Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Tom Ritter 
On Aug 4, 2017 9:22 AM, "Daniel Kahn Gillmor"  wrote:

On Fri 2017-08-04 08:50:33 -0400, Sean Turner wrote:
> At our IETF 99 session, there was support in the room to adopt
> draft-huitema-tls-sni-encryption [0].  We need to confirm this support
> on the list so please let the list know whether you support adoption
> of the draft and are willing to review/comment on the draft before
> 20170818.  If you object to its adoption, please let us know why.

I support wg adoption of this draft and am willing to review before
20170818.


+1 although I agree with AGL about must/must nots setting policy (and that
the section should be reworked in the frame of "we have chosen a design to
avoid these undesirable characteristics) and that it's odd to adopt the
draft without choosing which of the designs we're adopting.

However I at this time I'm not opposed to either design.

-tom
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Christian Huitema 


On 8/4/2017 10:39 AM, Adam Langley wrote:
> On Fri, Aug 4, 2017 at 5:50 AM, Sean Turner  > wrote:
>
> At our IETF 99 session, there was support in the room to adopt
> draft-huitema-tls-sni-encryption [0].  We need to confirm this
> support on the list so please let the list know whether you
> support adoption of the draft and are willing to review/comment on
> the draft before 20170818.  If you object to its adoption, please
> let us know why.
>
>
> Section two of the draft discusses the design space, which is to be
> welcomed, but also MUST/MUST NOTs sections of that design space. While
> I generally agree with its opinions, it's confused about whether it's
> a technical document or a policy document. If it decides to be a
> policy document, then I'm unconvinced of its utility.
Clearly, Section 2 could be turned into some kind of 'problem statement"
draft. I personally don't like splitting problem statement and proposed
solution in separate documents, but if that's the group consensus, why not.

>
> If it wants to be a technical document, then the draft includes two
> very different designs with a note saying that one will be chosen at
> some point. So which are we talking about adopting? While drafts
> evolve during the WG process, there's a big gap between the two ideas
> and I'd support one but not the other.
>
My goal was to list the current state of solutions. The document could
be split with different drafts presenting different solutions, but I
believe there is value in an attempt at unification.

-- 
Christian Huitema

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: draft-thomson-tls-record-limit

2017-08-04 Thread Benjamin Kaduk 
It is currently before 20170818, and I support adoption of this draft
and am willing to review it as it progresses.

I do agree with Ilari that limiting the ciphertext size seems to make
more sense, but of course we can discuss that post adoption.

-Ben

On 08/04/2017 07:50 AM, Sean Turner wrote:
> At our IETF 99 session, there was support in the room to adopt 
> draft-thomson-tls-record-limit [0].  We need to confirm this support on the 
> list so please let the list know whether you support adoption of the draft 
> and are willing to review/comment on the draft before 20170818.  If you 
> object to its adoption, please let us know why.
>
> Cheers,
>
> J
>
> [0] https://datatracker.ietf.org/doc/draft-thomson-tls-record-limit/
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Adam Langley 
On Fri, Aug 4, 2017 at 11:03 AM, Tony Arcieri  wrote:

> On Fri, Aug 4, 2017 at 10:39 AM, Adam Langley 
> wrote:
>
>> If it wants to be a technical document, then the draft includes two very
>> different designs with a note saying that one will be chosen at some point.
>> So which are we talking about adopting? While drafts evolve during the WG
>> process, there's a big gap between the two ideas and I'd support one but
>> not the other.
>>
>
> The tunneling mechanism described in Section 4.1 seems useful (at least to
> me) for more things than encrypted SNI, such as being able to use different
> TLS extensions for the frontend load balancer versus a backend service,
> while still eventually negotiating an end-to-end encrypted session with the
> backend service.
>
> I wonder if the draft should be framed around the TLS-in-TLS tunneling
> mechanism, with encrypted SNI as a potential use case.
>

But my point is that, in this situation, I would expect there to be two
competing drafts—one for each proposal. The WG would then only adopt one of
them.


