Re: [TLS] WGLC for draft-ietf-tls-sni-encryption
Geoffrey Keating <geoffk@geoffk.org> Thu, 18 October 2018 03:09 UTC
Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0AC127148 for <tls@ietfa.amsl.com>; Wed, 17 Oct 2018 20:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_Dfp07o3Zhq for <tls@ietfa.amsl.com>; Wed, 17 Oct 2018 20:09:12 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [198.0.208.83]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2801120072 for <tls@ietf.org>; Wed, 17 Oct 2018 20:09:11 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 264F533D2CE; Thu, 18 Oct 2018 03:09:11 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: mrex@sap.com
Cc: Sean Turner <sean@sn3rd.com>, tls@ietf.org
References: <9DE64F7F-4740-4410-A004-373D8919920B@sn3rd.com> <20181017170236.DA9D1404C@ld9781.wdf.sap.corp>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Wed, 17 Oct 2018 20:09:11 -0700
In-Reply-To: <20181017170236.DA9D1404C@ld9781.wdf.sap.corp>
Message-ID: <m27eigeyso.fsf@localhost.localdomain>
Lines: 29
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eVN1sooQAvQWw-bvAi_CRLH71lc>
Subject: Re: [TLS] WGLC for draft-ietf-tls-sni-encryption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 03:09:14 -0000
mrex@sap.com (Martin Rex) writes: > If anyone really thinks that there should be a scheme where a > server's hostname is no longer transfered in a cleartext (including > TLS extension SNI), then first of all a *NEW* distinct URI method > should be defined for that purpose, e.g. "httph://" as a reliable > indicator to the client processing this URI, that the hostname from > this URI is not supposed to be sent over the wire in the clear > *anywhere*. Although I can see how this, or some other mechanism, might be helpful, I don't agree it has to happen *first*. Why can we not start by providing an ESNI mechanism, and then later standardize a mechanism to require it for particular hostnames? A limited-purpose client can just require TLS 1.3 and ESNI for all connections, so such a mechanism would not be required for that client. In the future TLS 1.3 and ESNI deployment may be sufficiently widespread that all clients could require them, making the mechanism unnecessary. Even if ESNI is opportunistic and so subject to active attacks, that still eliminates passive network sniffing. Even an active attack would not (I think) lead to a successful connection, because of the TLS anti-downgrade features, with consequences including user-visible error messages or the device deciding the network is non-functional and ceasing to use it, so although some hostnames may be revealed, the user or device may stop before revealing all of them. So ESNI is still useful even if not mandatory.
- [TLS] WGLC for draft-ietf-tls-sni-encryption Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Rex
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Rex
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Geoffrey Keating
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption David Fifield
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Mark O