I have been thinking about the TLS SNI hole again and I have a sketch that I think is quite practical for solving the issue.
For the sake of argument, assume we are doing a TLS/2 which is a complete break with the past TLS protocol that removes most if not all the options in the current protocol and either eliminates them or makes them mandatory. So no more OCSP stapling option, if you are doing TLS/2, it is a requirement. The restart mechanism is MTI as well and has a mechanism to allow the crypto state to be offloaded to the server. One hole that does raise privacy issues is Server Name Identification. If you have 200 web sites on a server, you don't want to have to burn an IPv4 address for each one. So the DNS name of the server has to be passed in the TLS handshake before the encryption tunnel is established. That is a privacy hole. There are a few ways round this problem. But all the best ones involve passing some sort of key from the DNS server. But to make those work cleanly it is essential that TLS is layered on DNS and not the other way round.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