Cheers

AGL

-- 
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Tony Arcieri 
On Fri, Aug 4, 2017 at 10:39 AM, Adam Langley 
wrote:

> If it wants to be a technical document, then the draft includes two very
> different designs with a note saying that one will be chosen at some point.
> So which are we talking about adopting? While drafts evolve during the WG
> process, there's a big gap between the two ideas and I'd support one but
> not the other.
>

The tunneling mechanism described in Section 4.1 seems useful (at least to
me) for more things than encrypted SNI, such as being able to use different
TLS extensions for the frontend load balancer versus a backend service,
while still eventually negotiating an end-to-end encrypted session with the
backend service.

I wonder if the draft should be framed around the TLS-in-TLS tunneling
mechanism, with encrypted SNI as a potential use case.

-- 
Tony Arcieri
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] WG Call for Adoption of draft-rescorla-tls-subcerts continued

2017-08-04 Thread Joseph Salowey 
In the previous call for adoption there were some issues raised that needed
more discussion.   The summary sent to the list [1] and subsequent
discussions indicate support for the approach outlined in this draft.
Therefore we would like to continue the call for adoption.  If you have
concerns about adopting this draft as a working group item please respond
to the list by August 18, 2017.

Thanks,

J

[1] https://www.ietf.org/mail-archive/web/tls/current/msg24092.html
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Adam Langley 
On Fri, Aug 4, 2017 at 5:50 AM, Sean Turner  wrote:

> At our IETF 99 session, there was support in the room to adopt
> draft-huitema-tls-sni-encryption [0].  We need to confirm this support on
> the list so please let the list know whether you support adoption of the
> draft and are willing to review/comment on the draft before 20170818.  If
> you object to its adoption, please let us know why.
>

Section two of the draft discusses the design space, which is to be
welcomed, but also MUST/MUST NOTs sections of that design space. While I
generally agree with its opinions, it's confused about whether it's a
technical document or a policy document. If it decides to be a policy
document, then I'm unconvinced of its utility.

If it wants to be a technical document, then the draft includes two very
different designs with a note saying that one will be chosen at some point.
So which are we talking about adopting? While drafts evolve during the WG
process, there's a big gap between the two ideas and I'd support one but
not the other.

Thus I'm not sure that the draft is ready for an adoption call at this time.


Cheers

AGL

-- 
Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Fwd: New Version Notification for draft-huitema-tls-sni-encryption-00.txt

2017-08-04 Thread Brian Sniffen 
Having promised a review before August 18, I have three issues I'd like
to talk about.  But first, thanks for keeping pushing on this.  I am not
sure it will ever see wide adoption, but we'll surely never find out if
we don't try.


## Don't stand out

I think the requirement that the browser check the CT log and perform
DNSSEC in 3.2 is likely to violate the don't-stand-out requirement, as I
don't expect most browsers to do that most times.  Am I missing
something?


## CDN integration

> If N multiple domains on a CDN are acceptable fronts, then we may
> want some way to indicate this without publishing and maintaining N
> separate tokens.

Those multiple domains will not share TLS keys (or will be under a TLS
wildcard), so delegation to a certificate is enough to cover this.  I
think you can just cut this paragraph, but maybe I don't know something
about some sort of CDN?


## Security considerations: DDoS

In section 6, I'm glad to see analysis vs the ddos requirements in 2.3.
I'm not sure I agree with the quick result:

1) The forwarding server can be used as a reflector.  Under some
   circumstances it should back off.

2) Under CPU load, the forwarding server will presumably start refusing
   early data (especially early data with TCP Fast Open!).  Is it
   necessary to say anything more here?  Or is the ordinary behavior of
   flaky early data sufficient?

   Particularly: what should clients do when early data is refused?  Try
   again with this in the main data section?  Give up?

-Brian

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Brian Sniffen 
Sean Turner  writes:

> At our IETF 99 session, there was support in the room to adopt 
> draft-huitema-tls-sni-encryption [0].  We need to confirm this support on the 
> list so please let the list know whether you support adoption of the draft 
> and are willing to review/comment on the draft before 20170818.  If you 
> object to its adoption, please let us know why.

I support wg adoption of this draft and am willing to review before
20170818.

-Brian

-- 
Brian Sniffen
Akamai Technologies

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Christopher Wood 
I also support adoption, have reviewed it, and will continue to do so.

