Re: [TLS] Encrypting record headers: practical for TLS 1.3

Jacob Appelbaum <jacob@appelbaum.net> Sat, 05 December 2015 22:40 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7D61A90F3 for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 14:40:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysybtAzhQ0s2 for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 14:40:23 -0800 (PST)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A3541A90E9 for <tls@ietf.org>; Sat, 5 Dec 2015 14:40:23 -0800 (PST)
Received: by ioc74 with SMTP id 74so149075620ioc.2 for <tls@ietf.org>; Sat, 05 Dec 2015 14:40:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appelbaum-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3wJrDoLCywIT/Edfy9k6Tw0peVNLPmPrIsx+P+kJ+gs=; b=o2dgFV/j4PmqQ6oVWvPS8nZzYAHCHjB5RdnqO+9aUpZcMU4Vep6XRfvjZIUkbcaPNy jCbaOECGd6ABKV9aqrYLMCfRxIEIx6hR3KyI7/ByHpODcNhxDpQb3ttCjkDm81xN9eN+ ChivU58kD32GoFLRDuMUEIT8X3AQDj+e7yANrcP41t5OyBDzF7nh7YcPCLkgwA9+9hB6 7Y0BZHoH25XK3vsSabsMMnl9tdauejBC2w9rD+6vfUQP4NL8lD88f85hKcKOXfZMVPHE 0l+30LncBi2nzPaU/N96UsQklppzQlmhWFgf+Fiwq1zdkKi1Z3XMgRu1Ia/BTvCdq5iE utaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3wJrDoLCywIT/Edfy9k6Tw0peVNLPmPrIsx+P+kJ+gs=; b=jUxGnVTgl6RYPiqTuzMSrpNvAEZrl2zUNnovIGdt0hA/2E9+p82U6ORj/og0QO0DyL r630DQlgbPwy0H+KVPQ3TYHMXyrlJbf+G0jms6PJ+AxtTOKNZ0GLzmZYc/Z7dW/eafvb DfFu8jbd1lf8QwhaduWFFEVQvUf7eBugq1GefJV2e0pkRdF65CnXFPmUCIcIFuhNaJL4 u4pCLu+9kpeZEHyToFg3qJpnTW2Nk85zvCcOCGWkNRDkrgMM8iMmVaSx4ijb5sIG3Xbb +NpkYuFVoDKUv/Lly/UwB54jde0OY2KdFs3M3svU9lcmhB4r57LsqUMocn+qZzTl/1i5 zfeg==
X-Gm-Message-State: ALoCoQm2m8vce3rfEvCBhIMTSWjepBuZxZhbHrWCK6xnoFeWR4+c+WHSoT7BrCIjRs5IBqxVervJ
MIME-Version: 1.0
X-Received: by 10.107.137.19 with SMTP id l19mr17752576iod.138.1449355222908; Sat, 05 Dec 2015 14:40:22 -0800 (PST)
Received: by 10.79.70.71 with HTTP; Sat, 5 Dec 2015 14:40:22 -0800 (PST)
X-Originating-IP: [94.242.246.24]
In-Reply-To: <CAO7N=i2kOnwV43f8GNQ8_E2_x4UpSm-5DYPsESi9Mb2gT88wSQ@mail.gmail.com>
References: <CAO7N=i2kOnwV43f8GNQ8_E2_x4UpSm-5DYPsESi9Mb2gT88wSQ@mail.gmail.com>
Date: Sat, 5 Dec 2015 22:40:22 +0000
Message-ID: <CAFggDF1ohwGDpSpBVRz5Lr4oRXmHdsYgVELwg1zQOGe7FKD4tg@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Ryan Carboni <ryacko@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/avcmx1LInLJLsIz8wn76U8edXS8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2015 22:40:24 -0000

On 12/5/15, Ryan Carboni <ryacko@gmail.com> wrote:
>>
>> If Akamai wants to leave their users insecure, I look forward to
>> another CDN offering privacy options. Such choice is missing if that
>> isn't an option and it isn't on as a strong default.
>
>
> The NSA has contracts with ISPs to have access to their user's content.
>

Which did you have in mind? AT&T? Sure. And for unilateral access they
do it without contracts such as the TAT cable.

> Is a CDN an ISP?
>

Are you asking if the CDN gives data to the NSA, I guess you'd just
have to ask them directly. I guess they won't answer or they'll be
legally obliged to lie.

All the best,
Jacob