Re: [TLS] WGLC for draft-ietf-tls-sni-encryption
David Fifield <david@bamsoftware.com> Thu, 18 October 2018 15:17 UTC
Return-Path: <david@bamsoftware.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC83E12D4E8 for <tls@ietfa.amsl.com>; Thu, 18 Oct 2018 08:17:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bamsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKDlcJdNmPdA for <tls@ietfa.amsl.com>; Thu, 18 Oct 2018 08:17:08 -0700 (PDT)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com [69.164.193.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F32AC12426A for <tls@ietf.org>; Thu, 18 Oct 2018 08:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=8Yo32y/Nm5WW3mql5+m53okImaMwzQiJCb/zpOYNOpY=; b=r6up9dLl84zmf7wG1g9rkJmT07 5J37dOK54o9rviljxTfmYeY6fNAxFymF8YPYOyMyo7/6X6Zr7XVIItrbipmJfOCqD9pqEblfw1ZJG /rnMajazH1HJ9zmoQBiPJ530klfJjtQCPAwWmjhiqQzQPWOgiTE83IV65jx63ozLl5Fg=;
Date: Thu, 18 Oct 2018 09:16:57 -0600
From: David Fifield <david@bamsoftware.com>
To: tls@ietf.org
Message-ID: <20181018151657.tha6mkzytmhml52m@bamsoftware.com>
References: <9DE64F7F-4740-4410-A004-373D8919920B@sn3rd.com> <20181017170236.DA9D1404C@ld9781.wdf.sap.corp> <CABcZeBPCz39L0LQBXUM-yhhN3FmccNwQRvYNT+-ChfxRcPdD+g@mail.gmail.com> <20181017234110.39D36404C@ld9781.wdf.sap.corp> <CABcZeBN1kkF3WPnfP69V99kbQJr3P+t2BD9izFviJ97XcWsw6Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABcZeBN1kkF3WPnfP69V99kbQJr3P+t2BD9izFviJ97XcWsw6Q@mail.gmail.com>
User-Agent: NeoMutt/20180716
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ysAEr4hEsIv2j0qLL-oyb31CXJw>
Subject: Re: [TLS] WGLC for draft-ietf-tls-sni-encryption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 15:17:10 -0000
On Wed, Oct 17, 2018 at 07:25:38PM -0700, Eric Rescorla wrote: > >> As it is, there are a number of servers which desperately require > >> the presence of TLS extension SNI, or will fail TLS handshakes either > >> by choking and dropping connections (Microsoft IIS 8.5+) or by > >> very unhelpful alerts (several others), and also HTTP/2.0 requires > >> unconditional cleartext presence of TLS extension SNI. Any kind of > >> heuristics-based approach for clients to guess whether or not to > >> send TLS extension SNI is flawed from the start. If a network > >> middlebox can make a client present a cleartext TLS extension SNI > >> by refusing connections without cleartext TLS extension SNI, > >> the entire effort becomes pretty useless. > > > > Yes, clients must not fall back to cleartext SNI in this case. > > Please give a clear deterministic algorithm how a client can > tell apart a server that requires cleartext SNI from a server > that does not want cleartext SNI. > > > This isn't really the relevant question, as there are many servers > now which do not require SNI. > > The relevant question is how a client can be made aware that > a server does support ESNI and can have high confidence that > it will accept it. Such an algorithm is provided in: > https://tools.ietf.org/html/draft-ietf-tls-esni-01#section-4 > > Note that as explained in detail, it is not necessary that all clients > send ESNI to that server. Right -- it's not a matter of a server requiring or not requiring ESNI. The way I understand it, a server that supports ESNI merely affords clients an opportunity to better protect themselves -- it is still the client's responsibility to resist downgrades, and to somehow discover (through DNS or otherwise) that the server supports ESNI in the first place. I imagine that most servers that support ESNI will continue to simultaneously support plaintext SNI connections.
- [TLS] WGLC for draft-ietf-tls-sni-encryption Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Sean Turner
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Rex
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Martin Rex
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Eric Rescorla
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Geoffrey Keating
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption David Fifield
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-sni-encryption Mark O