Best,
Chris

On Fri, Aug 4, 2017 at 7:53 AM, Ben Schwartz  wrote:
> I support adoption and have reviewed the draft.
>
> On Fri, Aug 4, 2017 at 10:17 AM, Stephen Farrell 
> wrote:
>>
>>
>>
>> On 04/08/17 14:21, Daniel Kahn Gillmor wrote:
>> > On Fri 2017-08-04 08:50:33 -0400, Sean Turner wrote:
>> >> At our IETF 99 session, there was support in the room to adopt
>> >> draft-huitema-tls-sni-encryption [0].  We need to confirm this support
>> >> on the list so please let the list know whether you support adoption
>> >> of the draft and are willing to review/comment on the draft before
>> >> 20170818.  If you object to its adoption, please let us know why.
>> >
>> > I support wg adoption of this draft and am willing to review
>>
>> +1
>>
>> > before
>> > 20170818.
>>
>> Not sure about the date - if it's finished by then that'd
>> be pretty speedy:-)
>>
>> S
>>
>> >
>> > --dkg
>> >
>> > ___
>> > TLS mailing list
>> > TLS@ietf.org
>> > https://www.ietf.org/mailman/listinfo/tls
>> >
>>
>>
>> ___
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Stephen Farrell 


On 04/08/17 14:21, Daniel Kahn Gillmor wrote:
> On Fri 2017-08-04 08:50:33 -0400, Sean Turner wrote:
>> At our IETF 99 session, there was support in the room to adopt
>> draft-huitema-tls-sni-encryption [0].  We need to confirm this support
>> on the list so please let the list know whether you support adoption
>> of the draft and are willing to review/comment on the draft before
>> 20170818.  If you object to its adoption, please let us know why.
> 
> I support wg adoption of this draft and am willing to review 

+1

> before
> 20170818.

Not sure about the date - if it's finished by then that'd
be pretty speedy:-)

S

> 
> --dkg
> 
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 



signature.asc
Description: OpenPGP digital signature
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: draft-thomson-tls-record-limit

2017-08-04 Thread Ilari Liusvaara 
On Fri, Aug 04, 2017 at 08:50:31AM -0400, Sean Turner wrote:
> At our IETF 99 session, there was support in the room to adopt
> draft-thomson-tls-record-limit [0].  We need to confirm this
> support on the list so please let the list know whether you support
> adoption of the draft and are willing to review/comment on the draft
> before 20170818.  

Yeah, adopt.

I have experimentented with implementing extremely similar extension.


Reviewing the draft, one technical comment:

1) It is really the ciphertext size that needs to be limited, due to
in-place decryption being possible.

As proposed by PR #1 in the repository, One way to limit the ciphertext
is to give the record size limit as payload size and then apply minmax
limit to ciphertext size.



-Ilari

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Daniel Kahn Gillmor 
On Fri 2017-08-04 08:50:33 -0400, Sean Turner wrote:
> At our IETF 99 session, there was support in the room to adopt
> draft-huitema-tls-sni-encryption [0].  We need to confirm this support
> on the list so please let the list know whether you support adoption
> of the draft and are willing to review/comment on the draft before
> 20170818.  If you object to its adoption, please let us know why.

I support wg adoption of this draft and am willing to review before
20170818.

--dkg

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] WG adoption call: SNI Encryption

2017-08-04 Thread Sean Turner 
At our IETF 99 session, there was support in the room to adopt 
draft-huitema-tls-sni-encryption [0].  We need to confirm this support on the 
list so please let the list know whether you support adoption of the draft and 
are willing to review/comment on the draft before 20170818.  If you object to 
its adoption, please let us know why.

Cheers,

J

[0] https://datatracker.ietf.org/doc/draft-huitema-tls-sni-encryption/
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] WG adoption call: draft-thomson-tls-record-limit

2017-08-04 Thread Sean Turner 
At our IETF 99 session, there was support in the room to adopt 
draft-thomson-tls-record-limit [0].  We need to confirm this support on the 
list so please let the list know whether you support adoption of the draft and 
are willing to review/comment on the draft before 20170818.  If you object to 
its adoption, please let us know why.

Cheers,

J

[0] https://datatracker.ietf.org/doc/draft-thomson-tls-record-limit/
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls