Re: [TLS] DNS-based Encrypted SNI

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 04 July 2018 21:25 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E93A4130E03 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 14:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bnKTlT6jGMG7 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 14:25:54 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23C8E124BE5 for <tls@ietf.org>; Wed, 4 Jul 2018 14:25:54 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id c192-v6so3485256qkg.12 for <tls@ietf.org>; Wed, 04 Jul 2018 14:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=trXHVJmuPJW5G14YiB2HKEzOkTF0s7Zu9sF4KmDl9EI=; b=VjaWrEJi9pD5JFligGbLCQ4PwbqiKNqJLqsbOa11HNikcI50rmbK8TB7TgikZTDbwO esaiuds5TKI/02tfMtC0ts+uoA4TQPpDnKqzkIIUuZNw27fuMB5c3jh4QKQRGoKHdFdw Bb5jCmEjCaTmBVCioz1nQvNXTurj+2Tf3YNXEdF58k87mdlXh10DcO4Ylhhozr0UKsPe QBN6BZvAMuu1IXZB/TEoFLilBDQoRuc09juG4VlP4ZweoHPlFTQ7s5tABoubKNAyFKUL GQb70UDvmjLKuCKk+MqzTQmEQbIvKAKzEIR73BAvKoxefeJn3dzCtCxWwzbu01DVeKlh /DIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=trXHVJmuPJW5G14YiB2HKEzOkTF0s7Zu9sF4KmDl9EI=; b=mpDXLJMOUEkn0FN8vLcBvzyRWwX+9DJSTvEpQvaQTCvrjhEIiWtQave9joVMNmOBCI x9/Siv0RMl/IA7brSq11jbUU8kStxKxYyU3rlhN/9u42u1/WL+eWMJqN3Jb34eF1SDDt yBn148Z7tNFx3pPLWivn5dFqqXCbvgzWxdh3rDzkOXAHczZZxg1k1trn4ltSx3pe6jeb JUaewEQVuwUGcHLCTPShUknGCo9ljVsKi0+4mqyqNOTYrjr/mXaTMnwuHbO35qhMGopP rye3y1IqkBWBypfDFJDtL2cVhBX14UQ5RbEMn96NSPeRWzgDAk8OlfYFR5ocm2QbAVpM n/bQ==
X-Gm-Message-State: APt69E0+pdKH6j+fFwkZLBvHzuXRlXKsXnPOuHnoUQ6PrHLjPOho348L cwPbkWYzczTKi/5spguhOQsMNBtj
X-Google-Smtp-Source: AAOMgpcMI4lOg93qU+B55eIJMWA7GKVzVIE4KF7CV+UuLxUW1g5ZfjsOov6zmdzInMFRPL4W3eoY9g==
X-Received: by 2002:a37:6e82:: with SMTP id j124-v6mr3020945qkc.179.1530739552994; Wed, 04 Jul 2018 14:25:52 -0700 (PDT)
Received: from [192.168.1.210] (209-6-121-113.s2671.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [209.6.121.113]) by smtp.gmail.com with ESMTPSA id c127-v6sm2979684qkd.40.2018.07.04.14.25.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jul 2018 14:25:52 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-322D5B88-98EC-4EF4-B67B-3F3ED377C546
Mime-Version: 1.0 (1.0)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: iPhone Mail (15E216)
In-Reply-To: <CABcZeBPLBn7jc2rWxcSdvw-n7EZdxBn+XL+22g+W+JNs56nHkQ@mail.gmail.com>
Date: Wed, 4 Jul 2018 17:25:51 -0400
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <C8996EC6-F931-42D3-89CA-7A4A2274CD60@gmail.com>
References: <CABcZeBMR=5QQjSS68H2mQoyG1cHVa5+Z_5SH0Md07kTBVSr3Sw@mail.gmail.com> <c066f64f-9d56-2614-9c85-031a659d9ece@cs.tcd.ie> <4B10DA3C-9BCB-4546-B3F9-BCC8BA358BD9@gmail.com> <CABcZeBPLBn7jc2rWxcSdvw-n7EZdxBn+XL+22g+W+JNs56nHkQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/S-Ky_uQb0g97X6sF77-Nr4Z6EUQ>
Subject: Re: [TLS] DNS-based Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 21:25:57 -0000


Sent from my mobile device

> On Jul 4, 2018, at 2:20 PM, Eric Rescorla <ekr@rtfm.com>; wrote:
> 
> Hi Kathleen,
> 
>> On Wed, Jul 4, 2018 at 11:10 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; wrote:
>> I’m also fine with the work going forward, however it was only in March that EKR assured people concerned that they don’t need to worry about SNI being encrypted repeating similar statements previously made to the same effect.  Meantime, he was working on such a solution. 
> 
> This is not really correct. As of March, I had basically given up on how to do ESNI in TLS the near future and wasn't really working on it [0] and then in May, prompted by suggestions by Matthew Prince and Nick Sullivan, I realized that the proposal in this document could work.
> 
> Moreover, I think I've been pretty clear that I wanted to do ESNI and it was just that we didn't know how. For instance, here's what I said in PATIENT:
> 
>    My evaluation of the current state of SNI encryption is that given the
>    current technical state, it will not see particularly wide deployment, with
>    the primary scenario being "at-risk" sites who are subject to censorship who
>    either hide behind or co-tenant with sites which are not subject to
>    censorship. That probably isn't going to be incredibly common right now. Of
>    course, this is regrettable from the perspective of people designing these
>    protocols, but I think that's the situation.
> 
> As I said the other day, predictions are hard, especially about the future, and this turns out not to have been totally right (though I also don't think it's really accurate to characterize it as my saying that people don't need to worry). I'm sorry if people people are surprised now. That wasn't my intent, but as I said above, I was surprised too!
> 

Well, the messages on the Effects of Pervasive Encryption for Operators also factored into my response.  You wanted that text removed and we refused (rightly so).  You also had someone write a blog to have a reference that talked about it’s wide deployment.  The perception is from multiple interactions and I favor transparency.

Best,
Kathleen 

> -Ekr
> 
> [0] Just to be completely clear, there was and is ongoing work on protecting SNI via HTTP connection coalescence (see Mike Bishop's presentation in London), but that's a different flavor of approach, and it's not like it's any secret it's happening.
> 
> 
>  
>> Kathleen 
>> 
>> > 
>> > Cheers,
>> > S.
>> > 
>> > 
>> >> 
>> >> -Ekr
>> >> 
>> >> 
>> >> 
>> >> _______________________________________________
>> >> TLS mailing list
>> >> TLS@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/tls
>> >> 
>> > <0x5AB2FAF17B172BEA.asc>
>> > _______________________________________________
>> > TLS mailing list
>> > TLS@ietf.org
>> > https://www.ietf.org/mailman/listinfo/tls
>