Re: [TLS] Tonight's Encrypted SNI Hangout Session

> On Nov 14, 2017, at 00:00, Tom Ritter wrote: > >> Side question, it feels like this effort could represent a lot of work and >> require a lot of dedicated cycles. Does it make sense to continue this >> effort inside of the TLS WG? If it does, will the WG give us the time, >>

Re: [TLS] Tonight's Encrypted SNI Hangout Session

Please see https://www.ietf.org/id/draft-camwinget-tls-use-cases-00.txt for some example use case scenarios impacted by encrypted SNI. As Ekr subsequently pointed out, it would be useful to make a distinction between conformant and non-conformant use case scenarios (which we plan to do in the

Re: [TLS] Tonight's Encrypted SNI Hangout Session

Great comments and feedback. Thank you. Bret Sent from my Commodore 128D PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > On Nov 14, 2017, at 10:43 AM, Yoav Nir wrote: > > > >> On 14 Nov 2017, at 0:00, Tom Ritter wrote: >> >>

Re: [TLS] Tonight's Encrypted SNI Hangout Session

> On 14 Nov 2017, at 0:00, Tom Ritter wrote: > > Are you also interested in collecting reports of where SNI is used to > censor? Or the list of network vendors that support filtering and > manipulating traffic based on the value? I don’t think naming and shaming is a goal

Re: [TLS] Tonight's Encrypted SNI Hangout Session

What I think I am more worried about right now is jumping in to designing a technological solution before we know and understand what is going to break and is a solution going to actually solve the perceived problem(s) or make them worse. Technological changes do not always make things better.

Re: [TLS] Tonight's Encrypted SNI Hangout Session

Look at Christian’s draft, it captures the use-case(s) and trade-offs pretty well. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Tonight's Encrypted SNI Hangout Session

On 11/13/2017 11:11 AM, Ilari Liusvaara wrote: > And yes, genuine encrypted SNI could be somewhat nasty for routing > before terminating TLS. And if one tries to simply use public-key > encryption, AFAICT, all the known ways are either slower than > ECDH-ES or have much larger size overhead

Re: [TLS] Tonight's Encrypted SNI Hangout Session

On Mon, Nov 13, 2017 at 01:45:51PM -0500, David P wrote: > > > On Nov 13, 2017, at 12:55 PM, Ilari Liusvaara > > wrote: > > > >> On Mon, Nov 13, 2017 at 09:28:23PM +0800, Bret Jordan wrote: > >> > >> 3) We need to compile a list of use cases and scenarios in a draft

Re: [TLS] Tonight's Encrypted SNI Hangout Session

New here. What about a use case (for SNI) of different teams (or budgets) procuring certificates for different sites housed on either the same server, or at least in the same data center behind the same load balancing device? And SNI being used at a gateway, or entry point to that

Re: [TLS] Tonight's Encrypted SNI Hangout Session

On Mon, Nov 13, 2017 at 09:28:23PM +0800, Bret Jordan wrote: > > 3) We need to compile a list of use cases and scenarios in a draft document > that talk about how the SNI (for good or for bad) is being used today and > what an encrypted SNI will mean for these use cases. What I think SNI is

Re: [TLS] Tonight's Encrypted SNI Hangout Session

On 13 November 2017 at 07:28, Bret Jordan wrote: > All, > > We had a great turnout tonight for the encrypted SNI hangout session. > Everyone seemed open and willing to work together to understand the > complexities that sit before us. Several interesting and important views

[TLS] Tonight's Encrypted SNI Hangout Session

All, We had a great turnout tonight for the encrypted SNI hangout session. Everyone seemed open and willing to work together to understand the complexities that sit before us. Several interesting and important views were expressed, and I feel that the meeting was ultimately a success. In fact, I