IETF Logo Mail Archive

Re: [TLS] Tonight's Encrypted SNI Hangout Session

Bret Jordan <jordan.ietf@gmail.com> Tue, 14 November 2017 01:16 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52981126E7A for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 17:16:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CalUvAG5hcvM for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 17:16:04 -0800 (PST)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC31126D74 for <tls@ietf.org>; Mon, 13 Nov 2017 17:16:04 -0800 (PST)
Received: by mail-lf0-x22e.google.com with SMTP id m1so4449382lfj.9 for <tls@ietf.org>; Mon, 13 Nov 2017 17:16:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lYMwUVghO3TLtUruulXKcGFwLuMeQfAdNw0s75KyZrg=; b=BIiJhpzMCb2pC0vPokz7sOY90voll3morAAEvorkeLkHyvafkeNTQoOeMyvIHFr/Yl jCBFnauJbVcZlAK6BlQPYUP5aAfPlWd/GbRQV79j4R/zXg/tl9fVhmYq3m8wSuvgodOi lj8PAj/6/6xBQKt6yOAgnlfLIUYrXK0eJvUj5OnpvBYZqernU8A3Gn4XkOdfV4DJwpxn EpXShn+8nLmS9/wP5s0wWC8Rjr+Syg25oxPIQ0DGJ10yTnZDLa9Qq+uDeYEHHR01goiZ 3o0W+Z1c1rlbgFb9kB61XJqjgWT78EuGU+O3SAxCWOAZrEUWxN5xExt4TH3pZDXPDLnx YmhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lYMwUVghO3TLtUruulXKcGFwLuMeQfAdNw0s75KyZrg=; b=d9zxSHAFkzVXaFvZPNJTBwrO7o5NK4XxCpsvkzPVjdwolCzt2uScwvLJ3PXvt3/0FX Kg+RnUp2vTpQtp05j3IcWbl5T/fMvai1uoEDytVpz33Hstu3thlGlbusL2YY3vNU+Qqe 7auxRrfzSyTbY3Rj16HpTDkwxodxUTHJeYhKIe/tOIS2d57BNbd6qeMa8A7jZUEFHNLe m8g8qDjHR9zCK4s+zb2osG37yW6zkF0TJOfK3pPqe4gl4+gUTHnqcP6DSH56SEgOE+mG 0oiYHlC6v52kykDfbbaLC13NsDi5h06DlXOgk6npsteRzY1PfigYPs0OmWVRdxA5g2Qc dZPA==
X-Gm-Message-State: AJaThX4kMU4lFlNfK2+75zyXveVpFOlNWjQJP1wKhkWvJ28rlId/1NEI urjMJzd0Z44yL4Pt0NXDINlWZ1e9RO4XWt3faFQ=
X-Google-Smtp-Source: AGs4zMaC0tT6fxEvJtF1omLu2M9P5VOgZLlWKLFN7Lw+3kY/ePgPkpsE6ty7P3CzspYWAtsrY2J93qmKd7Lwa+VDuXs=
X-Received: by 10.46.88.92 with SMTP id x28mr1175089ljd.138.1510622162895; Mon, 13 Nov 2017 17:16:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.83.155 with HTTP; Mon, 13 Nov 2017 17:16:02 -0800 (PST)
In-Reply-To: <44058361-FA9C-4DAF-87F6-7198B78D2C44@akamai.com>
References: <CAPCpN4t4m9M6u=E29u=TQnBScjRTfA91K9pdyPG3nvyi+GHC3w@mail.gmail.com> <20171113175533.d2ncygry5imzqdw3@LK-Perkele-VII> <6FEBB0BE-24F1-4902-893B-7900A78E5625@gmail.com> <20171113191111.6gf2iigtbg4qqg5w@LK-Perkele-VII> <44058361-FA9C-4DAF-87F6-7198B78D2C44@akamai.com>
From: Bret Jordan <jordan.ietf@gmail.com>
Date: Tue, 14 Nov 2017 09:16:02 +0800
Message-ID: <CAPCpN4vODnRZvMv3FbUofrPrs+F3D2B--QoWrRFP0Wxomoj91w@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, David P <dbpaull1@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f4030438698c68c660055de72166"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ST8Kk4THC4GrSTPMgnpLDRIhmMY>
Subject: Re: [TLS] Tonight's Encrypted SNI Hangout Session
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 01:16:06 -0000

What I think I am more worried about right now is jumping in to designing a
technological solution before we know and understand what is going to break
and is a solution going to actually solve the perceived problem(s) or make
them worse. Technological changes do not always make things better.

Open Questions:
1) Is encrypted SNI the best solution to address the perceived problem(s)?
2) Do we fully understand the problems we are trying to solve and
understand the best way of solving them?
3) Will this make things better or worse for the majority of use-cases?
4) Does it incur so much collateral damage that it hurts the average user?
5) If we make it client opt-in (which seems like a fundamental
requirement), does this single out the client for extra scrutiny by a well
funded threat actor or nation state?

Just some food for thought

Bret

Sent from my TI-99/4A

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

v2.23.0 | Report a Bug | By Email