[tor-project] US congress wrote a letter to Google and Amazon on domain fronting
Alec Muffett
alec.muffett at gmail.com
Thu Jul 19 17:34:39 UTC 2018
Great and fair questions.
On Thu, 19 Jul 2018 at 16:55, Arthur D. Edelstein <arthuredelstein at gmail.com>
wrote:
> * When will Encrypted SNI be widely available? My understanding is it
> will take at least months or years to widely deploy.
>
It will take ages. certainly a few years, to reach ubiquity.
Having lived through the "Hey, here's a great idea, let's put NULL
ciphersuites in IPsec to aid Debugging!"-feint by the intelligence
community which meant a bunch of people were/are "running VPNs" that
were/are essentially cleartext, I am disinclined to approve of any measure,
from any direction, which seeks to say "stay, just a little bit longer…"
re: Plaintext SNI.
Much better instead to start loudly labelling them as "DEPRECATED, OLD AND
BUSTED" right _now_, live with that in the interim, and ease a rapid
transition away from the old-and-bustedness as soon as it sediments.
> * We have Domain Fronting now -- is it not reasonable to ask Google
> and Amazon to keep supporting it until they support ESNI? That's not
> the same thing as "supporting cleartext SNI forever."
>
Their infrastructure is migrating away from old and busted, and there is a
lot of sense in that migration - Domain Fronting actually has consequences
for request security, trust and handling. I could try describing it here,
but I would probably mess it up - a much better speaker on this topic is
Ryan Sleevi.
> * Can't governments or ISPs simply block ESNI requests? Will browsers
> and CDNs then fall back to cleartext SNI?
>
Great questions; the first attempts at rolling out TLS1.3 (and subsequent
embarrassing reversal) provide a guide to the all-or-nothing breakage:
https://searchsecurity.techtarget.com/news/450413934/Chrome-backs-out-of-TLS-13-support-after-proxy-issues
Short version: getting the pain over-with quickly and then pursuing a rapid
transition, seems to be the best strategy; if we push for Google to retain
PlainSNI and DF, and if we are successful, then we are leaving the field
open to a Post-TLS1.3-Deployment "slippery-slope" argument against adopting
Encrypted SNI.
Better, instead, to ram them through, together, in lockstep.
* While I can see why Google and Amazon might have legitimate business
> reasons not to permit Domain Fronting, it seems also legitimate to ask
> them to reconsider in order to support people subjected to censorship.
>
Ask all you like, but it's a bad idea; you're basically asking them to risk
all their traffic on behalf of (for example) Tor. Better, instead, to fix
the shitty software, so they can say "We have Tor Relays running on our
Infra? Well, they're just another customer, nothing we can do about it!" -
rather than face accusations of having implemented DF and bending their own
security models to support the democratic peccadilloes of the liberal west.
> Was legislation or other state coercion hinted at somewhere? In the
> senators' letter, it says "we respectfully urge you to reconsider."
>
I can't speak to that, but I have trusted sources who tell me that GCHQ was
recently trawling the Financial Services companies (ie: investment banks
and so forth) in the "City" of London (ie: financial district) looking for
big names that they could parade at the recent IETF meeting in London, to
try and add leverage to drilling some surveillance-friendly holes into the
TLS specification. They were looking for big names who would go on record
to say "We require man-in-the-middle-capabilities in order to maintain
legal compliance" - which is bullshit for any decently run organisation. To
a first approximation, nobody came forwards to support their perspective.
If you want to read GCHQ's perspective on how stronger, better security in
TLS1.3 makes things "harder for enterprise", read this blog post:
https://www.ncsc.gov.uk/blog-post/tls-13-better-individuals-harder-enterprises
Speaking as a former Enterprise Security Architect for Sun Microsystems,
and having build systems for banks, I consider the blogpost to be an utter
fabrication, unworthy of respect.
As such, I might perhaps be a little oversensitive, but I am deeply
suspicious of any proposition from any quarter which essentially attempts
to sediment old-and-busted TLS1.2 functionality.
- alec
--
http://dropsafe.crypticide.com/aboutalecm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180719/e9f53b3a/attachment.html>
More information about the tor-project
mailing list