Re: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS
"Viktor S. Wold Eide" <viktor.s.wold.eide@gmail.com> Thu, 27 August 2015 09:14 UTC
Return-Path: <viktor.s.wold.eide@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72DD1A8F3B for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 02:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCScS6SQo8i8 for <tls@ietfa.amsl.com>; Thu, 27 Aug 2015 02:14:41 -0700 (PDT)
Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E9C91A8AAF for <TLS@ietf.org>; Thu, 27 Aug 2015 02:14:41 -0700 (PDT)
Received: by igui7 with SMTP id i7so56838668igu.1 for <TLS@ietf.org>; Thu, 27 Aug 2015 02:14:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=oz6I32dNSWcPP/XpXGrQvb0ErFxO4VsYPpFov/td7Qg=; b=Tt0XRuu3ob+aw8O1g7PSvIjfOCGGMDKhUlKVLX6ApqIJbLK8zgWu7RmaKklcvRJ7k2 XJehN9CzBa/qsgI4/q9jhHHs/+3PhyUJwM80vaJpWSEHVctUVuAUon7gEktQF3/vUmIN KMnajyN8vZq2PNkpvTbaevMmmgvOowiYwzA3Ndhh50P6J/I4xWp4QkD/uqrQXqerXUqC 5Uc+qUV5HcafrMDm69aITF27FJF7uMi5FWzqFiAkd+0D0grNe1Pqw/Aru2zmLAg1O+QX z/S02u4IReqHacM4yH1b/i7VvIHGaBQLKEnniAdJkuyKCFAEtfc2IMsodcxBI4lqSPR2 nY0A==
X-Received: by 10.50.93.102 with SMTP id ct6mr8211864igb.75.1440666881006; Thu, 27 Aug 2015 02:14:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.84.68 with HTTP; Thu, 27 Aug 2015 02:14:01 -0700 (PDT)
In-Reply-To: <CABcZeBNP8SZeWWVj4_fGxZm-SvYG-cmtQoJ1xBaLLWsLKsNc4Q@mail.gmail.com>
References: <CAL6x8mchyh2Qpqcd5Rv-rXgZ+1_CAbV7vkib+-yU4DEDFx82Yg@mail.gmail.com> <CABcZeBNP8SZeWWVj4_fGxZm-SvYG-cmtQoJ1xBaLLWsLKsNc4Q@mail.gmail.com>
From: "Viktor S. Wold Eide" <viktor.s.wold.eide@gmail.com>
Date: Thu, 27 Aug 2015 11:14:01 +0200
Message-ID: <CAL6x8mf6f0_RaUhsXh0dWeB0_=XcCdvbechAcd=q_cq95dB_2w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b160275aea3e7051e47658e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/cPbH6Pe7e5maD3O7cn-EwYq2AUE>
Subject: Re: [TLS] Privacy considerations - identity hiding from eavesdropping in (D)TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 09:14:43 -0000
On Mon, Aug 24, 2015 at 11:17 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > TLS 1.3 encrypts both the client's and server's certificates already. > The server's certificate is secure only against passive attack. The > client's is encrypted with a key that the client can authenticate as > belonging to the server. > > It's good to see that both the client's and the server's certificates are encrypted in TLS 1.3, providing protection against passive eavesdropping. For some use cases it might be worthwhile to reduce the information made available to an active attacker also. Are there any suggestions in this direction for TLS 1.3? One might think of a multi stage approach, something like: - Anonymous connection establishment, resulting in a secure channel. - Authentication by means of group certificate. - Authentication by means of a host specific certificate. The purpose of the second step above is to first only provide the group identity to an active attacker, and then to reveal the host identities (certificate information) only after group membership has been mutually authenticated. Does something like this seem reasonable for TLS 1.3 or are there any other ways for providing protection of identities against an active attack? Best regards Viktor S. Wold Eide
- [TLS] Privacy considerations - identity hiding fr… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Paul Wouters
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Badra
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- Re: [TLS] Privacy considerations - identity hidin… Paul Wouters
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- Re: [TLS] Privacy considerations - identity hidin… Pascal Urien
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Eric Rescorla
- Re: [TLS] Privacy considerations - identity hidin… Viktor S. Wold Eide
- Re: [TLS] Privacy considerations - identity hidin… Viktor Dukhovni
- [TLS] Encrypted SNI (was: Privacy considerations … Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Viktor Dukhovni
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Daniel Kahn Gillmor
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Jacob Appelbaum
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Joseph Lorenzo Hall
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Nick Mathewson
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Martin Rex
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Martin Rex
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Salz, Rich
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dave Garrett
- Re: [TLS] Encrypted SNI (was: Privacy considerati… Dang, Quynh