Hi Ben, Thanks for posting that - good to see a start on plugging that gap.
On 28/06/2019 17:52, Ben Schwartz wrote: > Hi TLS, > > This is a proposal for a very simple new protocol whose main purpose is to > enable ESNI "split mode". Ultimately, I hope that this protocol can also > enable more end-to-end TLS, by reducing the need for load-balancers to > terminate TLS. I guess an alternative would be to wrap this metadata and the TLS session in another possibly long-lived TLS session between the LB and backend. That'd have the benefit of not requiring a PSK, making correlation of the CH etc from TLS client to LB with the LB to backend non-trivial(*), but I guess at the cost of more CPU and per-packet overhead. The fact that a network observer can so easily correlate the inbound TLS packets to the LB with those outbound seems like a fairly major downside of this approach to me. The PSK would also make it hard to offer ESNI fronting to random backends without pre-arrangement between the LB and backend, should that be something someone wanted to do. I think that would allow less centralised deployment of ESNI, which I think is a pretty desirable option to preserve. Also: a diagram would really help make the draft easier to grok:-) Cheers, S. (*) When I say non-trivial here I don't mean "very hard":-) > > Please discuss. > > Thanks, > Ben Schwartz > > ---------- Forwarded message --------- > > A new version of I-D, draft-schwartz-tls-lb-00.txt > has been successfully submitted by Benjamin M. Schwartz and posted to the > IETF repository. > > Name: draft-schwartz-tls-lb > Revision: 00 > Title: TLS Metadata for Load Balancers > Document date: 2019-06-28 > Group: Individual Submission > Pages: 8 > URL: > https://www.ietf.org/internet-drafts/draft-schwartz-tls-lb-00.txt > Status: https://datatracker.ietf.org/doc/draft-schwartz-tls-lb/ > Htmlized: https://tools.ietf.org/html/draft-schwartz-tls-lb-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-schwartz-tls-lb > > > Abstract: > A load balancer that does not terminate TLS may wish to provide some > information to the backend server, in addition to forwarding TLS > data. This draft proposes a protocol between load balancers and > backends that enables secure, efficient delivery of TLS with > additional information. The need for such a protocol has recently > become apparent in the context of split mode ESNI. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls