IETF Logo Mail Archive

Re: [TLS] New Draft: Using DNS to set the SNI explicitly

Ben Schwartz <bemasc@google.com> Tue, 07 February 2017 19:11 UTC

Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDD3B129DF0 for <tls@ietfa.amsl.com>; Tue, 7 Feb 2017 11:11:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IxdRzkz9WoEz for <tls@ietfa.amsl.com>; Tue, 7 Feb 2017 11:11:53 -0800 (PST)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11B731295A0 for <tls@ietf.org>; Tue, 7 Feb 2017 11:11:53 -0800 (PST)
Received: by mail-it0-x22d.google.com with SMTP id 203so84157761ith.0 for <tls@ietf.org>; Tue, 07 Feb 2017 11:11:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=I5qARLOwF5VH2qTx1E6AgrELX8zC32PEn/3dAIjEeSM=; b=AZkbJ3kCRhXM7wi7Q1ddULXcVlAPTlz1CZvNNIJCpnyFey2C6hWPFXXd1WVxxKPJty 90H/mAj+Q1B94p98RICfcLgKEQvONPSUZ3A9d4rGbUEMAgMannwXki0o7cGO0Z0IxpcT LzAhqDdR5JPPvTmyTjnn32JPxEpxtBB8WAlZvQ/rpO2B5WWHYTWAiZAtkt+71KV0Luxs qlQZClAvYfR3aBXwLksnghGoh5CkXAXOuptN6lJj9+qoQsCcbXGuaq+EiailjJl6pvVA G4sAXi55SJ0uURTtyDyK6p+Q4q/moZAILAmbls3tmEvx4BLCJR93QGP3xsnvuVUeneE+ gPKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=I5qARLOwF5VH2qTx1E6AgrELX8zC32PEn/3dAIjEeSM=; b=nweLajTbvETKnTfmcJS3SJ/H5+VvQBiSlMxzHuct+KOrA9nkOD4D8qohr6Ayt7Gw7P rcS8oJ6Aca8JDq+DClcRjbx+CklLml2iMhJL2INcgYWItFJpD91y4h7yHE6GTeb0INgh /4iL2aX2Xc3l1cB4X+comF4uIglGyueDFTcKrwqF3wYbgdCdRR3Zs72/Km4rwRVYIUVs C38ckVyjqzul34buWEXaUPALKAlaGSKqaCAhanNQBd7WF7LOuDhaeufo7mOYCOPLpa4Q gt28sYB3awxXSGr14mpzZ3dCH82IeVBdQ28k89DFOXxC6jNUTrVeEK+dWVfUerdsVbVC AhAw==
X-Gm-Message-State: AIkVDXJ5X6aHuOCrFBNOJUJfxxmX4qn01z0K3I+wxd0Xtc9tlMCZfHfXL7rGk0s1KNLCUs3v6HerAo+BkEXpbTVN
X-Received: by 10.36.1.147 with SMTP id 141mr13586384itk.65.1486494712265; Tue, 07 Feb 2017 11:11:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.135.164 with HTTP; Tue, 7 Feb 2017 11:11:51 -0800 (PST)
In-Reply-To: <20170207164853.GA979@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAHbrMsCpCH2qSG=cZjMMuWbpzCn8dQhvaTDaRc1riwnYiKGjsg@mail.gmail.com> <20170207164853.GA979@LK-Perkele-V2.elisa-laajakaista.fi>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 07 Feb 2017 14:11:51 -0500
Message-ID: <CAHbrMsB5q_1e6Pg-hmgt+xUVtFtmdoaQ-XfpXfrQu18uF5+zWw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="001a1143d464496d7d0547f58563"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bnUwSfx6HeM7VxvGDJUOdCx7Esk>
Cc: tls@ietf.org
Subject: Re: [TLS] New Draft: Using DNS to set the SNI explicitly
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 19:11:55 -0000

On Tue, Feb 7, 2017 at 11:48 AM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Tue, Feb 07, 2017 at 11:12:12AM -0500, Ben Schwartz wrote:
> > Hi TLS,
> >
> > Like a lot of people here, I'm very interested in ways to reduce the
> > leakage of users' destinations in the ClientHello's cleartext SNI.  It
> > seems like the past and current proposals to fix the leak are pretty
> > difficult, involving a lot of careful cryptography and changes to clients
> > and servers.
> >
> > While we're trying to figure that out, I think there's a simple trick
> that
> > could help a lot: just let domain owners tell users an alternate SNI in a
> > DNS entry.
> >
> > Here's the full draft:
> > https://tools.ietf.org/html/draft-schwartz-dns-sni-00
> >
> > If you just want to glance at it, I recommend Figure 2.
> >
> > Please read and critique!  This is a starting point; the contents will
> > change based on your input.
>
> What is the reason for treating IPv6 and IPv4 differently? AFAIK, The
> way clients usually deal with IPv6, splitting will not work properly.
>

I proposed to treat IPv4 and IPv6 separately because a "dual stack" domain
owner might reasonably have very different configurations for their IPv4
and IPv6 servers.  For example, a domain owner might use shared hosting for
IPv4, but assign each domain to a unique IPv6 address.  Splitting the DNS
record in this way allows the server operator to disable SNI (by publishing
an SNI record with empty RDATA) for connections to the IPv6 servers,
without affecting requests to the IPv4 servers.

You raise a good point: this requires a dual-stack client to be able to
generate different ClientHello messages for IPv4 and IPv6 servers during
Happy Eyeballs.  If that's impractical, then we can remove this split, and
just be a little less flexible for "dual stack" server operators.  Does
anyone know whether it's reasonable for clients to generate ClientHello
messages that depend on IPv4 vs IPv6?


>
> I didn't see definition of the wire format of the record, or if it
> is RFC3597-compliant[1] (all new rrtypes SHOULD be RFC3597-compliant).
>

Thanks for the pointer.  It should definitely be RFC 3597 compliant.  I'll
clarify that in the next version.


>
> I earlier had an idea for doing siminar thing via DNS records and a new
> SNI name type (with just a few bytes of space). The problematic practice
> with SNI was sending multiple name types, not using new name types with
> servers declaring support.
>

OK.  For now I don't see a reason to switch to a new name type, but having
an SNI record might allow us to do so in the future (see the Extensibility
section).


>
> [1] Basically means that authoritative servers, recursive reolvers,
> DNS caches, DNS forwarders and stub resolvers can all handle the
> data part as opaque data, not having to modify it in any way.
>
>
> -Ilari
>

v2.23.0 | Report a Bug | By Email