On 13 November 2017 at 07:28, Bret Jordan <jordan.i...@gmail.com> wrote: > All, > > We had a great turnout tonight for the encrypted SNI hangout session. > Everyone seemed open and willing to work together to understand the > complexities that sit before us. Several interesting and important views > were expressed, and I feel that the meeting was ultimately a success. In > fact, I believe we should do more hangout sessions like this. > > Take aways from the meeting: > 1) We are starting to understand the problem that we are trying to solve > > 2) We need to ensure that any potential solution will in fact solve the > problems as we understand it and not make the problem worse > > 3) We need to compile a list of use cases and scenarios in a draft document > that talk about how the SNI (for good or for bad) is being used today and > what an encrypted SNI will mean for these use cases. > > 4) We need to make sure we get feedback and information from at least the > telco sector, large enterprise, financial sector, and the health care > sector. > > > I believe this information will help us better understand both sides of the > issue, shed light in to what it will mean, help us define the "why" we are > doing this, and ultimately feed and foster a better technological solution. > If you have or know of scenarios or use-cases where the SNI is being used by > network operators, system administrators, security engineers, products, etc, > please send them to me so I can start compiling them in to a draft document.
Are you also interested in collecting reports of where SNI is used to censor? Or the list of network vendors that support filtering and manipulating traffic based on the value? In general, the bad uses of SNI are harder to enumerate because people aren't willing to come to the WG and explain how they use SNI to selectively break or censor the internet for their citizens/users. We have a few confirmed cases, anecdotal evidence, and lots of evidence of censors being technically applied by whatever means is available. But when you pile up all the administrators who will come to the WG and say "This really frustrates me and makes my job harder" you're going to have a much bigger pile than the users (or even technical advocates like myself) we can bring in and say "Plaintext SNI is harming the Internet". > Side question, it feels like this effort could represent a lot of work and > require a lot of dedicated cycles. Does it make sense to continue this > effort inside of the TLS WG? If it does, will the WG give us the time, > mindshare, and cycles to focus on it (just asking the hard question)? In August we adopted the draft, so the answer is "Yes". -tom _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
