Re: [TLS] DNS-based Encrypted SNI

Eric Rescorla <ekr@rtfm.com> Wed, 04 July 2018 12:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC826130E72 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 05:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4DnKlF0bb_CK for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 05:56:49 -0700 (PDT)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07156130F63 for <tls@ietf.org>; Wed, 4 Jul 2018 05:56:49 -0700 (PDT)
Received: by mail-yw0-x236.google.com with SMTP id c135-v6so1905373ywa.0 for <tls@ietf.org>; Wed, 04 Jul 2018 05:56:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=T2LSYiLaD4PD7vjbvoB0MomoMwrTWvs81r2grSPygaU=; b=dCvnu+4kcPC7CEdZnR0H1r1Hjxx3UluPzDF4SKePYPVyejgoZP/vy3FAqvpVLknuTf keBxIRzJ/SmgIG7SbU3ZadzFQKk0AQU1iuTyLHiKvUDiVmZDlbIWheTdpVeu69uRPA1D kLybDbgPzTGgSCrGTd+YAKW+eEcE+zgVPofT0FfHpdD1ITzgHTQvsK0zzPUd3kge8VnA RCVJGt5BUTLM0CuhjrDVjhKv1ds7gbbR64Q9e91RQchVIkKJ7sKUJJE54L3uZWeyARyP Rj1dSy60ysnpYMXFsDLVziE2/3tz78gkD8ljrtjJrB5hwippLQ3/8FjRBCUJk6r9GDhf 2Umg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=T2LSYiLaD4PD7vjbvoB0MomoMwrTWvs81r2grSPygaU=; b=QOLgKHNS7GOjFYlFXVYm/aa4EU3903EWXF+ggkohpHSw1P5ocHkExPvcjlkNgtP6lz NAjS+LDMP/2Ns2GmBKt9iAFGraRa7zaSF8B6BfBYgtoIqLkG1Fffdbqlc1zZw0kEbs1v 9lcP6tEOoUzrIdGGayH9BkL1LI7jX0SPWRy1H8Xv2/fSZaCPBxE9qZURMm8j7ZAP5R8u J+H68obvGxC+H5yYAVcGs4+2ONGBH2EFdH9qGYAeSlNnkLGxpMSpmES6LoyTuE/U8Yjn C2U34aGlLLZmrN885aAwMH9ILXq3RTbyXNRri5+4yjnfVFI00BSjeMVCp3ZfKLL6y57l h8uA==
X-Gm-Message-State: APt69E2cA7foRMDGItgrxuE2nIA1Cu5ig4bgeVbg2xlnU4EWtGQyFmFG 1oDxzurCRzV4W2teEBcUGdahShVTabTrVrYr8lnlRg==
X-Google-Smtp-Source: AAOMgpenMjomKviIKxscjH0AKlgvkZnNQ4rDIkhWU9yhILkm3nvADheD5a4n+1mk7NCTD4SpeCbgIS59Spdpzj+t8ws=
X-Received: by 2002:a81:3e02:: with SMTP id l2-v6mr862852ywa.381.1530709008296; Wed, 04 Jul 2018 05:56:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:6b83:0:0:0:0:0 with HTTP; Wed, 4 Jul 2018 05:56:07 -0700 (PDT)
In-Reply-To: <20180704044844.GB10665@LK-Perkele-VII>
References: <CABcZeBMR=5QQjSS68H2mQoyG1cHVa5+Z_5SH0Md07kTBVSr3Sw@mail.gmail.com> <20180704044844.GB10665@LK-Perkele-VII>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 4 Jul 2018 05:56:07 -0700
Message-ID: <CABcZeBNMqH5FU133qSHOehFDK5SCh1qZy8nk2Y1k-JQ5STJp+Q@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b1c5f605702bf6ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gqCmwKN0FZ1ALU_H4guqgWTdByI>
Subject: Re: [TLS] DNS-based Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 12:56:52 -0000

On Tue, Jul 3, 2018 at 9:48 PM, Ilari Liusvaara <ilariliusvaara@welho.com>;
wrote:

> On Mon, Jul 02, 2018 at 04:39:14PM -0700, Eric Rescorla wrote:=
> > I am working on an implementation for NSS/Firefox and I know some
> > others are working on their own implementations, so hopefully we can
> > do some interop in Montreal.
> >
> > This is at a pretty early stage, so comments, questions, defect
> > reports welcome.
>
> One thing I noticed: First there is this in evaluation:
>
> 7.2.4.  Do not stick out
>
>    By sending SNI and ESNI values (with illegitimate digests), or by
>    sending legitimate ESNI values for and "fake" SNI values, clients do
>    not display clear signals of ESNI intent to passive eavesdroppers.
>
> Is that suggesting to send fake ESNI values? If so, there is this in
> endpoint behavior:
>

No, you would not send fake ESNI values. The idea here is that there is a
group of IPs (associated with a big provider, then all ESNI-supporting
clients will send ESNI to it. So the provider will stick out, but the use
of site X versus site Y on the provider will not    stick out. And the
provider's IPs are reasonably well known through other mechanisms, so this
doesn't tell you much. Of course, this does not help big sites that aren't
using shared infrastructure (e.g., Facebook), but I don't know how to do
that.

-Ekr


>
>
> -Ilari
>