Re: [TLS] Tonight's Encrypted SNI Hangout Session
Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 13 November 2017 17:55 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8AA128768 for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 09:55:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zDO_GtqUDYEk for <tls@ietfa.amsl.com>; Mon, 13 Nov 2017 09:55:38 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB53C129B1E for <tls@ietf.org>; Mon, 13 Nov 2017 09:55:37 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 60039B529E; Mon, 13 Nov 2017 19:55:36 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id 7_84i83Gko1o; Mon, 13 Nov 2017 19:55:36 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 15DF028B; Mon, 13 Nov 2017 19:55:34 +0200 (EET)
Date: Mon, 13 Nov 2017 19:55:33 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: tls@ietf.org
Message-ID: <20171113175533.d2ncygry5imzqdw3@LK-Perkele-VII>
References: <CAPCpN4t4m9M6u=E29u=TQnBScjRTfA91K9pdyPG3nvyi+GHC3w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAPCpN4t4m9M6u=E29u=TQnBScjRTfA91K9pdyPG3nvyi+GHC3w@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WIj51EOYBg_MSC9Zi7D_AKMTRdA>
Subject: Re: [TLS] Tonight's Encrypted SNI Hangout Session
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 17:55:40 -0000
On Mon, Nov 13, 2017 at 09:28:23PM +0800, Bret Jordan wrote: > > 3) We need to compile a list of use cases and scenarios in a draft document > that talk about how the SNI (for good or for bad) is being used today and > what an encrypted SNI will mean for these use cases. What I think SNI is mainly (legimately) used for: - Specify the certificate. - Specify the next service (both before and after TLS termination). Ideally, specifying certificate would be enough to specify the next service. But we all know reality is not ideal, so it might not be. In the converse direction, having multiple certificates all covering the same next service is very common (e.g., it would requre special setup with common webservers not to have it this way). As to specifying certificate, there are many reasons why a server might want multiple certificates: - There are too many names to put into one certificate. - Putting all the names into one certificate would be difficult to manage. - The server wants to make some separation between the names. - The names have different next service. One can note that both uses are really just to save IP address space. There are two main reasons why one would want to do that: - Conserving address space (IPv4!!!). - Avoiding adminstrative overhead of multiple IP addresses. Easier way to partially solve this would be to reduce the granularity of data. Does not work with all servers. The more difficult way would be to actually encrypt the SNI value (bound to the client public key to avoid a nasty attack that breaks the entiere scheme). This would make SNI before-termination routing more difficult, and absent something nontrivial, would increase the server handshake cost by over a half. However, much of the "encrypted SNI" discusion has been about different thing, namely proxying. Which is whole another can of worms, and is also a three-party protocol, not two-party. -Ilari
- [TLS] Tonight's Encrypted SNI Hangout Session Bret Jordan
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Tom Ritter
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Ilari Liusvaara
- Re: [TLS] Tonight's Encrypted SNI Hangout Session David P
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Ilari Liusvaara
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Christian Huitema
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Salz, Rich
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Bret Jordan
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Yoav Nir
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Bret Jordan
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Flemming Andreasen
- Re: [TLS] Tonight's Encrypted SNI Hangout Session Sean Turner