Re: [TLS] TSV ART review of draft-ietf-tls-sni-encryption

Bernard Aboba <> Tue, 10 September 2019 18:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9C162120273; Tue, 10 Sep 2019 11:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.124
X-Spam-Status: No, score=-1.124 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v_6PpY6q6BmL; Tue, 10 Sep 2019 11:52:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ED2F31201EA; Tue, 10 Sep 2019 11:52:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=SeUfO5H+6AZHy2LxW0M9qdiaHLuK96p3K22rZ58QvZpNXuoRjlujArnrRATtZRrOCR1JUyeaRLRADuS9RuINRkuJaLjw5GMueZxU+DW1Kei8YUAGb2PqV4hjsSVi6i7d+4AtyJx6pvxv7Vs/2w5gQN7zHETApyPJQdUnLmQM1Jda/irzgrSYYuDwiwfK4hMnBw5n0sLYyVs5jy67+fYduCKj4b+aztFGCIpKSLVkxZ9juPd6r/OSQSwC0Tjq72iyrrvCZo3gyJhmWUuHAA6mDFAr6YN+s/FRlpv53X3q2Gr7Zi4rTlZUj/OgQhWzaS6FeX6VXfoRKE9hUlwEzHpfLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JrC70nkldeP2Q7T7eQ/lU3GnwE3FvdKHEVBc7LogWJY=; b=fO6NNNok3YlH1dwK2pFMn2g2XG1CLGpZ4m/+91wWrTukS54dMdjc2YTNR23DR8l7/EG+RgZp/LGhJ3mHbkMOP5X1HpNk2Sd2J8PgC6EW5LDM1DeiveWkoSiLQRmfi4rfeMIJAkpOi7TGd4rfGs+ujKQiod73pbUzpJS/aY//GGB/JGfTAYXft6Ea545qfH4P9V4iwvGngCe6yy3S68pwMZS4srNhtpPS2G2MrTbrJw9Na/tV6lpeTR7huAbkVb+ZkTqizLNWJvQzNcOOrbYGkQJfgyiG8eHaPTytl9oem66kefm8gB7UxRcjsGnfFy3Kon33pILHzVNX/wz2H3JD8Q==
ARC-Authentication-Results: i=1; 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JrC70nkldeP2Q7T7eQ/lU3GnwE3FvdKHEVBc7LogWJY=; b=E4CQYUJQsdVKT79SzbJDVjg3l9PyqnIk47NCnbFlCUgdE3jAvl5myl1ZZ7u6WCjyH8/5U/fhteBsPn3P8W12Qy6xRI5ms68M2YiM+rpw/WwbXWhDOSRvWz1587esaMv34qb/QTq5aZnWav1+Irp8aMTmL7tc26mFqQJB5iUuL899L2MFdN+gskoj2JYHmq5u+SXZnnXVIidHjlYMxvAN2j3CiIT+xVQ6XI4azyiK0p43ueOLDXHZqZTHM6ij4M/IB0Jg8gobpkjJQaqk/WOEhMSzdyUbhhQl0I1+cYkWoNjKsO+QKQeo3QJXWCc41jjCqq59giITxONGJTuzYCqBnQ==
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14; Tue, 10 Sep 2019 18:52:54 +0000
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14 via Frontend Transport; Tue, 10 Sep 2019 18:52:54 +0000
Received: from ([fe80::7440:14e3:185f:4e9f]) by ([fe80::7440:14e3:185f:4e9f%7]) with mapi id 15.20.2241.018; Tue, 10 Sep 2019 18:52:54 +0000
From: Bernard Aboba <>
To: Christian Huitema <>
CC: "" <>, "" <>, "" <>, "" <>
Thread-Topic: TSV ART review of draft-ietf-tls-sni-encryption
Thread-Index: AQHVZ0dAw54F3SkHOEWC+8gdp2nspKclQqQAgAAAtRM=
Date: Tue, 10 Sep 2019 18:52:54 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-incomingtopheadermarker: OriginalChecksum:14994516DBBB9C0622453EDF89DE470464B10FA639AF8AFFEF31C64B513B6A2E; UpperCasedChecksum:77907388F1A0770C04799E69CAA935367FA30B093C9D03B9725C22C64BB547E6; SizeAsReceived:7047; Count:44
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [6n6T4uvvyMvVOQtNhHQcunCdSPahQp1WvHupuMZtypg=]
x-ms-publictraffictype: Email
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(5050001)(7020095)(20181119158)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045); SRVR:CO1NAM03HT230;
x-ms-traffictypediagnostic: CO1NAM03HT230:
x-microsoft-antispam-message-info: eEpTQTLyNKwLYHGnhoks7i1hw1a7JQAnPwMQbQ2iLFPJ3vkAjqsNYwt19kyXvQiibr2jg7A/Cqhzu3K1tWLRlZdcZEFiogk1iGjG3UFmpUzp+uWAr3fI2wD3kDFQvn1pOR6+c3KSF4klLfsyPNURP/h6b5BimuorkLs+WErpwmpYaNihUENA0N7xhq+ONX7Z
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR06MB55585C7E48E934D49EBA4CBD93B60BYAPR06MB5558namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 1885357e-7a9f-4cd0-9ed3-08d7362016d1
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2019 18:52:54.5394 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT230
Archived-At: <>
Subject: Re: [TLS] TSV ART review of draft-ietf-tls-sni-encryption
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Sep 2019 18:53:01 -0000

