On 12/2/15 9:13 PM, Dave Garrett wrote: > On Wednesday, December 02, 2015 01:00:26 pm Salz, Rich wrote: >> Encrypted SNI doesn't give you the kind of protection you think that it >> does. We (me and a colleague) did a pretty thorough analysis that showed >> this. It was not a conclusion we expected, or wanted, to reach. It was >> presented at the TLS Interim before the IETF in Toronto. Slides should be >> online. (For example, the adversary will know the IP address or might not >> care about false positives, etc.) > > URL from Rich's previous email citing this: > https://drive.google.com/file/d/0B8YgrWYHqacSV2hnZmR3VjJtRUk/view > > Please don't brush this argument off in favor of the "obvious" answer that > encrypted SNI is helpful. The sad truth is that it's a lot of effort with a > lot of risk for virtually no gain. I was quite in favor of encrypted SNI > before reading it, and I had to concede the point after. If we can come up > with a way to do it easily, ok, but it's not an avenue worth spending too > much time on.
I find it darkly amusing that this argument against the usefulness of encrypted SNI, supported in substantial part by an argument that "1st world eavesdroppers do TA really well", is being brought up in the context of a discussion of my proposal to make traffic analysis harder by encrypting TLS record headers (in combination with other useful techniques such as padding). By all means, let's not encrypt SNI because traffic analysis is easy, and let's not make traffic analysis harder because SNI is unencrypted anyway! ... or something like that. :/ I completely agree with Jake's arguments against security nihilism. The fact that we can't completely and perfectly solve the whole problem all at once should not prevent us from working on little pieces of the problem bit by bit and making life incrementally harder for at least some of the wide diversity of adversaries out there. B > > > Dave > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
