IETF Logo Mail Archive

Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3

Watson Ladd <watsonbladd@gmail.com> Thu, 07 November 2013 16:40 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7841111E81D9 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:40:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.544
X-Spam-Level:
X-Spam-Status: No, score=-2.544 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nv08WD50TaVz for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:40:05 -0800 (PST)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id AA34D11E825B for <tls@ietf.org>; Thu, 7 Nov 2013 08:39:57 -0800 (PST)
Received: by mail-we0-f169.google.com with SMTP id q58so799519wes.28 for <tls@ietf.org>; Thu, 07 Nov 2013 08:39:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QRGrr+OuDRvDRdpOk2kADRfEgN1RortCCOoTRSt859Q=; b=VJkw7IffTvALgtm7v1ZQB2Ih9SzXgiSWjMMI8rx5N2cwNikmf0kehyhTjNFqCLUZZE PVXJ5bZL++YNx0SRKpoUoAzsQxi2YpZqqmHuXthNhXfwW4C3xUpE/EpjEFZ2haBWX9a8 pDkVF4u7Q4MYbYhsg+ue4LeAXVWdojA83GrMkgh1dP3eiHPBTYfs8mFZzmBS3MLm4f51 S1dZZeXYCDE7tpy1MJHr4GBok03amR+HN6qoC0eAWlJvWmT9eGnOY/VyeX1oLFflZdd6 P1QHQV3O3ZDBFbhUufWf6MkPbTIUUS5hIrCZAFWUQyr+Ls642Ke1NvV+4jjPgCZWhCaz NgtQ==
MIME-Version: 1.0
X-Received: by 10.194.93.3 with SMTP id cq3mr8343077wjb.26.1383842393483; Thu, 07 Nov 2013 08:39:53 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Thu, 7 Nov 2013 08:39:53 -0800 (PST)
In-Reply-To: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com>
References: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com>
Date: Thu, 07 Nov 2013 08:39:53 -0800
Message-ID: <CACsn0c=VWmsfxvE_17+FyBASUXPCNrS1FQQ02fzhF5rA6zx4wQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Ralf Skyper Kaiser <skyper@thc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 16:40:06 -0000

On Thu, Nov 7, 2013 at 8:32 AM, Ralf Skyper Kaiser <skyper@thc.org> wrote:
> Hi,
>
> Thank you for the helpful TLS WG meeting yesterday at
> the IETF88 and to the WG for the excellent work on
> TLS.
>
>
> No consensus was reached on ‘Reduced RT handshake with
> privacy”.
>
>
> Some thoughts why SNI (host name) and ALPN should be
> transmitted encrypted and not in clear.
>
>
> 1. Meta-data is important. Meta-data tells a lot about a person.
> Meta-data can get a user killed or worse. Transmitting the host-name
> (meta-data) in clear in TLS is not good (as in ‘not good because it
> can get you killed’ and there is no alternative for the user – unless
> the user is a tech-wizard.).
They can use Tor. They need to anyway: reverse DNS lookups are not
rocket science.
>
>
> 2. What is the message to the user? TLS is secure – well, kind’a.
> TLS secures some things but that you read freedom4gays.com,
> secure.washingtonpost.com or myfavoritepoliticalparty.com is
> leaked – but we still call it secure???
This is as secure as sending a sealed envelope through the mail.
>
>
> 3. Governments just love filtering by site. (Block secure.twitter.com
> but not blub.com). Same goes for filtering by application (ALPN).
> Transmitting this information in clear plays into the hands of the
> adversary.
>
>
>
> There are other ways how an adversary can extract the same meta-data.
> This should not deter us from fixing it in TLS. Maybe we will find a
> solution for the other problems as well (like confidential DNS).
No, the other problem is you connect to the server and ask it to show
you a page,
and learn what the server is. The sole exception is multihosting,
which is getting
less common for various reasons.
>
> Fixing this in TLS increases the cost of surveillance. This is the goal.
>
>
> An adversary can no longer use passive surveillance to extract SNI/ALPN.
> The adversary is forced to do detectable active surveillance to get the
> meta-data).
>
>
> Those who give up security for a little bit of performance neither
> deserve security nor performance.
>
>
>
> Regards,
>
>
>
> Ralf
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

v2.23.0 | Report a Bug | By Email