Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

Peter Gutmann <> Sun, 06 December 2015 00:01 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F194C1ACD04 for <>; Sat, 5 Dec 2015 16:01:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J7sKsUV2SwAV for <>; Sat, 5 Dec 2015 16:01:12 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8438E1ACCFA for <>; Sat, 5 Dec 2015 16:01:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1449360071; x=1480896071; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4CCyBjQGhX+CYcoKDwq6qr3BcoP21VO7RDw987ad5bk=; b=ITGOXCsDJlxzp7ZPcLqA61LUiylEykjdfBiU0mVnnS5EYQ4zxaylm8S4 KWK4eenIM0Jrx3EmJjBeFqqdnwlGYgDOSu4XJUdwkIpHOe0/9AcRm3Xz8 VGpQr+aKVwjZbEqqvEl9TLyXQhjjm7ctcAz115xQJsp+6k9WEGMmbeX4z Pm2soXiLWI7f0eGvZrBw/ep3c3GEnllAoA9taQq03WE06vmFIw8awm/T5 Jyx6FROnazr/tTpQXGqKL8ws8ZHDTS2nu/eYsw+spI5hA2958eCkQqdGq ZzQZ4VF19XRVU+miYAANsavH28MKtS2/KnutgwmdxK6n1boAZiEAgPQPw A==;
X-IronPort-AV: E=Sophos;i="5.20,387,1444647600"; d="scan'208";a="57772239"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 06 Dec 2015 13:01:10 +1300
Received: from ([]) by ([]) with mapi id 14.03.0266.001; Sun, 6 Dec 2015 13:01:10 +1300
From: Peter Gutmann <>
To: Jacob Appelbaum <>
Thread-Topic: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
Thread-Index: AQHRLkbyDcSlq8FU5UOLue9+6obNgZ69FcGl
Date: Sun, 06 Dec 2015 00:01:09 +0000
Message-ID: <>
References: <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Dec 2015 00:01:13 -0000

Jacob Appelbaum <> writes:

>On 12/4/15, Peter Gutmann <> wrote:
>> Jacob Appelbaum <> writes:
>>>TCP/IP and DNS are out of scope, though obviously related.
>> Why are they out of scope?
>They are out of scope for the TLS working group as far as I understand the
>organization of the IETF in terms of mandate. Am I incorrect?

They're out of scope in that TLS can't impose behaviour on DNS, but they're
not out of scope when it comes to considering what impact DNS has on TLS.  For
example the whole reason why TLS has certificates is because the TLS (well,
SSL then) folks realised that DNS wasn't secure, and that TLS had to deal with
that issue.  Otherwise, the SSL folks could have just said that DNS issues are
out of scope, and we'll wait for DNSSEC to appear at some point and fix things
(this is speaking from a 1995 time frame).

>Or they could just call MinimaLT or CurveCP with mandatory Elligator TLS 1.3
>and be done with it.

That would probably be an easier process than the current one, provided you're
ready to commit completely to the Bernstein monoculture.