Re: [TLS] Encrypted SNI

Eric Rescorla <ekr@rtfm.com> Fri, 02 June 2017 14:17 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D1B812EBC0 for <tls@ietfa.amsl.com>; Fri, 2 Jun 2017 07:17:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0a4f5to-GGy for <tls@ietfa.amsl.com>; Fri, 2 Jun 2017 07:17:19 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F23512EBB0 for <tls@ietf.org>; Fri, 2 Jun 2017 07:17:17 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id l74so33656445ywe.2 for <tls@ietf.org>; Fri, 02 Jun 2017 07:17:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XrE8VNGcbrN6o3C3shGxvrT/bSf3KGlImsntOcGy0II=; b=KNCwvaypzk7RKMPWP20PsZvSSY+kfuLd8U9ievzDNBY6B0WBpz1Av2uNZW0t3iloHx MhaIfEAfRj127NMUXH/YQttD+uvZmTn1Qe1JoZC8fbv1bUk1A7IeSPPW6Pktr8m+lDln cIu2NdoR1DrADLENXN9/t/u3zLXE8fa0c7OHdGcX2btmeNaqZ2/U+0QF6FcDsgTn1uXB 5bjEfB/xfOUrYJDXN0yDvPuzAZ+fKTqTiofMcLSjKzQUmbq7WoTJRmZ0MY6pZEXWexjq tLwzQdcuM3xQvXr8Ms+jGa6J5zvDESUsNyeldmboBJcKz3noCLjOVeh5zH4B36Cx0gq5 Iohg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XrE8VNGcbrN6o3C3shGxvrT/bSf3KGlImsntOcGy0II=; b=nntEmc1wii6ULiq4tdTiJhFgRSRSp6xshHhR1/IO94EwTRd31tmuyZLCmg/+28UAJ4 +zqrduc3z5mlaTz2Wbcf06jbd9IOCTYZMXdUPxkUunXHDxGqxxi74wgqjh2JRDayE2+j VKq6j21nLuFJ6E/8tSGpBNYPbeyvUCkYObOZdx3u8GS0n70UIjIMp6aWpETj81ttYjEk cGJqaeCD10mL5v9gyHoDKfEm1EA9fE+WO1X3VI90/7T2idSWFAzB0j0TNsp4ecGae0kt go9ZcYcSnpXDu6LaBbu2mla2ID37sCONf/Wz+KWiW7+Jsv5hkXCdYePonQ9ZCep5//GL 9JAQ==
X-Gm-Message-State: AODbwcCjq1PjrrsqtQ0X2/f8UZNtGCE3kXw7VgAdPLcMqu2eJ+Ra9u/o SHRccqtthqNn/PuqqaVzSyDm84h1J2jJ
X-Received: by 10.129.97.193 with SMTP id v184mr6093502ywb.270.1496413036341; Fri, 02 Jun 2017 07:17:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.106.137 with HTTP; Fri, 2 Jun 2017 07:16:35 -0700 (PDT)
In-Reply-To: <20170602132833.GE12522@faui40p.informatik.uni-erlangen.de>
References: <CAHbuEH4Bwr13T-cBFvLmUmn6KRzuNf1su6VTeJguyssk6S2z3g@mail.gmail.com> <4d2f195a-c61b-4abb-9b33-bc36773775cd@cisco.com> <20170602084300.GB12522@faui40p.informatik.uni-erlangen.de> <CAL02cgS+eym_=TNupJo0f0qAFgZc14rXNfO=VdGzRX28jXVqkQ@mail.gmail.com> <20170602103151.GC12522@faui40p.informatik.uni-erlangen.de> <CAErg=HG8NFmuX7NUR3tLXbstzj2Spgc_dyh6b5DZqCFh73dt=Q@mail.gmail.com> <20170602132833.GE12522@faui40p.informatik.uni-erlangen.de>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 2 Jun 2017 07:16:35 -0700
Message-ID: <CABcZeBOX8GVF8QnmUgtu_yzj_ejxcQrB9ZFwofdajXJxAv0gFA@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Ryan Sleevi <ryan-ietftls@sleevi.com>, Richard Barnes <rlb@ipv.sx>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>, Benoit Claise <bclaise@cisco.com>, "sec-ads@ietf.org" <sec-ads@ietf.org>, "ops-ads@ietf.org" <ops-ads@ietf.org>, ops-chairs@ietf.org
Content-Type: multipart/alternative; boundary="001a11490722781cac0550facff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TF_8oV_RY1gVGqHVoHKqn5ihIBc>
Subject: Re: [TLS] Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 14:17:20 -0000

On Fri, Jun 2, 2017 at 6:28 AM, Toerless Eckert <tte@cs.fau.de> wrote:

> On Fri, Jun 02, 2017 at 08:03:40AM -0400, Ryan Sleevi wrote:
> > > If a web service hoster does not provide any useful demultiplexer then
> it
> > > can of course not
> > > expect not to get blacklisted across services. Is it not already common
> > > practice to assign
> > > separate certificates to separate "web customers" ?
> >
> > No. It's typically the opposite.
>
> Thanks.
>
> Btw: does TLS 1.3 mandate server side cert encryption or is this something
> server
> apps can decide ?


It mandates it.



> Just because shared web services may not yet leverage the ability to
> use certs to authenticate network connections well doesn't mean that that
> option should not
> be given to apps. And it would be sad if one would have to revert to older
> protocol options
> to have that functionality.
>

That functionality is illusory even now, because they are unable to
determine
that the server and the client are not colluding to lie about the server's
identity.

-Ekr