Re: [TLS] Encrypted SNI (was: Privacy considerations - identity hiding from eavesdropping in (D)TLS)

"Dang, Quynh" <quynh.dang@nist.gov> Fri, 25 September 2015 18:20 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60F791A1BAA for <tls@ietfa.amsl.com>; Fri, 25 Sep 2015 11:20:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxNvHqlAbAwm for <tls@ietfa.amsl.com>; Fri, 25 Sep 2015 11:20:24 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0741.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:741]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17C221A1A50 for <tls@ietf.org>; Fri, 25 Sep 2015 11:20:23 -0700 (PDT)
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) with Microsoft SMTP Server (TLS) id 15.1.274.16; Fri, 25 Sep 2015 18:20:08 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0274.009; Fri, 25 Sep 2015 18:20:08 +0000
From: "Dang, Quynh" <quynh.dang@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Encrypted SNI (was: Privacy considerations - identity hiding from eavesdropping in (D)TLS)
Thread-Index: AQHQ4ax35PfRINRHmkyOtwKRHoFA954hmDoAgCWp+QCAAbXSgIAAC2cAgAAEuICABGaXgIAAG2UAgAAZxICAAAL0gIAAEQSAgAABnCQ=
Date: Fri, 25 Sep 2015 18:20:08 +0000
Message-ID: <BN1PR09MB1242B394FE65C4E1FFC4291F3420@BN1PR09MB124.namprd09.prod.outlook.com>
References: <20150925171037.E50EE1A2A1@ld9781.wdf.sap.corp>, <201509251411.31440.davemgarrett@gmail.com>
In-Reply-To: <201509251411.31440.davemgarrett@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.219.186]
x-microsoft-exchange-diagnostics: 1; BN1PR09MB124; 5:kdLuZB2iY//B8fhHzrldPwjjw/R33pl6gX0oWkW//iZ1N3qd4cugkSAh30mT9OHTKZ7WWlGdGjelIls0q2nVymFDqegt1xazOGo44+JtWHzyocZbkJ/lzLNhWqFP+S/h47ZYy0h8AD4ExbpI5dIrLA==; 24:KITLAjAOwQS/RmTOXD17tbieR+CiPBmeNk65phQ7urcpiZzJ2wKypDS/AllOhgurup4Fkreepghe+PfeO5mOausr3oG3K5Kn3xs1/1TOpkw=; 20:2XbiRfYxvvx6UyJL+G1QBJBTsYzNepo0TGiwzUvnCjUzc4MDot6B+CihICUlVX9P95FrNVDnVykycIKsRM2Cww==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB124;
x-microsoft-antispam-prvs: <BN1PR09MB1244BDDB217CB8E713CFE6FF3420@BN1PR09MB124.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001); SRVR:BN1PR09MB124; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB124;
x-forefront-prvs: 07106EF9B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(24454002)(189002)(377454003)(46102003)(2501003)(62966003)(76176999)(19580395003)(99286002)(77156002)(2950100001)(76576001)(2900100001)(5003600100002)(450100001)(101416001)(102836002)(2351001)(5004730100002)(5002640100001)(5001960100002)(110136002)(77096005)(5007970100001)(50986999)(189998001)(107886002)(33656002)(68736005)(15975445007)(54356999)(19580405001)(5001830100001)(66066001)(87936001)(11100500001)(74316001)(5001860100001)(64706001)(81156007)(4001540100001)(10400500002)(97736004)(86362001)(105586002)(40100003)(92566002)(106116001)(106356001)(122556002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB124; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2015 18:20:08.7519 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB124
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/eJya-dI_XxB7xU08wQKmPc48TfQ>
Subject: Re: [TLS] Encrypted SNI (was: Privacy considerations - identity hiding from eavesdropping in (D)TLS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2015 18:20:28 -0000

How about making fixed length(s) for each message type, then pad it with 0x01 then optional 0x00s?

Quynh. 

________________________________________
From: TLS <tls-bounces@ietf.org>; on behalf of Dave Garrett <davemgarrett@gmail.com>;
Sent: Friday, September 25, 2015 2:11 PM
To: tls@ietf.org; mrex@sap.com
Subject: Re: [TLS] Encrypted SNI (was: Privacy considerations - identity hiding from eavesdropping in (D)TLS)

On Friday, September 25, 2015 01:10:37 pm Martin Rex wrote:
> Because it is not necessarily immediately obvious, you will need
> padding also for the Server Certificate handshake messages.
> And, because the key exchange is side-effected by properties of
> the Server Certificate, you may additionally need padding for the
> ServerKeyExchange and ClientKeyExchange handshake messages, so
> that the protocol doesn't leak of one of the service uses
> an RSA certificate and the other uses an ECDSA (or EdDSA) certificate.

This sounds like a good argument to come up with a default padding scheme for all handshake messages for even clients that don't use application data padding.


Dave

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls