Re: [TLS] Possible blocking of Encrypted SNI extension in China

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 11 August 2020 04:26 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93DC43A0B3B for <tls@ietfa.amsl.com>; Mon, 10 Aug 2020 21:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rkbF1mDG3R0k for <tls@ietfa.amsl.com>; Mon, 10 Aug 2020 21:26:32 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [124.47.189.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E29353A0B37 for <tls@ietf.org>; Mon, 10 Aug 2020 21:26:31 -0700 (PDT)
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (mail-sy3aus01lp2058.outbound.protection.outlook.com [104.47.117.58]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-50-wCyClqwBPk-JNa70DGrzRg-1; Tue, 11 Aug 2020 14:26:28 +1000
X-MC-Unique: wCyClqwBPk-JNa70DGrzRg-1
Received: from HK2PR02CA0219.apcprd02.prod.outlook.com (2603:1096:201:20::31) by SYBPR01MB3212.ausprd01.prod.outlook.com (2603:10c6:10:2d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.22; Tue, 11 Aug 2020 04:26:27 +0000
Received: from HK2APC01FT057.eop-APC01.prod.protection.outlook.com (2603:1096:201:20:cafe::3c) by HK2PR02CA0219.outlook.office365.com (2603:1096:201:20::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.16 via Frontend Transport; Tue, 11 Aug 2020 04:26:26 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; heapingbits.net; dkim=none (message not signed) header.d=none;heapingbits.net; dmarc=none action=none header.from=cs.auckland.ac.nz;
Received: from uxcn13-tdc-a.UoA.auckland.ac.nz (130.216.95.208) by HK2APC01FT057.mail.protection.outlook.com (10.152.249.93) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3261.16 via Frontend Transport; Tue, 11 Aug 2020 04:26:25 +0000
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 Aug 2020 16:26:17 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::99ff:fdcc:ecb:10c7]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::99ff:fdcc:ecb:10c7%14]) with mapi id 15.00.1497.006; Tue, 11 Aug 2020 16:26:17 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Possible blocking of Encrypted SNI extension in China
Thread-Index: AQHWZo5K+iu3hjU4UEa0XHCZQtwYy6kfpOkAgA+KOACAAZBRDP//9AqAgAGtqQw=
Date: Tue, 11 Aug 2020 04:26:16 +0000
Message-ID: <1597119980162.55300@cs.auckland.ac.nz>
References: <uGJxvVQRPcgn2GZKsKuuVN4SyTe7EOiV3iEK3Cq3Izo0ZstAh1LxEzMKrDZ_0VTrLqeYXQb4k1Qy5uJmEy04zNgngoHBONhVZnvddYYybt8=@iyouport.org> <71e4d18d-9ad8-fd72-729c-db5a0cf7593b@huitema.net> <20200809153526.vf5zlongieoswb22@bamsoftware.com> <1597030308337.61220@cs.auckland.ac.nz>, <67d52e25-71ed-4584-b2c3-6a71a6bdd346@www.fastmail.com>
In-Reply-To: <67d52e25-71ed-4584-b2c3-6a71a6bdd346@www.fastmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bf8b5643-b5ad-4d10-034c-08d83daeb5c9
X-MS-TrafficTypeDiagnostic: SYBPR01MB3212:
X-Microsoft-Antispam-PRVS: <SYBPR01MB32124338C877E4648C20B1D4EE450@SYBPR01MB3212.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ia8ynyEnYgZXAhN+m31QdAzBnbgaBMHNa1Lz/f6FEatQcLN7/3tyLHQVvtpkq9x+FMdoImosHZrqAUINmHf40VANFi3M0pQhS6wUJP6oHTsJN05ABhrKzF8RJ2NdS1IPx8REGMS/NljxbnXkghJ3YUuo5FEx3rpaX/x2GeCKK71OBMiKjmPfico7HCyDg69FLcYFwaR+1XSH5oib3vYGKnmS9JsI16AT+M5uAS4HtdMzz2eqP7VFhW1DmwQcb2FkFzpMCLJODTxHuhSjXCpzS+vsxtO40fBChrk5J1viuxKk0jttXNrkgwBlCpMC2BP9qfFjJ43d2iES2FWREN+CDQsZXgPsOvNwoIBtudcOdUe3e1CAk+TRQBBxiTZpqvD5i4nwj+p48hoM8LrPVQaLVQ==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-a.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(396003)(346002)(136003)(46966005)(478600001)(8676002)(8936002)(786003)(2906002)(110136005)(316002)(36906005)(82310400002)(82740400003)(47076004)(26005)(186003)(2616005)(336012)(5660300002)(4744005)(7636003)(83380400001)(70586007)(86362001)(356005)(70206006); DIR:OUT; SFP:1101;
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2020 04:26:25.3070 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bf8b5643-b5ad-4d10-034c-08d83daeb5c9
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-tdc-a.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT057.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB3212
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OKiZwH2i0CSr5JmqzlOZO2rzaWY>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 04:26:34 -0000

Christopher Wood <caw@heapingbits.net> writes:

>For the benefit of the list, would you mind sharing these references?

I handwaved this one because I don't catalogue these things and didn't want to
try and re-locate every preprint, paper, and report that's drifted across my
desk in the last 6-12 months to try and find the relevant stuff... a recent
one that I remember because it was published just a few days ago at Usenix
Security after existing as an arXiv preprint for over a year, that's not ESNI
but eDNS so almost the same thing, was "Padding Ain't Enough: Assessing the
Privacy Guarantees of Encrypted DNS" which reports, and references other
papers which report, an 80-90% success rate in de-anonymising encrypted DNS.
The ESNI de-anonymisation is the standard web-site fingerprinting that's been
used in the past to e.g. find people's incomes based on their encrypted
traffic to tax filing sites.  In other words it doesn't care whether ESNI is
used or not since it doesn't use it.

Peter.