[TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
Ralf Skyper Kaiser <skyper@thc.org> Thu, 07 November 2013 16:32 UTC
Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDF4F21F9CC2 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:32:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DdjC29mmBtZb for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 08:32:52 -0800 (PST)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com [IPv6:2607:f8b0:4001:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 0110621F9CA8 for <tls@ietf.org>; Thu, 7 Nov 2013 08:32:51 -0800 (PST)
Received: by mail-ie0-f171.google.com with SMTP id tp5so1187337ieb.2 for <tls@ietf.org>; Thu, 07 Nov 2013 08:32:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=njgYh7HQTmNlpsHxEQjHSJLDlltiPANpLbstWd/x5s8=; b=QpxZte2PkxZcyZAP00NGpdCivDsXvDSPUa8vPaO+ANG3srqfk9IxWOXtzcPSbOW1w6 pje9bpyqC8ckz1CFBYmdDQUc7v3k5QLyt9vWJKKS1J6IBCXXqmUIWw5JimVK9k/VUsG4 g0BQJFBxQ6BB9Bw/FyeQViR2q4/v6YPyFNJhc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=njgYh7HQTmNlpsHxEQjHSJLDlltiPANpLbstWd/x5s8=; b=LmKNvU9qNE66JO6jYwBPimijdguysuYzi/2yRwQ7MwqkrgJcaAXZM99sty+6425ukI ld3QHstw226RDrdqdb6ECAobVveOuesBO1ywDGLMHelSfXLlE4yO1X0VAcE8AyAiphvg bq7CDYh45BpB4TKw/+P2G9+wZjOrwqM34u/I+/m+O8pfopTi+8eCP/e8vdhjWD3TO1jW WATqybo7jE2evsfBsWCzpITiU5wyE4aiH5HKATOnIv05SpBUZe+TqM8e7kYH75Get49u wn7Hbj7bkqmWdSVB8koTcKH2aHFY3ALsMaCWRDEeZil1lyYiXgTX1APzY8L3yHG6hEq3 Akpg==
X-Gm-Message-State: ALoCoQnAh1LL0ERMhIS3nIh9UVmc4fPu9sBKnu4obDIiUOfQ2k5kZcXB7UaXudCnXUMMqHaKcuKt
MIME-Version: 1.0
X-Received: by 10.50.131.163 with SMTP id on3mr2640581igb.46.1383841971053; Thu, 07 Nov 2013 08:32:51 -0800 (PST)
Received: by 10.64.231.100 with HTTP; Thu, 7 Nov 2013 08:32:50 -0800 (PST)
X-Originating-IP: [70.42.240.24]
Date: Thu, 07 Nov 2013 16:32:50 +0000
Message-ID: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b2e0d1f1cd61004ea98d12f"
Subject: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 16:32:59 -0000
Hi, Thank you for the helpful TLS WG meeting yesterday at the IETF88 and to the WG for the excellent work on TLS. No consensus was reached on ‘Reduced RT handshake with privacy”. Some thoughts why SNI (host name) and ALPN should be transmitted encrypted and not in clear. 1. Meta-data is important. Meta-data tells a lot about a person. Meta-data can get a user killed or worse. Transmitting the host-name (meta-data) in clear in TLS is not good (as in ‘not good because it can get you killed’ and there is no alternative for the user – unless the user is a tech-wizard.). 2. What is the message to the user? TLS is secure – well, kind’a. TLS secures some things but that you read freedom4gays.com, secure.washingtonpost.com or myfavoritepoliticalparty.com is leaked – but we still call it secure??? 3. Governments just love filtering by site. (Block secure.twitter.com but not blub.com) Same goes for filtering by application (ALPN). Transmitting this information in clear plays into the hands of the adversary. There are other ways how an adversary can extract the same meta-data. This should not deter us from fixing it in TLS. Maybe we will find a solution for the other problems as well (like confidential DNS). Fixing this in TLS increases the cost of surveillance. This is the goal. An adversary can no longer use passive surveillance to extract SNI/ALPN. The adversary is forced to do detectable active surveillance to get the meta-data). Those who give up security for a little bit of performance neither deserve security nor performance. Regards, Ralf
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- [TLS] Final nail in the coffin for cleartext SNI/… Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Ryan Hurst
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Seth David Schoen
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Jacob Appelbaum
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Sean Leonard
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Phillip Hallam-Baker
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Bodo Moeller
- Re: [TLS] Final nail in the coffin for cleartext … Marsh Ray
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Geoffrey Keating