Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
Ralf Skyper Kaiser <skyper@thc.org> Fri, 08 November 2013 15:28 UTC
Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6096621E819C for <tls@ietfa.amsl.com>; Fri, 8 Nov 2013 07:28:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.353
X-Spam-Level:
X-Spam-Status: No, score=-0.353 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XjPVQ2DylfdH for <tls@ietfa.amsl.com>; Fri, 8 Nov 2013 07:28:47 -0800 (PST)
Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 117D221E81AC for <tls@ietf.org>; Fri, 8 Nov 2013 07:28:47 -0800 (PST)
Received: by mail-ie0-f175.google.com with SMTP id u16so166570iet.20 for <tls@ietf.org>; Fri, 08 Nov 2013 07:28:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kpWWrxOGuR59+jXvY8uJ3AOq1HQyaGGeR948q089onQ=; b=RDxViP0ePvPLbYuuUsuRtKCtNPvHI68C7oHuBE6M9J8yZAS/EnlilwlgleZ8hx6f08 YGtIJ+DLO3vSUYiS6xmqH5fRNgwedBbrUuvEcOhBvL2Pib5YIpG6NwThoLSQjnZT1H68 jdvWD3QZ4jNbcT25qrM9LPG/LuxvNorDNAVLw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=kpWWrxOGuR59+jXvY8uJ3AOq1HQyaGGeR948q089onQ=; b=PP/nF60zzcVRCe3i5XUzRd7SQzxQ/uEwxvsHw1NsJjBxP7t4AOzn+sNV3W18tRtvF6 XyuVHJP4iDmDx4QVh+H5lehcBCAXI5k10ZEt9/BAIkrJ7WTNbbJevxneR23NBofyE4bI +pJG0SHs8WBvPvoX31Gcfvd2zMf8uQvGDnXv2MInbRFkEJNQdlYcn+ZRcMfCTAH5QDRR FMmY+LNuHA1OWlX80ktf4iHQwW3qnWyCXZaaieSrl9DBT7iwXmBiAT/qsZ2S7S6uT6tK q/9dnpU9U72jsl3yUsCw7JRjSUVumHO4kYfOlzAk00GZqEPExEDq53eSGfCx1FW21eip Hetg==
X-Gm-Message-State: ALoCoQkPuHtr6kHAz9MZ/PGgJA1cCEmwq1K6a5GwGoMVuQpde1RdJL1IWS3gMLLsEuvcIBaIHqih
MIME-Version: 1.0
X-Received: by 10.43.93.5 with SMTP id bs5mr9082489icc.32.1383924526196; Fri, 08 Nov 2013 07:28:46 -0800 (PST)
Received: by 10.64.231.100 with HTTP; Fri, 8 Nov 2013 07:28:46 -0800 (PST)
X-Originating-IP: [87.106.82.87]
In-Reply-To: <20131108050232.B8F2A1AA6B@ld9781.wdf.sap.corp>
References: <527BE507.6090507@fifthhorseman.net> <20131108050232.B8F2A1AA6B@ld9781.wdf.sap.corp>
Date: Fri, 08 Nov 2013 15:28:46 +0000
Message-ID: <CA+BZK2onJUrHPegXwO4TWVaj-tirBnpXxEY32T_VA4SZDcnhJA@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="bcaec519691dc8591f04eaac0932"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 15:28:51 -0000
Hi On Fri, Nov 8, 2013 at 5:02 AM, Martin Rex <mrex@sap.com> wrote: > > > > Fixing TLS is in-scope, though, and TLS shouldn't leak information just > > because other related protocols also leak information. > > Don't fix it if it ain't broken. > SNI was specifically DESIGNED to convey the server name in the clear. > > Security only works in a meaningful fashion if you can ensure "hygiene", > otherwise it will be expensive obscurity and result in casualties. > SNI was NOT DESIGNED to be convey the server name in clear. SNI was designed so that the server can pick the right certificate. SNI can be transmitted encrypted and should be transmitted encrypted (see recent plenary sessions at IETF88). > Putting SNI info in an encrypted handshake would make that information > > unavailable to passive attackers. > > This is a dangerious illusion. As long as SNI will travel in the clear in > protocol versions up to TLSv1.2, it *WILL* leak. Maybe not from your > client, but someone elses older client going to the same service. > Martin, with your argument why should we fix anything at all in any product or design? The proposed solution FIXES passive pervasive surveillance in TLS 1.3. Your proposal fixes nothing, keeps an identified and acknowledged security flaw in TLS 1.3 and enables passive pervasive surveillance. Let's make pervasive passive surveillance harder. Your other concerns that there other ways how an attacker can get the host name are noted and are out-of-scope for the TLS-WG (yes, the NSA can even get a FISA order...but we wont fix that one either....and enabling IPSEC does not scale (yet)). regards, ralf
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- [TLS] Final nail in the coffin for cleartext SNI/… Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Ryan Hurst
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Seth David Schoen
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Jacob Appelbaum
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Sean Leonard
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Phillip Hallam-Baker
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Bodo Moeller
- Re: [TLS] Final nail in the coffin for cleartext … Marsh Ray
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Geoffrey Keating