IETF Logo Mail Archive

Re: [TLS] About encrypting SNI

"Salz, Rich" <rsalz@akamai.com> Tue, 15 April 2014 03:09 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74A701A02FF for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 20:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.573
X-Spam-Level:
X-Spam-Status: No, score=-2.573 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5an5vMNqMGX for <tls@ietfa.amsl.com>; Mon, 14 Apr 2014 20:09:04 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (prod-mail-xrelay02.akamai.com [72.246.2.14]) by ietfa.amsl.com (Postfix) with ESMTP id 51A581A02EC for <tls@ietf.org>; Mon, 14 Apr 2014 20:09:04 -0700 (PDT)
Received: from prod-mail-xrelay02.akamai.com (localhost [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 62DCC28625; Tue, 15 Apr 2014 03:09:01 +0000 (GMT)
Received: from prod-mail-relay02.akamai.com (prod-mail-relay02.akamai.com [172.17.50.21]) by prod-mail-xrelay02.akamai.com (Postfix) with ESMTP id 5078E28605; Tue, 15 Apr 2014 03:09:01 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub7.kendall.corp.akamai.com [172.27.105.23]) by prod-mail-relay02.akamai.com (Postfix) with ESMTP id 45BA1FE066; Tue, 15 Apr 2014 03:09:01 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by usma1ex-cashub7.kendall.corp.akamai.com ([172.27.105.23]) with mapi; Mon, 14 Apr 2014 23:09:01 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Seth David Schoen <schoen@eff.org>, "tls@ietf.org" <tls@ietf.org>
Date: Mon, 14 Apr 2014 23:08:59 -0400
Thread-Topic: [TLS] About encrypting SNI
Thread-Index: Ac9YOmo5KKs75q0aQq+/dwewyuIqoAAHR+dQ
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7120B490162@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED40@USMBX1.msg.corp.akamai.com> <534C3D5A.3020406@fifthhorseman.net> <474FAE5F-DE7D-4140-931E-409325168487@akamai.com> <D2CB0B72-A548-414C-A926-A9AA45B962DA@gmail.com> <20140414233614.GI2891@sescenties.(null)>
In-Reply-To: <20140414233614.GI2891@sescenties.(null)>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/eg6aEfyr1bDpxUY6d3Tg4vi3Qro
Subject: Re: [TLS] About encrypting SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 03:09:06 -0000

> I think Alyssa Rowan's concern elsewhere in this thread about the "circular argument of doom and defeat" applies here too.

I think it's a little too simple a way to view things. Our goal isn't to make Eve's job as hard as possible, it's to make the best set of trade-offs we can, for the ovewrall Internet.  As myself and others have pointed out, encrypting the SNI has some real drawbacks and might not accomplish what is desired. If we decide to not support it, it can purely be an evaluation of the trade-offs.

	/r$ 

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

v2.23.0 | Report a Bug | By Email