On 15/01/2019 19:27, Viktor Dukhovni wrote: > The information is only available to readers of the message. > The fact the handshake used X25519 or ECDSA (P-256) does not > look sensitive to me. An MSA can choose to not log it, while > MTA to MTA traffic really has nothing to hide here.
Well, not until you get to ESNI and fingerprinting different handshake instances as a way to track a message down a chain of MTAs. If ESNI were used you'd likely not want to put any SNI (or just some public/cover name in). As you add more info about the TLS session, you also make it a little easier to match the eventual mail (accessed via some later leak) with recorded traffic. (I recall some of us being surprised that DKIM signatures validated the leaked DNC mails, so we do have real evidence that this kind of metadata can have unexpected consequences.) Not hard to handle though, probably a couple of simple statements is all that'd be needed, e.g. to not add this information when ESNI was used inbound, and to provide some configuration for when and what to add, might be fine. That said, I'm not clear on the actual purpose for adding this. Other than tidiness, what's it really needed for? (I'm not arguing against, just wondering in case it affects the analysis.) S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
