Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
Ralf Skyper Kaiser <skyper@thc.org> Tue, 12 November 2013 14:56 UTC
Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0586711E8170 for <tls@ietfa.amsl.com>; Tue, 12 Nov 2013 06:56:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgCAf2JRqRrD for <tls@ietfa.amsl.com>; Tue, 12 Nov 2013 06:56:28 -0800 (PST)
Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id C010C11E8169 for <tls@ietf.org>; Tue, 12 Nov 2013 06:56:27 -0800 (PST)
Received: by mail-ie0-f170.google.com with SMTP id to1so4681728ieb.15 for <tls@ietf.org>; Tue, 12 Nov 2013 06:56:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=cli9yTGWoO6RkT0KszWpMLvOeIT6TXCwRr8ezET2FPg=; b=edGV9CY51OH8pF8aUL7KWe+6E8jQmO9f8Lt9OpyiNW8GFmh0enOeFM5khvv2hvJW4I RwsEBjqQBiirmj9Bz6vflsFdnA+ZZgxdtnSYuIZvFxYm1lO5Di/r+R9VxOQXo18z4Jfo UPeHSF6xIp3mURIy7nQ3D07dqxE/lLwdILMoc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cli9yTGWoO6RkT0KszWpMLvOeIT6TXCwRr8ezET2FPg=; b=dX9RzQ2oCj92KQceEAoz/AZi20iyn3iULE02qw5Xu8Rk8EMJteDOe0FKhv9NELP3za hr8CGQ2tDedCRK9E+6hVMT6AysdtAn/16UXDKGTB4pAbtD7bI07sOc3g6ETrLUshEbpq DT5kKFXZWIYNRHKQjOaTGwnfKk/YFKGYZiLKP8HeMd2IIQq0Vq8XJxXtzFKD6z5ghkwo /TD/15tuQMSK5p5vqCXPSCDCaCFFaEdx8g7XCRVvxhb9mBF1/DTz3Kt4SFOGuezW/lYU 32LymDg8nOo/fGKpWfrsLqazfp/WmhACnKvdV2lwFyWpg8RySU3UoVAbumraiin+ccYs LtCw==
X-Gm-Message-State: ALoCoQkVLF0m8e2KRwzZ/5YwGKAlVrIR7X1ig7MXXaLYUUGqRuK9Ctx1peTEElW/2DNZwlFxVKcY
MIME-Version: 1.0
X-Received: by 10.50.106.20 with SMTP id gq20mr15869965igb.36.1384268186198; Tue, 12 Nov 2013 06:56:26 -0800 (PST)
Received: by 10.64.108.163 with HTTP; Tue, 12 Nov 2013 06:56:26 -0800 (PST)
X-Originating-IP: [31.55.54.252]
In-Reply-To: <CAMm+LwjXTc_70PV0L552BTYs7sv37EUjsazbZ_4tddUR6Qd9xg@mail.gmail.com>
References: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com> <527D3E04.9050206@pobox.com> <CA+BZK2qa3tiHWVQF+DGn5XRRvdWCKYYUMdEEQjOQQpidioFqOw@mail.gmail.com> <CAMm+LwjXTc_70PV0L552BTYs7sv37EUjsazbZ_4tddUR6Qd9xg@mail.gmail.com>
Date: Tue, 12 Nov 2013 14:56:26 +0000
Message-ID: <CA+BZK2pcoZTRbchwPmKV98E06L7-9KqzrBfD1=y+kW8viWpEGw@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bea3434833d6f04eafc0d1b"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 14:56:35 -0000
Hi, On Tue, Nov 12, 2013 at 2:13 PM, Phillip Hallam-Baker <hallam@gmail.com>wrote: > > > > On Fri, Nov 8, 2013 at 1:42 PM, Ralf Skyper Kaiser <skyper@thc.org> wrote: > >> Hi, >> >> absolutely. Encrypted SNI in TLS 1.3 will be received by server prior to >> selecting a certificate. >> >> ALPN could be encrypted as well (same reason, same solution). >> >> regards, >> >> ralf >> > > What am I missing here, how do you turn on encryption before the client > sees the encryption credential. > > The certificate does not contain the encryption credentials. The certificate can be transmitted after encryption has started. - server/client: negotiate credentials (not certificate), start encryption - client: send SNI, ... - server: send certificate, ... - authenticate (HMAC over all data that has been send and received during handshake). (This is incomplete. Please refer to the protocol-flow that Eric showed at the IETF88 TLS WG gathering.) > > > As for economic issues 'not being a consideration', if the group does not > make TLS 1.3 viable commercially then either nobody will use it or the > commercial providers will fork. We have already had two forks in PKIX > because people refused to consider practicality over ideology. > absolutely. The believe is that Tansport-Layer-Security (encrypted SNI) will be more widely adapted than Transport-Layer-Kind-Of-Security (cleartext SNI leakage). Surely for those Atheist in Saudi Arabia or the Alan Turing's in Britain it would be bad to have the SNI leaked.... > > Multihosting is not becoming less common, it is becoming more so. We > cannot burn one IPv4 address per session. And if we did the mapping of > domain to IP address would become 1:1 and the name would leak anyway. > correct. That's why we have SNI (encrypted or not. both serve this purpose). > > Modern multihosting is dynamic. The provider has no idea which machine a > site is going to pop up on and it can change from day to day. Any scheme > that required all certs to be issued by the same provider is going to be > unacceptable. > I agree. regards, ralf
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- [TLS] Final nail in the coffin for cleartext SNI/… Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Ryan Hurst
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Seth David Schoen
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Jacob Appelbaum
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Sean Leonard
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Phillip Hallam-Baker
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Bodo Moeller
- Re: [TLS] Final nail in the coffin for cleartext … Marsh Ray
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Geoffrey Keating