IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

Fabrice <fabrice.gautier@gmail.com> Tue, 20 May 2014 16:56 UTC

Return-Path: <fabrice.gautier@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B20331A014D for <tls@ietfa.amsl.com>; Tue, 20 May 2014 09:56:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFVk3tvdDyQM for <tls@ietfa.amsl.com>; Tue, 20 May 2014 09:56:48 -0700 (PDT)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7D6B1A00E9 for <tls@ietf.org>; Tue, 20 May 2014 09:56:48 -0700 (PDT)
Received: by mail-pa0-f48.google.com with SMTP id rd3so495782pab.21 for <tls@ietf.org>; Tue, 20 May 2014 09:56:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=d/XW5zFagtfKgJ9fpYiDULncss/jTmT4SiHpBNoW0u0=; b=xDV3hb7YCiaP4vP2hiy5PgzFKl6eQ3WQuGBy6NNG3vLx9yvxGXY649RbswrMXFZwp6 XR9YBN0CZwdtwF6nRWW7tB27gCZM0QPznPqu+M4a/GBq5xh6o+LX23ZpUUvKBlpE1Wnl R/c2+oykmZWmmcx/m0TPNQ26kuMfAlv/TE8udvkgFOufp5aI0S0U3hOxoI/MHiVQUvtK s8NkPAylzc8kbFnzzTVlnmMeMMutDSpF63WGySUKZqhbukFQXq+Efbcxu+KL6b6stKi/ kKMgC2heZ0uMkpS/+qdqzZCiA9CCSR0HNmVd6bh+kKQIIXQwiO0q0bb27QB31e5j9GLL uRbQ==
X-Received: by 10.66.171.138 with SMTP id au10mr18291663pac.102.1400605008336; Tue, 20 May 2014 09:56:48 -0700 (PDT)
Received: from [10.0.1.4] (c-67-188-142-21.hsd1.ca.comcast.net. [67.188.142.21]) by mx.google.com with ESMTPSA id qw8sm4010616pbb.27.2014.05.20.09.56.46 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 20 May 2014 09:56:46 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Fabrice <fabrice.gautier@gmail.com>
X-Mailer: iPhone Mail (11D167)
In-Reply-To: <m2siobhyk6.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
Date: Tue, 20 May 2014 09:56:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1975D91-0823-471D-923E-CC749BAC5FF5@gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com> <CACsn0cmusUc3Rsb2Wof+dn0PEg3P0bPC3ZdJ75b9kkZ5LDGu_A@mail.gmail.com> <534DB18A.4060408@mit.edu> <CABcZeBOJ7k8Hb9QqCAxJ_uev9g_cb4j361dp7ANvnhOOKsT7NA@mail.gmail.com> <CA+cU71kFo6EihTVUrRRtBYEHbZwCa9nZo-awt4Sub2qXcKHC7g@mail.gmail.com> <m2k3apmjk2.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CALCETrU6zn52yX=Q-_h4epR6W9+f2oTr3yfyK1sxiwGa2dvWGw@mail.gmail.com> <CAKC-DJgNvF=hhwoyRNkJ3vKz9EZ_JpoM84bCip6eProLwsQsEg@mail.gmail.com> <CALCETrWY_-N+nM9N0_gbeffkX5Jo8vn7XKeFCezGiwq2A74Wjw@mail.gmail.com> <CAKC-DJg6kRLezM+Q60VLY=dBU9C_Q9hb_0u7WD-HHWVJ5Y6tRQ@mail.gmail.com> <CALCETrX7Dv9_+uM7VqotHGurS+k6K5wKzeXEj7zuekd8+0qOJQ@mail.gmail.com> <566E6D8E-ACD5-4B21-9586-84C149F6A1B9@akamai.com> <CALCETrUi+fc9LW1iqx0bFuAsgygmeorR9AnzLN+abGx08y152A@mail.gmail.com> <5204AB60-0B32-4953-9D3D-C2756883D39D@akamai.com> <CALCETrXOaNihRRNQ3RQsctbipAGq67cSUofOm0AOb-YWENFFwQ@mail.gmail.com> <m238hblob1.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CABcZeBN0i9Su1SuY6AZE7MBbPEPXRKAVQ1k7b+vOJKfpPEw3Ww@mail.gmail.com> <859F43324A6FEC448BFEA30C90405FA9037D56@SEAEMBX02.olympus.F5Net.com> <m2lhu6kgb9.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <15d5a50ed2244e8595edfa57d7055e2b@BY2PR03MB554.namprd03.prod.outlook.com> <m2siobhyk6.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
To: Brian Sniffen <bsniffen@akamai.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/awjsdQfy4mTWVpI8Sxti1l4zYaM
Cc: "tls@ietf.org" <tls@ietf.org>, Andy Lutomirski <luto@amacapital.net>
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 16:56:50 -0000

> On May 15, 2014, at 8:05, Brian Sniffen <bsniffen@akamai.com> wrote:
> 
> Marsh Ray <maray@microsoft.com> writes:
> 
>> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Brian Sniffen
>>> 
>>> Bitcoin's also hard to check: if the client says it found no bitcoin in a
>>> particular region, how do you know?  And a whole bitcoin's too
>>> much to ask.
>>> 
>>> An identity scheme tied to giving away bitcoin---much like a credit
>>> rating ties to many transactions profitable for the counterparty---
>>> has a lot in its favor.  It would make a great (research) extension
>>> on top of TLS 1.3, and I hope that any puzzle mechanism will be
>>> flexible enough to support that.
>> 
>> Years back, Microsoft was looking into a proof-of-work scheme for antispam sender-pays email.
>> http://research.microsoft.com/en-us/projects/pennyblack/
> 
> Thanks!  I hadn't remembered the name, but that work was surely on my
> mind as I wrote.
> 
>> One challenge is that botnets (that are conduits for most of the spam) also have plenty of spare CPU capacity.
> 
> Yes, but each bad node's CPU capacity only outstrips many good node's
> capacities by a little bit---compared to network bandwidth, where very
> often botnets outstrip good nodes' capacity by orders of magnitude.  Of
> course the bad nodes will beat out cell phone CPUs; a client puzzle
> scheme has to be about, in some part, "acceptable losses."  If we can
> drop new mobile nodes and the botnet, but keep service up for (say)
> established connections and "real" computers, that may be okay.

I don't have hard data at hand, but my guess is that these days TLS connections from mobile devices far outnumber TLS connections from "real" computers. So that may not be okay. 

> 
> -Brian
> 
> -- 
> Brian Sniffen
> Information Security
> Akamai Technologies
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email