[TLS] DNS-based Encrypted SNI

Eric Rescorla <ekr@rtfm.com> Mon, 02 July 2018 23:40 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81CBA13148A for <tls@ietfa.amsl.com>; Mon, 2 Jul 2018 16:40:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id na0n_RfuSgOy for <tls@ietfa.amsl.com>; Mon, 2 Jul 2018 16:40:35 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F49E131231 for <tls@ietf.org>; Mon, 2 Jul 2018 16:39:56 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id g123-v6so36601ywf.13 for <tls@ietf.org>; Mon, 02 Jul 2018 16:39:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=0VZXMfKZhTTFeISUrlIQa8LGEgSPtgj67IqVzrr5H54=; b=q19/ipqLBe4DY+eWpiBz7ffeMKz8IbcvXWhH/TrenU6h/VE3Eyl2wti0vqUTYWqL5T bwkCeAAZ2W2yVoDlkFF0OhQ/lFMQp3LmxQZFOHXRM8Wy6R+/vzmceXALPka8qILeSCH1 WL1e0GJZtRRZCKxShaaui8ourCkcKpYQTj8QBvjb8qRtseJid/Ep5HLmHidYwnndMkYL Cef9/1UQLO35Fl9gXXMf39WImMePcezhVPhE7bXRV/dHCTWeINqJcBPzIaZI+x4+zGpW ZoSxNkP0Gy+wYYsRuOYD1CipbOWyiz4C38/hNJAlq9VMnC16KgVfKI0xtkCcVYWMze4N fApw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0VZXMfKZhTTFeISUrlIQa8LGEgSPtgj67IqVzrr5H54=; b=Tz42KrQiIAlBUvbtJzlDal5a7WhT3MW8QCJVAC8+iZ1Jn4rjJONhU3iKfkZAjBsR6X yQxeBKIZ7xio6WWgD3y7cjom/D20eF1SpaTXFvNUcMIvqPDdzBgZQBECw8m3EcgBYx5q HXaJxXIfQS7J4DTXokRcaRjjWg9RX6j9Dw1B/DNCD+xnGJCBGP/GPH3+JsnewSN/V/5Y ATsufn5evazjXOEA6Sz3K1Ns+XD0mdVLmbX5p7vV7ZX+2Y5ePxp1/EeUJxUKTO+H5xhr AcEMcbi/w0SrSvFRgJKaQ/3IwiMkF1DE3/DNkyPqw4LwllgkvRK+CdmiDDT28POzK6TL 1Isw==
X-Gm-Message-State: APt69E2mOcf+DsOP/HB0ScMuZ9YMnRBspdPtXkPfrv3cr4SUwk1/dMH8 sGCL2u76USzbA724E68Ft/SqkyJX5UgkuuPXYCNEhmCYVAg=
X-Google-Smtp-Source: AAOMgpeME9F97wNYZg26xlK/lEVrsGOuzeNWh4BgUYAt0brIpPqUYZf7GkQtpKuj1RJGevfenMBTyHf8/4BNcSwI21Y=
X-Received: by 2002:a0d:f286:: with SMTP id b128-v6mr13349777ywf.489.1530574795480; Mon, 02 Jul 2018 16:39:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:6b83:0:0:0:0:0 with HTTP; Mon, 2 Jul 2018 16:39:14 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 2 Jul 2018 16:39:14 -0700
Message-ID: <CABcZeBMR=5QQjSS68H2mQoyG1cHVa5+Z_5SH0Md07kTBVSr3Sw@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fcbc6905700cb652"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vc_gm-Wqpg5e15Ws_7OuqOZudB4>
Subject: [TLS] DNS-based Encrypted SNI
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 23:40:46 -0000

Hi folks,

I just submitted:

  https://tools.ietf.org/html/draft-rescorla-tls-esni-00

This draft describes a DNS-based approach to doing encrypted SNI.

Previously, we had thought this wouldn't work because only sites that
were particularly vulnerable would do it, and so the use of ESNI marks
you out. The idea behind this draft is that there are a lot of sites
which are hosted by -- and whose DNS is run by -- a large provider,
and that provider can shift many if not all of its sites to ESNI at
once, thus removing the "standing out" issue and making a DNS-based
approach practical.

I am working on an implementation for NSS/Firefox and I know some
others are working on their own implementations, so hopefully we can
do some interop in Montreal.

This is at a pretty early stage, so comments, questions, defect
reports welcome.

-Ekr