[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

TLS NPN (Next Protocol Negotiation)

To: or-talk@xxxxxxxxxxxxx
Subject: TLS NPN (Next Protocol Negotiation)
From: Seth David Schoen <schoen@xxxxxxx>
Date: Mon, 16 Aug 2010 23:08:27 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 17 Aug 2010 02:17:19 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

Over on the TLS WG mailing list at IETF there is some debate over
the NPN (Next Protocol Negotation) TLS extension, which originated
outside of TLS WG but is now starting to be brought up there for
standardization.  The thread starts at

http://www.ietf.org/mail-archive/web/tls/current/msg06862.html

Much of the debate centers around the idea that NPN will make it
harder for network operators to know what protocols users are using
over TLS and hence to block particular protocols while permitting
others.  One of the proponents (Adam Langley, who has been doing a
lot of other fantastic work on making TLS better and more ubiquitous)
mentioned the idea that Tor is an intended use case for this
behavior, although there hasn't been any other explicit discussion
of this.

http://www.ietf.org/mail-archive/web/tls/current/msg06866.html

"The design, as is, was picked because the use cases considered were
either ambivalent on this point [in effect, whether to reveal which
service the client is interested in contacting earlier in the
protocol] or favoured the privacy side (i.e.  Tor)."

(Apparently the notion is that the protocol negotiation would
happen late enough that the encrypted session is already
established before the client and server decide which particular
service the client wants to talk to, so you could multiplex,
say, a web server, a Jabber server, a Tor server, and an IMAPS
server all over tcp/443 and an eavesdropper wouldn't trivially
be able to determine which one the client was communicating
with -- except if side channels gave it away, of course.)

I'm tempted to reply pointing out that _all_ uses of TLS represent
at least potential support for a threat model in which a network
operator is the adversary whom users are trying to defend against.
So there's not much conceptually new about having TLS reduce network
operators' control over traffic, although some of the people in
the discussion seem to feel there is a qualitative difference
between, say, keyword filtering and protocol filtering.

Has anybody from Tor been working on NPN?

-- 
Seth Schoen
Senior Staff Technologist                         schoen@xxxxxxx
Electronic Frontier Foundation                    https://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     +1 415 436 9333 x107
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: TLS NPN (Next Protocol Negotiation)
  - From: Gregory Maxwell
- Re: TLS NPN (Next Protocol Negotiation)
  - From: Mike Perry

Prev by Author: Re: Practical web-site-specific traffic analyses
Next by Author: Re: Tor Project 2008 Tax Return Now Online
Previous by thread: Re: Cannot retrieve apt key from keyserver
Next by thread: Re: TLS NPN (Next Protocol Negotiation)
Index(es):
- Author
- Thread