[TLS] Fwd: New Version Notification for draft-ietf-tls-sni-encryption-01.txt
Christian Huitema <huitema@huitema.net> Mon, 19 February 2018 20:08 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29C99120724 for <tls@ietfa.amsl.com>; Mon, 19 Feb 2018 12:08:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fbDN-Dl7VgHG for <tls@ietfa.amsl.com>; Mon, 19 Feb 2018 12:08:09 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 743441200B9 for <tls@ietf.org>; Mon, 19 Feb 2018 12:08:02 -0800 (PST)
Received: from xsmtp24.mail2web.com ([168.144.250.190] helo=xsmtp04.mail2web.com) by mx16.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1enrim-00034d-5Z for tls@ietf.org; Mon, 19 Feb 2018 21:07:34 +0100
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1enrih-0002wH-Cv for tls@ietf.org; Mon, 19 Feb 2018 15:07:31 -0500
Received: (qmail 32401 invoked from network); 19 Feb 2018 20:07:12 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.56.42.184]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <tls@ietf.org>; 19 Feb 2018 20:07:12 -0000
References: <151907047824.18617.12401651429483540579.idtracker@ietfa.amsl.com>
To: "tls@ietf.org" <tls@ietf.org>
From: Christian Huitema <huitema@huitema.net>
X-Forwarded-Message-Id: <151907047824.18617.12401651429483540579.idtracker@ietfa.amsl.com>
Message-ID: <a4e7569c-aaac-02b4-2622-7a6d894ff948@huitema.net>
Date: Mon, 19 Feb 2018 12:07:08 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <151907047824.18617.12401651429483540579.idtracker@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------31822C63211B967E36163092"
Content-Language: en-US
X-Originating-IP: 168.144.250.190
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: ham
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.08)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5jylDVNV0U15wbcIDwe2eH1602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO5IcVwV4jjVcAOtIXxgohGFVMZsRZacTbJPGp/MBC6BxjJlVnovIa5v9pF3N/Q0gD0h5 mNm/WjPqhYqCeBiCKwzwNnO0oYiZjOnC1Xa7kCO2yyXX9TDPPlZ/jtxvfoBfVPvRa7MR4hgRIg8N 1QlY4G4/E7SMkAew92PUfpE24E7riSGt4Ko2sv7hY6P0Yu3OA+AIcPc2JG++Fh0y/kogNkMJ0464 etNXHOU+5Kb0QuG3bATPP9eeLWC5kDweN7crsXBXvrLBlKCVRjjdPbjQ4HmidG0pg2HLuLsP3mPp isElTs5Ex5aNZlcgVQFtAhrEij3dKxLhoxcmaInYbR5vlqETd+klAX+KFYkIxu6zxdn+Uz0sPgnp Ak2KA2vJwMd1uVIcMSgqtcKbU9La+AHiCFDnINtKVoUnVVMer0Qph9Fbpl8rF453rlG/1n4zSXbJ jyhOIYE4lDmb2NVqBXfxmgJRF7qS0dVOqm13ITdqVygNoAqqfLwzSyIm3DACsHeASWj55Nl155o2 Oe/0FuVZZmVzxAG+DjqL5QSEyTpqxgd+hoJiRUJS+7Nru8G8qObMBABriH3x3J15D78KylFpBEPm uAjNqfS+9DfhdG35lF41D/7Rwl5fb+U9Gl2IOh9znrOpesPVKexaScd+AzecZkTQ+XNr4QUyZNz0 uLvRKYxZQqF/LoUsSniF4plClx3amd6NjTPBYKXxsKTCOMI9bb8ERpFEqF2lExBUp1VMiBudCD+g btQwKEiK+sEGzrnReDF9mE6flINXEXJL2r3PrBjLoydbuOy1i9SfmYgxBbq3mdySlZou9qHIGOZD EEo7O+Pd3ebmKuucUVzXcVqfEwQXQ+sESjyASrM/THMyWUoiolU4x0KD113J1SYnBP2uKg==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UC6ZoXs33VsTn5PVYj4AuGAMODk>
Subject: [TLS] Fwd: New Version Notification for draft-ietf-tls-sni-encryption-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 20:08:11 -0000
The main change in the new version of this draft is the addition of "multi-protocol" requirements. Namely, hiding the SNI should also work for protocols like DTLS or QUIC. Then, it would be nice if we could also hide the ALPN, but that's somewhat less critical. After all, we could run every application over h2... -- Christian Huitema -------- Forwarded Message -------- Subject: New Version Notification for draft-ietf-tls-sni-encryption-01.txt Date: Mon, 19 Feb 2018 12:01:18 -0800 From: internet-drafts@ietf.org To: Christian Huitema <huitema@huitema.net>, Eric Rescorla <ekr@rtfm.com> A new version of I-D, draft-ietf-tls-sni-encryption-01.txt has been successfully submitted by Christian Huitema and posted to the IETF repository. Name: draft-ietf-tls-sni-encryption Revision: 01 Title: SNI Encryption in TLS Through Tunneling Document date: 2018-02-18 Group: tls Pages: 22 URL: https://www.ietf.org/internet-drafts/draft-ietf-tls-sni-encryption-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/ Htmlized: https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-tls-sni-encryption-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-sni-encryption-01 Abstract: This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft starts by listing known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and then presents two potential TLS layer solutions that might mitigate these attacks. The first solution is based on TLS in TLS "quasi tunneling", and the second solution is based on "combined tickets". These solutions only require minimal extensions to the TLS protocol. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-iet… Christian Huitema