Re: [TLS] Encryption of TLS 1.3 content type

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 28 July 2014 15:57 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9A91B28E6 for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 08:57:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ao1KB4cLn5RL for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 08:57:12 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 69B611B28C4 for <tls@ietf.org>; Mon, 28 Jul 2014 08:57:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 14F8FBE07 for <tls@ietf.org>; Mon, 28 Jul 2014 16:57:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cKefGps34png for <tls@ietf.org>; Mon, 28 Jul 2014 16:57:09 +0100 (IST)
Received: from [10.87.48.11] (unknown [86.44.64.225]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0C26BBE03 for <tls@ietf.org>; Mon, 28 Jul 2014 16:57:09 +0100 (IST)
Message-ID: <53D672D4.7050903@cs.tcd.ie>
Date: Mon, 28 Jul 2014 16:57:08 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tls@ietf.org
References: <DD255E31-FA87-40CE-AF13-0F43A7DD54CF@cisco.com> <CACsn0cnt-ry182AjOyTTZGteifs7VyRPYHaj-xDCBOf0D53w9A@mail.gmail.com> <CAAF6GDfK7awipoMT_PPyKnTe-fF1=KY1Be8kUMSYrXN0Wzb=tg@mail.gmail.com> <1406537753.2413.12.camel@dhcp-2-127.brq.redhat.com> <CAAF6GDcKqymNMnVa50Q7kSTgHrWcM1-qMNGyxU-NcjXMnCD3gQ@mail.gmail.com> <1406560456.7750.20.camel@dhcp-2-127.brq.redhat.com> <20140728152526.GY15044@mournblade.imrryr.org>
In-Reply-To: <20140728152526.GY15044@mournblade.imrryr.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/nshQVypKLOX5z8qj_CAvbgo0Qbg
Subject: Re: [TLS] Encryption of TLS 1.3 content type
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 15:57:20 -0000

I don't have a strong opinion on the topic in the subject line but...

On 28/07/14 16:25, Viktor Dukhovni wrote:
> Defending against traffic analysis is very difficult, and I don't
> think that TLS can (or should attempt to) do the job.

While traffic analysis mitigation is definitely hard and we probably
do not yet have enough expertise in that space, I do think we should
be trying to do as much as we can that might enable such mitigations
as we learn more about 'em. In other words, I think we should be
leaving extension points where we can that'd allow for traffic
analysis mitigations to be defined later (or by implementers). That
said, I'm not sure if this is useful enough in that respect or not.

Cheers,
S.