IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt

Tom Ritter <tom@ritter.vg> Wed, 19 July 2017 04:03 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EC0127076 for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ritter.vg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GMV4z6iPUhk for <tls@ietfa.amsl.com>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4857D126D85 for <tls@ietf.org>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id y70so4061732vky.3 for <tls@ietf.org>; Tue, 18 Jul 2017 21:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EVpOgr+W7ZJyK7EmBBOWRYakeQupul4/Qlp0JAbLtP0=; b=h4nUJciGhEqlAyhzJhyYwlN55HAglvFooAlAh5s4omyxIOkF4wm1KfG+sKTqzsBFaW YtebpAYAszomV2V5b8/NA1lGARCEAgaoLDexsWmOrdu/7VxHsERlorp/2f0bvNqEIO1U B0oSCNweyGY2bZCQuvnrhNi8/Mbqb1fS/FX1E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EVpOgr+W7ZJyK7EmBBOWRYakeQupul4/Qlp0JAbLtP0=; b=PbveClZBMnF6MQ2rdJZTol8gfHddI+TQLF6HhMImmKyoFZGcgWxhqGg0w4GP4dNegg 9TqmrUJTEzhVZXBM6/lt3qHhTpc8qPAH/TMoII7ChjenwezumDEamHgTJeSMlb6Mk2W5 +8jfOMblBvNdnF6h4xz6Lt/ypqkHHk3S7nSHoT/TlCcFNbZGOdwLFNRIcFU5czO0ekXG yFvHPa5CM9BzrfucUXaCj1NULlp4/+CuEJvkHMn9fQpzGyZrC4aamOkjCr/Ghc9vCcih zWcSXVin3sKYKMvXUx8z6etbVTnacgUeN5Ft5f74E8hAzUC9JBO5+eO+V87xOKqQinWs jdkg==
X-Gm-Message-State: AIVw112/2Lg5g8vnlBRkTb2ZJypBFEcthH9lbB+Z8JWJ4spsbs5w7ZHH N8Eaky1xBuAGqgQ7gbxhjH4A5iTlOoWB
X-Received: by 10.31.107.136 with SMTP id k8mr411392vki.82.1500437010010; Tue, 18 Jul 2017 21:03:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.65.195 with HTTP; Tue, 18 Jul 2017 21:03:09 -0700 (PDT)
In-Reply-To: <CANatvzyus----nLQE4qAVY4E3sfnXetUHJLAMj3JcCahkhZGRA@mail.gmail.com>
References: <150043553129.25392.13213180786681889232.idtracker@ietfa.amsl.com> <CANatvzyus----nLQE4qAVY4E3sfnXetUHJLAMj3JcCahkhZGRA@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Tue, 18 Jul 2017 23:03:09 -0500
Message-ID: <CA+cU71k8=jgQ3q0_tGGO1ZUW_Y0qJC62XfGcPeKsW+T1umWruw@mail.gmail.com>
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cBdE7oqCpQ2_2qJBluvVcSjSLng>
Subject: Re: [TLS] Fwd: New Version Notification for draft-kazuho-protected-sni-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 04:03:33 -0000

If I remember correctly, the idea of enabling SNI encryption (and
0RTT) via DNS had been brought up very early on in the discussion.
draft-nygren-service-bindings was the first (only? major?) concrete
proposal.

In general, I think the feedback was "DNS gets filtered to only
A/CNAME records so frequently that anything that relies on other DNS
records isn't going to work an appreciable portion of the time".

I'm disappointed by this also; but as we are also trying to deploy DNS
privacy - mechanisms that rely on an easily surveilled, censored, or
blocked mechanism to enable other sorts of privacy are concerning.

-tom


On 18 July 2017 at 22:42, Kazuho Oku <kazuhooku@gmail.com> wrote:
> Hi,
>
> I am happy to see us having discussions on how to protected SNI. I am
> also happy to see that draft-huitema-tls-sni-encryption [1] proposes
> actual methods that we might want to use, and that the I-D discusses
> about various attack vectors that we need to be aware of.
>
> On the other hand, as stated on the mailing list an on the mic, I am
> not super happy with the fact that the proposed methods have a
> negative impact on connection establishment time.
>
> So here goes my straw-man proposal, as an Internet Draft:
> https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/.
>
> In essence, the draft proposes of sending information (e.g.,
> semi-static (EC)DH key) to bootstrap encryption in ClientHello as a
> DNS record. Clients will use the obtained (EC)DH key to encrypt SNI.
>
> Since DNS queries can run in parallel, there would be no negative
> performance impact, as long as DNS responses can be obtained in a
> single RTT.
>
> The draft mainly discusses about sending a signed bootstrap
> information together with the certificate chain, since doing so is not
> only more secure but opens up other possibilities in the future (such
> as 0-RTT full handshake). However, since transmitting a bootstrap
> record with digital signature and identity is unlikely to fit in a
> single packet (and therefore will have negative performance impact
> until DNS over TLS or QUIC becomes popular), the draft also discusses
> the possibility of sending the EC(DH) key unsigned in the "Things to
> Consider" section.
>
> I would appreciate it if you could give me comments / suggestions on
> the proposed approach. Thank you in advance.
>
> [1] https://datatracker.ietf.org/doc/draft-huitema-tls-sni-encryption/
>
>
> ---------- Forwarded message ----------
> From:  <internet-drafts@ietf.org>
> Date: 2017-07-19 5:38 GMT+02:00
> Subject: New Version Notification for draft-kazuho-protected-sni-00.txt
> To: Kazuho Oku <kazuhooku@gmail.com>
>
>
>
> A new version of I-D, draft-kazuho-protected-sni-00.txt
> has been successfully submitted by Kazuho Oku and posted to the
> IETF repository.
>
> Name:           draft-kazuho-protected-sni
> Revision:       00
> Title:          TLS Extensions for Protecting SNI
> Document date:  2017-07-19
> Group:          Individual Submission
> Pages:          9
> URL:
> https://www.ietf.org/internet-drafts/draft-kazuho-protected-sni-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-kazuho-protected-sni/
> Htmlized:       https://tools.ietf.org/html/draft-kazuho-protected-sni-00
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-kazuho-protected-sni-00
>
>
> Abstract:
>    This memo introduces TLS extensions and a DNS Resource Record Type
>    that can be used to protect attackers from obtaining the value of the
>    Server Name Indication extension being transmitted over a Transport
>    Layer Security (TLS) version 1.3 handshake.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> --
> Kazuho Oku
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email