Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
Yoav Nir <ynir@checkpoint.com> Thu, 07 November 2013 17:30 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6DA11E81E6 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 09:30:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.522
X-Spam-Level:
X-Spam-Status: No, score=-10.522 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tueSc0uKCuo0 for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 09:30:27 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 1406311E81D1 for <tls@ietf.org>; Thu, 7 Nov 2013 09:30:15 -0800 (PST)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id rA7HUBGN007596; Thu, 7 Nov 2013 19:30:11 +0200
X-CheckPoint: {527BCCA0-1-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.106]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Thu, 7 Nov 2013 19:30:11 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Ralf Skyper Kaiser <skyper@thc.org>
Thread-Topic: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
Thread-Index: AQHO29cQ9VyMic6aPkyI1tVd5LOXZJoZ1sKAgAAGd4CAAAeWAA==
Date: Thu, 07 Nov 2013 17:30:11 +0000
Message-ID: <EEF0FE50-3032-4C7B-BA07-1845CDEDA155@checkpoint.com>
References: <CA+BZK2qUE3oS6Sbp1HbKZ7Wgen9gEjjdepON1egLhGqCPpoVBw@mail.gmail.com> <CACsn0c=VWmsfxvE_17+FyBASUXPCNrS1FQQ02fzhF5rA6zx4wQ@mail.gmail.com> <CA+BZK2oAj6FmXTbDoY0oRHpHFVzeN-NmDJde2mJTwOzBW0CdiQ@mail.gmail.com>
In-Reply-To: <CA+BZK2oAj6FmXTbDoY0oRHpHFVzeN-NmDJde2mJTwOzBW0CdiQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.53]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: multipart/alternative; boundary="_000_EEF0FE5030324C7BBA071845CDEDA155checkpointcom_"
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Final nail in the coffin for cleartext SNI/ALPN in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 17:30:32 -0000
Hi, Ralf. I'm not disagreeing with you regarding 1.3. At least in the long version of the handshake (which you should be able to enable in any browser, if you want a little more privacy in exchange for an extra roundtrip). But ordinarily, the sites that can get you killed are not collocated with benign sites. And even when sites are collocated, the servers demux not based on the SNI parameter in the TLS handshake, but based on the Server header in HTTP. The only use of the SNI parameter is for selecting the right certificate. So if you try to go to https://www.gmail.com , you get a certificate for www.gmail.com<http://www.gmail.com> , before being redirected to the same server, but this time with the URI https://mail.google.com . It would be much nicer if we could update HTTPS (RFC 2818) to support this kind of multi-homing so as to make SNI superfluous. For example, if the server certificate could list the different domain names that it was valid for. Yes, I know there's an economic side to this as well. I'm sure the CAs could charge by alternate name if needed. Yoav On Nov 7, 2013, at 9:03 AM, Ralf Skyper Kaiser <skyper@thc.org<mailto:skyper@thc.org>> wrote: On Thu, Nov 7, 2013 at 4:39 PM, Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>> wrote: On Thu, Nov 7, 2013 at 8:32 AM, Ralf Skyper Kaiser <skyper@thc.org<mailto:skyper@thc.org>> wrote: > > > 1. Meta-data is important. Meta-data tells a lot about a person. > Meta-data can get a user killed or worse. Transmitting the host-name > (meta-data) in clear in TLS is not good (as in ‘not good because it > can get you killed’ and there is no alternative for the user – unless > the user is a tech-wizard.). They can use Tor. They need to anyway: reverse DNS lookups are not rocket science. [...] > > There are other ways how an adversary can extract the same meta-data. > This should not deter us from fixing it in TLS. Maybe we will find a > solution for the other problems as well (like confidential DNS). No, the other problem is you connect to the server and ask it to show you a page, and learn what the server is. The sole exception is multihosting, which is getting less common for various reasons. As a hacker I would love TLS to leak the host information. It would enable me to find out which user connects to admin.blubb.com<http://admin.blubb.com/> and who connects just to www.blubb.com<http://www.blubb.com/> (both domains hosted on same server). Your comments are wrong in this scenario: Connecting to the server does not help the hacker to gain above information. Neither does reverse lookup. TLS leaks it and there is no other way the hacker would get this information if TLS would not leak it. Transport Layer Kind-off-Security protocol is the problem. regards, ralf _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- [TLS] Final nail in the coffin for cleartext SNI/… Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Ryan Hurst
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Seth David Schoen
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Watson Ladd
- Re: [TLS] Final nail in the coffin for cleartext … Salz, Rich
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Jacob Appelbaum
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Michael D'Errico
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Sean Leonard
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Phillip Hallam-Baker
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Daniel Kahn Gillmor
- Re: [TLS] Final nail in the coffin for cleartext … Juho Vähä-Herttua
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Yoav Nir
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Martin Rex
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Bodo Moeller
- Re: [TLS] Final nail in the coffin for cleartext … Marsh Ray
- Re: [TLS] Final nail in the coffin for cleartext … Ralf Skyper Kaiser
- Re: [TLS] Final nail in the coffin for cleartext … Geoffrey Keating