Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On 6/2/2020 3:35 PM, Christian Huitema wrote: > >> On Jun 2, 2020, at 2:26 PM, Ben Schwartz wrote: >> >>  >> >> >> On Tue, Jun 2, 2020 at 4:50 PM Christian Huitema > > wrote: >> >> On 6/2/2020 11:44 AM, Salz, Rich wrote: >> >> > Trial description scares me.  P

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

> On Jun 2, 2020, at 2:26 PM, Ben Schwartz wrote: > >  > > >> On Tue, Jun 2, 2020 at 4:50 PM Christian Huitema wrote: >> On 6/2/2020 11:44 AM, Salz, Rich wrote: >> >> > Trial description scares me. Perhaps that's not a rationale fear -- one >> > of the points of CDN support is a large ano

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On 6/2/2020 11:44 AM, Salz, Rich wrote: > Trial description scares me. Perhaps that's not a rationale fear -- one of > the points of CDN support is a large anonymity set -- but I worry about the > DoS possibilities. Especially if QUIC picks this up (now trivial to fake > "client IP") and if so

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On 6/2/2020 11:30 AM, Stephen Farrell wrote: > Hiya, > > Sorry if I'm missing a bit of context... > > On 02/06/2020 18:28, Christian Huitema wrote: >>clients prevent server identification by sending >> an empty record_digest field in the ClientEncryptedCH, and > That seems to me t

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

Trial description scares me. Perhaps that's not a rationale fear -- one of the points of CDN support is a large anonymity set -- but I worry about the DoS possibilities. Especially if QUIC picks this up (now trivial to fake "client IP") and if some large mobile manufacturers move to use this as

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

Hiya, Sorry if I'm missing a bit of context... On 02/06/2020 18:28, Christian Huitema wrote: >clients prevent server identification by sending > an empty record_digest field in the ClientEncryptedCH, and That seems to me to be an unnecessary breach of the do-not-stick-out requi

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On Tue, Jun 2, 2020, at 10:28 AM, Christian Huitema wrote: > > > On 6/2/2020 5:44 AM, Christopher Wood wrote: > > On Mon, Jun 1, 2020, at 10:06 PM, Christian Huitema wrote: > >> This draft looks really good. I just have two questions of clarification. > > I am not sure that I understand the po

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On 6/2/2020 5:44 AM, Christopher Wood wrote: > On Mon, Jun 1, 2020, at 10:06 PM, Christian Huitema wrote: >> This draft looks really good. I just have two questions of clarification. >> >> I am not sure that I understand the point made in appendix B, Total >> Client Hello Encryption. The text in

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

On Mon, Jun 1, 2020, at 10:06 PM, Christian Huitema wrote: > This draft looks really good. I just have two questions of clarification. > > I am not sure that I understand the point made in appendix B, Total > Client Hello Encryption. The text in that appendix explains that "The > design describe

Re: [TLS] I-D Action: draft-ietf-tls-esni-07.txt

This draft looks really good. I just have two questions of clarification. I am not sure that I understand the point made in appendix B, Total Client Hello Encryption. The text in that appendix explains that "The design described here only provides encryption for the SNI, but not for other extensio

[TLS] I-D Action: draft-ietf-tls-esni-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security WG of the IETF. Title : TLS Encrypted Client Hello Authors : Eric Rescorla Kazuho Oku