[TLS] Éric Vyncke's No Objection on draft-ietf-tls-sni-encryption-05: (with COMMENT)

Éric Vyncke via Datatracker <noreply@ietf.org> Tue, 17 September 2019 20:58 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CC0C120072; Tue, 17 Sep 2019 13:58:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-sni-encryption@ietf.org, Joseph Salowey <joe@salowey.net>, Sean Turner <sean@sn3rd.com>, tls-chairs@ietf.org, joe@salowey.net, tls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.101.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <156875392447.17507.3998113824897028508.idtracker@ietfa.amsl.com>
Date: Tue, 17 Sep 2019 13:58:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/V6mPx0ZYFO7iWX7a1xdJt6jg9DA>
Subject: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-sni-encryption-05: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 20:58:45 -0000

Éric Vyncke has entered the following ballot position for
draft-ietf-tls-sni-encryption-05: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for the work put into this document. It is well-written and easy to
follow. Please find below a couple of comments and nits.

Reading
"  In practice, it may well be that no solution can meet every
   requirement, and that practical solutions will have to make some
   compromises."
in the abstract brought a smile on my face ;-) Same for "employees of the UK
National Cyber Security Centre" at the end ;-)

Regards,

-éric

== COMMENTS ==

-- Section 2.1 --
C.1) I would suggest to use the words "network operators" rather than ISP as
enterprise or parents for home networks are also relying on clear-text SNI to
enforce some policies.

-- Section 2.2 --
C.2) The word "abuses" seems a little strong in the first paragraph, I prefer
the wording used in 2.1 "unanticipated usage". But, this is only one comment.

-- Section 3.6 --
C.3) It is rather a question for my own curiosity... "The fronting service
could be pressured by adversaries. " is an obvious attack but even if SNI is
protected, the fronting service can still apply any policy to a protected
service as it has the knowledge of protected services by design. Hence, I
wonder why this case is mentioned here.

-- Security section --
Like Warren, I find the content of this section unusual.

== NITS ==

-- Section 2.1 --
Probably worth expanding "MITM" at first use.

--Section 3.3 --
Probably worth expanding "DOS" at first use.