Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt
Tom Ritter <tom@ritter.vg> Wed, 19 July 2017 04:03 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EC0127076 for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ritter.vg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GMV4z6iPUhk for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4857D126D85 for <tls@ietf.org>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id y70so4061732vky.3 for <tls@ietf.org>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EVpOgr+W7ZJyK7EmBBOWRYakeQupul4/Qlp0JAbLtP0=; b=h4nUJciGhEqlAyhzJhyYwlN55HAglvFooAlAh5s4omyxIOkF4wm1KfG+sKTqzsBFaW YtebpAYAszomV2V5b8/NA1lGARCEAgaoLDexsWmOrdu/7VxHsERlorp/2f0bvNqEIO1U B0oSCNweyGY2bZCQuvnrhNi8/Mbqb1fS/FX1E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EVpOgr+W7ZJyK7EmBBOWRYakeQupul4/Qlp0JAbLtP0=; b=PbveClZBMnF6MQ2rdJZTol8gfHddI+TQLF6HhMImmKyoFZGcgWxhqGg0w4GP4dNegg 9TqmrUJTEzhVZXBM6/lt3qHhTpc8qPAH/TMoII7ChjenwezumDEamHgTJeSMlb6Mk2W5 +8jfOMblBvNdnF6h4xz6Lt/ypqkHHk3S7nSHoT/TlCcFNbZGOdwLFNRIcFU5czO0ekXG yFvHPa5CM9BzrfucUXaCj1NULlp4/+CuEJvkHMn9fQpzGyZrC4aamOkjCr/Ghc9vCcih zWcSXVin3sKYKMvXUx8z6etbVTnacgUeN5Ft5f74E8hAzUC9JBO5+eO+V87xOKqQinWs jdkg==
X-Gm-Message-State: AIVw112/2Lg5g8vnlBRkTb2ZJypBFEcthH9lbB+Z8JWJ4spsbs5w7ZHH N8Eaky1xBuAGqgQ7gbxhjH4A5iTlOoWB
X-Received: by 10.31.107.136 with SMTP id k8mr411392vki.82.1500437010010; Tue, 18 Jul 2017 21:03:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.65.195 with HTTP; Tue, 18 Jul 2017 21:03:09 -0700 (PDT)
In-Reply-To: <CANatvzyus----nLQE4qAVY4E3sfnXetUHJLAMj3JcCahkhZGRA@mail.gmail.com>
References: <150043553129.25392.13213180786681889232.idtracker@ietfa.amsl.com> <CANatvzyus----nLQE4qAVY4E3sfnXetUHJLAMj3JcCahkhZGRA@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Tue, 18 Jul 2017 23:03:09 -0500
Message-ID: <CA+cU71k8=jgQ3q0_tGGO1ZUW_Y0qJC62XfGcPeKsW+T1umWruw@mail.gmail.com>
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cBdE7oqCpQ2_2qJBluvVcSjSLng>
Subject: Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 04:03:33 -0000
If I remember correctly, the idea of enabling SNI encryption (and 0RTT) via DNS had been brought up very early on in the discussion. draft-nygren-service-bindings was the first (only? major?) concrete proposal. In general, I think the feedback was "DNS gets filtered to only A/CNAME records so frequently that anything that relies on other DNS records isn't going to work an appreciable portion of the time". I'm disappointed by this also; but as we are also trying to deploy DNS privacy - mechanisms that rely on an easily surveilled, censored, or blocked mechanism to enable other sorts of privacy are concerning. -tom On 18 July 2017 at 22:42, Kazuho Oku <kazuhooku@gmail.com> wrote: > Hi, > > I am happy to see us having discussions on how to protected SNI. I am > also happy to see that draft-huitema-tls-sni-encryption [1] proposes > actual methods that we might want to use, and that the I-D discusses > about various attack vectors that we need to be aware of. > > On the other hand, as stated on the mailing list an on the mic, I am > not super happy with the fact that the proposed methods have a > negative impact on connection establishment time. > > So here goes my straw-man proposal, as an Internet Draft: > https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/. > > In essence, the draft proposes of sending information (e.g., > semi-static (EC)DH key) to bootstrap encryption in ClientHello as a > DNS record. Clients will use the obtained (EC)DH key to encrypt SNI. > > Since DNS queries can run in parallel, there would be no negative > performance impact, as long as DNS responses can be obtained in a > single RTT. > > The draft mainly discusses about sending a signed bootstrap > information together with the certificate chain, since doing so is not > only more secure but opens up other possibilities in the future (such > as 0-RTT full handshake). However, since transmitting a bootstrap > record with digital signature and identity is unlikely to fit in a > single packet (and therefore will have negative performance impact > until DNS over TLS or QUIC becomes popular), the draft also discusses > the possibility of sending the EC(DH) key unsigned in the "Things to > Consider" section. > > I would appreciate it if you could give me comments / suggestions on > the proposed approach. Thank you in advance. > > [1] https://datatracker.ietf.org/doc/draft-huitema-tls-sni-encryption/ > > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: 2017-07-19 5:38 GMT+02:00 > Subject: New Version Notification for draft-kazuho-protected-sni-00.txt > To: Kazuho Oku <kazuhooku@gmail.com> > > > > A new version of I-D, draft-kazuho-protected-sni-00.txt > has been successfully submitted by Kazuho Oku and posted to the > IETF repository. > > Name: draft-kazuho-protected-sni > Revision: 00 > Title: TLS Extensions for Protecting SNI > Document date: 2017-07-19 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/internet-drafts/draft-kazuho-protected-sni-00.txt > Status: https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/ > Htmlized: https://tools.ietf.org/html/draft-kazuho-protected-sni-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-kazuho-protected-sni-00 > > > Abstract: > This memo introduces TLS extensions and a DNS Resource Record Type > that can be used to protect attackers from obtaining the value of the > Server Name Indication extension being transmitted over a Transport > Layer Security (TLS) version 1.3 handshake. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > -- > Kazuho Oku > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Fwd: New Version Notification for draft-kaz… Kazuho Oku
- Re: [TLS] Fwd: New Version Notification for draft… Tom Ritter
- Re: [TLS] Fwd: New Version Notification for draft… Kazuho Oku
- Re: [TLS] Fwd: New Version Notification for draft… Ilari Liusvaara
- Re: [TLS] Fwd: New Version Notification for draft… Kazuho Oku