Re: [TLS] TLS-in-TLS tunneling use cases (was: SNI Encryption)
Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 19 August 2017 16:20 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4848513292F for <tls@ietfa.amsl.com>; Sat, 19 Aug 2017 09:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBI18HTTtAee for <tls@ietfa.amsl.com>; Sat, 19 Aug 2017 09:20:09 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id F25631320D9 for <tls@ietf.org>; Sat, 19 Aug 2017 09:20:08 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id B6F8C93639; Sat, 19 Aug 2017 19:20:07 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id uA71jnmXxzUN; Sat, 19 Aug 2017 19:20:07 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 6EB7FC4; Sat, 19 Aug 2017 19:20:05 +0300 (EEST)
Date: Sat, 19 Aug 2017 19:20:05 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Tony Arcieri <bascule@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20170819162005.bwjmos4rtij7rdmj@LK-Perkele-VII>
References: <CAHOTMVJczAcn6dEot-nVqN6NQxZt64pq=bKr4p6tz4F3WhJdGw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAHOTMVJczAcn6dEot-nVqN6NQxZt64pq=bKr4p6tz4F3WhJdGw@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Zib1SAshRDiZhwj50Bi0k5O5E9s>
Subject: Re: [TLS] TLS-in-TLS tunneling use cases (was: SNI Encryption)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Aug 2017 16:20:11 -0000
On Wed, Aug 09, 2017 at 10:54:46PM -0700, Tony Arcieri wrote: > Consider: a gateway server acting as an external proxy which bridges an > internal network with the Internet, acting as a forward proxy to > authenticated clients (either human-driven apps/tools or backend services). > These sorts of tunnels (ab)use a HTTP(S) forward-proxy to establish > outbound TCP connections (which, if you care about security, will carry TLS > encrypted traffic). > > This approach is partly described in RFC 2817[2], but to tick all of the > checkboxes on the points I mentioned earlier using this method, you need to > implement features in draft-luotonen-web-proxy-tunneling-01[3], which has > never received an RFC and, as far as I can tell, is only properly > implemented by Squid. Using Squid as a TLS-in-TLS tunneling solution seems > less than ideal to me, and yet in many ways it seems like the "least > friction" option, especially for access control purposes. As far as I can see, draft-luotonen-web-proxy-tunneling-01 doesn't really bring anything new on top of RFC 2817 (and in fact, is older than the RFC). Neither seemingly describes TLS-in-TLS (SSL-in-SSL) tunnels. But those are a straightforward extension of the normal HTTP tunneling mechanism. Including cases where trustpiles for inner and outer connections are different and where client certificates are different. However, some non-TLS protocols will not work over HTTPS CONNECT, unless both client and proxy break TLS semantics (specifically the behavior of close_notify alert). In terms of complexity, as far as I can see, the complexity of minimal implementation of HTTPS tunneling is comparable to dedicated TLS layer method. HTTPS tunneling does double-encrypt, but eliminating that double encryption is nontrivial (at least for analysis). One annoyance in HTTPS tunneling is that the hostname can be duplicated in three places: 1) The CONNECT target (this is actual place to connect to). 2) The host header (this is supposed to be absent in HTTP/1.0, and MAY be blank in HTTP/1.1). 3) The SNI in TLS handshake (in plaintext, can be extracted). -Ilari
- [TLS] TLS-in-TLS tunneling use cases (was: SNI En… Tony Arcieri
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Martin Thomson
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Tony Arcieri
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Martin Thomson
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Tony Arcieri
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Daniel Kahn Gillmor
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Ilari Liusvaara
- Re: [TLS] TLS-in-TLS tunneling use cases (was: SN… Tony Arcieri