On Thu, 19 Jul 2018 at 18:54, Kate Krauss ailanthus@riseup.net wrote:
On 2018-07-19 3:51 am, Alec Muffett wrote:
Thank you! I'm extremely grateful to both Alec and Yawning for these thoughtful and clear explanations. So there can be no possible domain fronting under TSL 1.3?
Not quite.
DomainFronting essentially means that "SNI Says Alice, First Line Of Letter Says 'Dear Bob'".
You can do that in both TLS1.2 and 1.3, with Plaintext SNI or (in 1.3) with Encrypted SNI.
However:
a) doing it is a pain in the ass for the service provider, irrespective of what version TLS is in use, plus it has negative security consequences (see previous email from me)
b) if we make TLS1.3+EncryptedSNI into a ubiquitous offering, the need for DF becomes moot. It becomes pointless.
Is TSL 1.3 inevitable now that it's been
approved by IETF?
Kinda, but we need to watch carefully for people trying to drill holes in it, and/or for "adding friction" to anyone wanting to _leave_ TLS1.2
Such friction includes the Civil Society community screaming "Waaaaah! But losing DF harms Tor!"
Honest answer: "short term, yes; long term we can win hugely, and we piss off the NSA too!".
If so, does it make sense to push for domain fronting as a transitional strategy until we have a better plan?
Exactly. Clearly deprecate it, limp along with what DF we can get, and push hard to get TLS1.3+ESNI into the world's default webserver configs as soon as possible, and I think we'll be shooting the right direction.
His tech advisor
Chris Soghoian may support the letter.
I've seen Chris' work before, eg: in support of export control of security software ("Wassenaar") to stop the outflow of spyware from Western countries to at-risk countries like Ethiopia.
I won't argue with his sentiment, then as now, but I feel (if he's also behind this) that his approaches lack adequate consideration of bigger pictures and long-term goals.
So my final question--and this may just be contained in a link someone could just post, but better, ELI5 here (if appropriate)--is what might work, what is on the horizon, does it need more support, and if so, how can we support it?
We must boldly and clearly recognise DF as the ugly kludge that it is, and make sure the world knows that; I feel that Tor should (if resources can be found) get involved with the community of people and companies who are pursuing solid communications security at the HTTPS layer; in some senses they are only trying to emulate the goals which Tor has had for years (decades?) and there must be experience worth sharing.
-a