 11:56:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id x4rtIVq6JEnj for <>; Tue, 8 Mar 2016 11:56:00 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D453312D8DC for <>; Tue, 8 Mar 2016 11:55:59 -0800 (PST)
Received: by with SMTP id x17so11048716ykd.1 for <>; Tue, 08 Mar 2016 11:55:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=CUX6so1Uj1OVDpvk4lpNsmqqVfydaH5WUKQEfxpulUY=; b=Fd+r1j8mkGaqTOBOHXdisHoSQf/8iQE4cEeTQ653+JrTLyWGRH51pbP0xN4nw4KqYb k5FRG8BoGtMHvj0utcS80S8Dhu0FmjXcupxkmteR8o6wMwcJ2IVmaot1vuLF5GBHy80Q 1DZyvKJAnrQB6InwsSYQq22IsJj321mzBRy1geFLWLRlD10UE1OJGudhmebJmdpHUokx n/hxIRzk9oFOcXBbWecMma178I1rRgRlkhU642890EuIsBPWKbsMRlqkm2Pz0Biwjhz3 jVZFV0o1mjQtEOM5hjfjcG6jSFU0YjBO8t4j7ZQMxb/8iO2WZAijF7webCxpx6YVfR1Q PTpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=CUX6so1Uj1OVDpvk4lpNsmqqVfydaH5WUKQEfxpulUY=; b=c2Bu1qCUpBAydeVFfOOd2INaazYhfGtRBr/SgXn7ucTnJQ8bj1AqLISn0FzrjAHwAu ifNlBRXnhZydfORf1ZF3iWoj+MUeOAYSER3WjmzkV0QVfwaPJ4V21TpSfNj+NuYbzFm3 IUnzGU8CWO3DhQaWCzzMZAIWsUrIeI+bbrU8VW5e4c4Hs00KJccY+FODJ2y6aWPNPRH4 isUGzPg0cVAy2x7zctC+SjJZBdKjlvZ97UPshbDpWFPYb/Nq86ZHOPnvQxnZa8PCLyxZ H+KEzRHNN1XUvIyc65b1gf3oyfAF0PxuPOluyvzPUWpygEmxsUjZGuFquGjzBD2lYwNx vfag==
X-Gm-Message-State: AD7BkJK1if9fyAofTEIr7Jw7bMaTuzMAXJM76cYB4Z7kfk4RssfGGStP4bOnB+EXMzd0khRQNpGacoWdPkaKmg==
MIME-Version: 1.0
X-Received: by with SMTP id r66mr7838630ybb.156.1457466959079; Tue, 08 Mar 2016 11:55:59 -0800 (PST)
Received: by with HTTP; Tue, 8 Mar 2016 11:55:58 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <>
Date: Tue, 8 Mar 2016 19:55:58 +0000
X-Google-Sender-Auth: 5mqKahQ4hf4IE_erRUtBDvWTGYY
Message-ID: <>
From: Richard Moore <>
To: Martin Thomson <>
Content-Type: multipart/alternative; boundary=001a1140f6825e3427052d8ef843
Archived-At: <>
Cc: Adam Langley <>, "" <>
Subject: Re: [TLS] Accepting that other SNI name types will never work.
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 08 Mar 2016 19:56:03 -0000

On 7 March 2016 at 12:32, Martin Thomson <> wrote:

> On 7 March 2016 at 23:02, Hubert Kario <> wrote:
> > well, if some people don't care about their implementation being
> > fingerprintable, let them be, but there should but at least a
> > recommendation what to do if you want to avoid that.
> I'd be very surprised if this added anything to the fingerprinting
> entropy already present in TLS implementations.  You can't use this
> sort of thing to distinguish one user of NSS from another NSS user.
​No, but you can use this sort of thing in combination to determine the
version a server is running not just the implementation. If there was a
recommended alert for a given situation I imagine (perhaps over
optimistically) that it would be harder.

> BTW, I'm pretty much not willing to volunteer to review the patch that
> made NSS less fingerprintable as NSS.  I'm pretty sure that involves
> replacing NSS with OpenSSL.

​Making it hard (or at least harder) to distinguish the two would
definitely not involve that. That said, I haven't fingerprinted NSS as a
server in anywhere near as many configurations as openssl though this is
mainly because I see it used that way less frequently.