On Tue, Feb 14, 2017 at 5:14 PM, John Levine <jo...@taugh.com> wrote:
> In article <alpine.lrh.2.20.1702141415360.31...@bofh.nohats.ca> you write:
>>This seems like a bandaid to TLS that I think just needs
>>fixing in the TLS protocol.
>
> For once I agree with Paul.
>
> If you're going to change the client anyway, why is this better than a
> modified handshake that sets up the encrypted channel before sending
> the SNI?  I realize this is not a great time to open up TLS, with the
> dust from TLS 1.3 just settling, but there's never a good time for
> some stuff.

I'm /soooo/ not a TLS person, but I think that this was discussed in
the TLS WG and didn't make it into the final spec -- it requires (at
least) an additional RTT. You do get SNI encryption with Zero-RTT, but
it's too later by then...
Some slideware: https://www.ietf.org/proceedings/94/slides/slides-94-tls-8.pdf
The DNS SNI lookup could at least be done in parallel with the
"normal" DNS one (and, possibly returned in a
draft-wkumari-dnsop-multiple-responses answer :-))

>
> You should assume that bad guys have access to passive DNS databases,
> so it's not hard to reverse the indirection that SNI records provide.

Yup. I believe that much of the privacy benefit is gained if you
happen to host your site on the same domain / IP as many other sites.
Unfortunately this is true not just for domain fronting / this
technique, but for many other situations -- it doesn't matter how well
the SNI is hidden, if you connect to an IP address which only hosts a
small number of sites (or sites all on the same topic) you've lost.

An example of this is aa.org - the only other site on that IP is
www.alcoholicsanonymous.org - if you had an expectation of privacy, it
probably doesn't matter which one of the two names you went to...

> If you used TXT records the reversal would be slightly harder, since
> you'd have to pick them out from all the other cruft that's encoded
> in _prefix TXT records.

Hmmmm... are you suggesting we make TXT records cruftier to increase
privacy? :-)

W

>
> R's,
> John
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to