Re: [TLS] Encrypted SNI

Tom Ritter <tom@ritter.vg> Sun, 06 December 2015 03:07 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2841B2F9B for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 19:07:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9_7H7TUYk_f for <tls@ietfa.amsl.com>; Sat, 5 Dec 2015 19:07:12 -0800 (PST)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 625371B2F98 for <tls@ietf.org>; Sat, 5 Dec 2015 19:07:12 -0800 (PST)
Received: by ykba77 with SMTP id a77so162325870ykb.2 for <tls@ietf.org>; Sat, 05 Dec 2015 19:07:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ZjjRx1vb/IWjio6E03aynIobnZwrKvwh+UApV2tEA6M=; b=biY2+olpMuMW12vUE/KgOosPzqab7gNs8nwEATouu3u4bfegTeayivSQpoKgoRV92C feVHtf//v9kpRz8jwvrUuAYo0Y4Q93zVOv7PGmRcVnQOjYp9YHdv923famhSkIDT4jDC O+mYLm5DH0Eyh21CeVMJSVK1EOrsQH/Q20rEo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ZjjRx1vb/IWjio6E03aynIobnZwrKvwh+UApV2tEA6M=; b=BiKRD8hsAT500gh/vrpTDLpNQwo0L7JHeqVTHXeEGu91il48Y5MRcm22JQGcB31qOQ 4afSZwU7N+G9obwLKJPQuLAQtGLeKCHE6kexf4tOQPVyrlYfXFj+qqWD53AmVx6Hcoj0 U+58e4Ee4sCSh+y6B4TeXi52rdZQ/7Raq6yxFoFu8wVSSexd3ZYOeEm8pOXQn/qtoS0B u0IGgRsjSsktasXHlzEfi6LMCMWbSJ/btLq040AO477UqfiO1I0gdJRqLWouEM0sshaN aO9njHgYOBR7l/4X49AZYdALrM1WoqjyWHNWiDJLX7YmVgDWCDiRdKpwmyEL5y/t1/0C UJjg==
X-Gm-Message-State: ALoCoQlOEp3KROLVHlkgTTJvCIqZ5D4bR3e6/gnwFjiw78pMMkBFbXlTS+G1anr2jws4Vd2XYKfN
X-Received: by 10.13.200.70 with SMTP id k67mr16586491ywd.332.1449371231724; Sat, 05 Dec 2015 19:07:11 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.5.139 with HTTP; Sat, 5 Dec 2015 19:06:52 -0800 (PST)
In-Reply-To: <CABcZeBPFAp4hD3ykY9pAA4=ELsAkNoa2yDhaoiSP917v5XgAiw@mail.gmail.com>
References: <CABcZeBPFAp4hD3ykY9pAA4=ELsAkNoa2yDhaoiSP917v5XgAiw@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Sat, 5 Dec 2015 21:06:52 -0600
Message-ID: <CA+cU71kqqTUnU7U-GN4s8a4YON27MEWxUN+CyiSCyUDpE+cgwA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/loRq1QyhZVsebKGBJFgaRV2DyMA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 03:07:13 -0000

On 5 December 2015 at 12:32, Eric Rescorla <ekr@rtfm.com> wrote:
> Subject: SNI Encryption Part XLVIII

A small concern that probably is "No, that can't happen", but I would
want to be sure that a normal (non-encrypted SNI) ClientHello would be
unable to be wrapped in a new ClientHello to a gateway by a MITM
(without being detected.)

Also, I'm a little confused about what the client is supposed to put
in the outer SNI (for the gateway). Is this blank? Some constant? Does
this change at all in the simple deployment situation when there is no
gateway involved, and everything sits on the same server?

-tom