Re: [TLS] Possible blocking of Encrypted SNI extension in China

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 11 August 2020 05:33 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00C843A0C64 for <tls@ietfa.amsl.com>; Mon, 10 Aug 2020 22:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2sRs0A20xGA for <tls@ietfa.amsl.com>; Mon, 10 Aug 2020 22:33:02 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9331F3A0C0E for <tls@ietf.org>; Mon, 10 Aug 2020 22:33:01 -0700 (PDT)
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (mail-me1aus01lp2057.outbound.protection.outlook.com [104.47.116.57]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-33-Zbal40UWNnyykrIC9bTpCA-1; Tue, 11 Aug 2020 15:32:57 +1000
X-MC-Unique: Zbal40UWNnyykrIC9bTpCA-1
Received: from SG2PR01CA0138.apcprd01.prod.exchangelabs.com (2603:1096:4:8f::18) by MEAPR01MB2343.ausprd01.prod.outlook.com (2603:10c6:201:2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.18; Tue, 11 Aug 2020 05:32:51 +0000
Received: from SG2APC01FT112.eop-APC01.prod.protection.outlook.com (2603:1096:4:8f:cafe::63) by SG2PR01CA0138.outlook.office365.com (2603:1096:4:8f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.18 via Frontend Transport; Tue, 11 Aug 2020 05:32:50 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; huitema.net; dkim=none (message not signed) header.d=none;huitema.net; dmarc=none action=none header.from=cs.auckland.ac.nz;
Received: from uxcn13-ogg-e.UoA.auckland.ac.nz (130.216.95.208) by SG2APC01FT112.mail.protection.outlook.com (10.152.250.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3261.16 via Frontend Transport; Tue, 11 Aug 2020 05:32:49 +0000
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 Aug 2020 17:32:47 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::99ff:fdcc:ecb:10c7]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::99ff:fdcc:ecb:10c7%14]) with mapi id 15.00.1497.006; Tue, 11 Aug 2020 17:32:47 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Christian Huitema <huitema@huitema.net>, Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Possible blocking of Encrypted SNI extension in China
Thread-Index: AQHWZo5K+iu3hjU4UEa0XHCZQtwYy6kfpOkAgA+KOACAAZBRDP//9AqAgAGtqQz//z7aAIAA1Exf
Date: Tue, 11 Aug 2020 05:32:46 +0000
Message-ID: <1597123970590.77611@cs.auckland.ac.nz>
References: <uGJxvVQRPcgn2GZKsKuuVN4SyTe7EOiV3iEK3Cq3Izo0ZstAh1LxEzMKrDZ_0VTrLqeYXQb4k1Qy5uJmEy04zNgngoHBONhVZnvddYYybt8=@iyouport.org> <71e4d18d-9ad8-fd72-729c-db5a0cf7593b@huitema.net> <20200809153526.vf5zlongieoswb22@bamsoftware.com> <1597030308337.61220@cs.auckland.ac.nz> <67d52e25-71ed-4584-b2c3-6a71a6bdd346@www.fastmail.com> <1597119980162.55300@cs.auckland.ac.nz>, <b32110f8-c9ba-e8db-f136-7cc60eba54e4@huitema.net>
In-Reply-To: <b32110f8-c9ba-e8db-f136-7cc60eba54e4@huitema.net>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3e6b1328-338e-4d1c-be96-08d83db7fc44
X-MS-TrafficTypeDiagnostic: MEAPR01MB2343:
X-Microsoft-Antispam-PRVS: <MEAPR01MB234370ECC48C441EBEDE0D8CEE450@MEAPR01MB2343.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +tJ3VhQthVc7NfgtzyVFZt54alkb1dhlolna8EVpel3smvYjK2Y6+6Q6O4+r4jh61jRtfA53Kb9m3nhqsHwPleNVu8tr5nm5fjjGgdi//fQEPJ9ZH5Pr1Q4wPDpe/yxsrmhZBv61QlHkdyQzOV8coPaO3vOJ1ZCbUMGPd6m7EwvycBLDFASd62voTrSrnExCgRRZ2OKKtp89qjRZckBdUV5P8VXibk8A6rxzQwLiAqjKeIwlXb6iDO64ythtl2XtckbFoam63xO3XKMgDTvoys01WuORRAy3tkokjEjNyhi57D1j3QlT9NQxh7+u7WRofjHN71Jo8hQq/fFihs9POZblGX+KoJzoxL9zh2vwQ61iTGqYZhW9pmnzwVLdRALPwcDtlYueIfKmys2qw8bteQ==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-e.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(376002)(136003)(346002)(46966005)(70586007)(8936002)(36906005)(70206006)(5660300002)(786003)(66574015)(4744005)(2616005)(110136005)(26005)(316002)(83380400001)(336012)(8676002)(186003)(7636003)(356005)(47076004)(86362001)(2906002)(82310400002)(82740400003)(478600001); DIR:OUT; SFP:1101;
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2020 05:32:49.0789 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e6b1328-338e-4d1c-be96-08d83db7fc44
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-ogg-e.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT112.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB2343
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TOM6JuCR8E-EF6TdzZAzMlP8z5A>
Subject: Re: [TLS] Possible blocking of Encrypted SNI extension in China
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 05:33:04 -0000

Christian Huitema <huitema@huitema.net> writes:

>Fingerprinting is a real issue but from the reports, this is not what is
>happening here.

Sure, I was just pointing out that they're using the brute-force approach now
but presumably at some point will stop blocking when they've implemented a way
to bypass it.  My guess is that since the GFW uses blocklisting (of known
sites/pages) all they'll need to do is fingerprint the sites they want to
block and take it from there.  Stuff like the ConceptDoppler work
("ConceptDoppler: A Weather Tracker for Internet Censorship" out of UC Davis -
that was one paper I do remember :-) showed that they don't try and block
everything but just enough to let you know it's happening and they're watching
you, which the fingerprinting approach is fine for.

Peter.