Over on the TLS WG mailing list at IETF there is some debate over the NPN (Next Protocol Negotation) TLS extension, which originated outside of TLS WG but is now starting to be brought up there for standardization. The thread starts at
http://www.ietf.org/mail-archive/web/tls/current/msg06862.html Much of the debate centers around the idea that NPN will make it harder for network operators to know what protocols users are using over TLS and hence to block particular protocols while permitting others. One of the proponents (Adam Langley, who has been doing a lot of other fantastic work on making TLS better and more ubiquitous) mentioned the idea that Tor is an intended use case for this behavior, although there hasn't been any other explicit discussion of this. http://www.ietf.org/mail-archive/web/tls/current/msg06866.html "The design, as is, was picked because the use cases considered were either ambivalent on this point [in effect, whether to reveal which service the client is interested in contacting earlier in the protocol] or favoured the privacy side (i.e. Tor)." (Apparently the notion is that the protocol negotiation would happen late enough that the encrypted session is already established before the client and server decide which particular service the client wants to talk to, so you could multiplex, say, a web server, a Jabber server, a Tor server, and an IMAPS server all over tcp/443 and an eavesdropper wouldn't trivially be able to determine which one the client was communicating with -- except if side channels gave it away, of course.) I'm tempted to reply pointing out that _all_ uses of TLS represent at least potential support for a threat model in which a network operator is the adversary whom users are trying to defend against. So there's not much conceptually new about having TLS reduce network operators' control over traffic, although some of the people in the discussion seem to feel there is a qualitative difference between, say, keyword filtering and protocol filtering. Has anybody from Tor been working on NPN? -- Seth Schoen Senior Staff Technologist [email protected] Electronic Frontier Foundation https://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