On Sep 10, 2019, at 11:50 AM, Christian Huitema <<>> wrote:

Thanks for the feedback, Bernard. We already fixed in the editor copy some of the issues that you described based on other feedback received during last call, but not all. Your comments about section 3.7.1 and section 5 are interesting. I like your suggestion of moving some of the text from section 5 to the introduction and believe that it will improve the document.

Regarding section 3.7.1, you suggest adding a comment on related work, and perhaps moving some of the discussion of ALPN there. I understand the rationale, but I am a bit worried about going too far there -- the current text reflects discussions and feedback on the TLS list. Also, if we did add a section on related work we would probably need to reference the deployment of encrypted DNS services, and I am a bit worried about doing that late in the production cycle. How about a compromise, such as pointing the issue in the introduction with a forward reference to section 3.7.1?

That would be fine.

-- Christian Huitema

On 9/9/2019 12:48 PM, Bernard Aboba wrote:
Document: draft-ietf-tls-sni-encryption
Reviewer: Bernard Aboba
Review result: Ready with Nits

This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC<> if you reply to or forward this review.

I have not identified any transport related issues.


Expansion of acronyms on first use:

Abstract: TLS
Section 1: DNS
Section 2.1: ISP, QoS, MITM

Section 2


Section 2.1


Section 3.6

   The downside is the the
   client will not verify the identity of the fronting service with
   risks discussed in , but solutions will have to mitigate this risks.

[BA] Several problems with this sentence:

s/the the/the/
s/this risks/the risk/
s/discussed in ,/discussed in [REF-TBD],/

Section 3.7.1

This section seems somewhat out of place in a section on Security
and Privacy Requirements for SNI Encryption, given that it relates
to hiding of the ALPN, and the text admits a weak case for linking
the two problems:

   Using the same technique for hiding the ALPN and encrypting the SNI
   may result in excess complexity.  It might be preferable to encrypt
   these independently.

You might consider moving this section to Section 4.3.1, under Section 4.3
Related Work.

Section 5

The first paragraph of this section strikes me as being potentially better
suited to inclusion in Section 1 Introduction.

   Replacing clear text SNI transmission by an encrypted variant will
   improve the privacy and reliability of TLS connections, but the
   design of proper SNI encryption solutions is difficult.  This
   document does not present the design of a solution, but provides
   guidelines for evaluating proposed solutions.