[dispatch] dispatching draft-farrell-tls-wkesni

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 04 April 2022 23:06 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 047E93A1BBB for <dispatch@ietfa.amsl.com>; Mon, 4 Apr 2022 16:06:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq1CffLAHNuM for <dispatch@ietfa.amsl.com>; Mon, 4 Apr 2022 16:06:36 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20717.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::717]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C275F3A1BCA for <dispatch@ietf.org>; Mon, 4 Apr 2022 16:06:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tl7xWJ2LEw3vqQxXWRVdOi7lK6KIbPxDgZjG9IwJaWXvdvGEY2xUsnePrUUraqRIoCmlo3U8rQ2Qklo5e9UCtvCWrIxA9riVWtS9kvE7q2cAVEvo/IlZqgej7Prpv4PmurRJ6pyAIrA2xfiCVZNDjLFFAD8QD4SQvIBj7PGjm8mzx24rPOed+chlYJzLAntN7zGxWqiyTWvX/JrBRZaBCojke3wmrlpxvWzHviWWV1MBksaTRBEEZ2ZvP/XO8fVGnpc97EqCE2fWAQm7vX/GisOuMS5WrUbhoIclHHb5BtWS+4T0SZG5QLbQH3Irca9Z28EGEoXtlqdTphkKLLoFAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YL2WNY4ymX+BSKA1SM1bzWna6Dtj7km9IaBKU8xH5qc=; b=AzdkGcS/OAqc9Gkuw2rCKkW5BHJrmzl338pfvVPHrXk43YjNMalINWne4RfiUz5JuVy9tHPSosYXyRdE4uPsJDLyZ09dX2z1l21E9uT2Jwt6eY2s7lBuk4ui5sj+b7XsXzQ6BI+jIHxOIjePw/Q1W3ad3XiLVgfzlLllxa4DKcH1LFuIQZWl+sH7tuQ7yP9cSbUucmWlavdxDulx5lZ68MUPNKzMMF+DEO/X16j4zX+v4HKlQzs2bGP/2t5m9ML3/q7S//wB1XKiiq8WuKvV75EuxYqpwdWokXWVV7h+qWMsi4MFsJVAWrtvOeMxkSlK8sULDPcSLsvDkAnYzG51Sw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YL2WNY4ymX+BSKA1SM1bzWna6Dtj7km9IaBKU8xH5qc=; b=Fpwob1jwkwlDNuNFo0FSVPsUJw3nAqbBt+Sde5cO6oI7SlJtQc7B2Eruw2qiVn8DAAcMcdifP9HudJ+OIE0jH2D2sK8MtVvhlbnD+oYCXrF08xOBH+qyxfuuGdagx6AdD7XWv0MykjJfHw9CaFKrmFhzkrsZXjWV0pq5XZPmEd5ZXga8wQ35kygHdvAg4h2v9EU3bv8dUSA03vbECX+Wo3L+F8FApCo1nOteyZvTH/eyLLbYeUn49zed/l2CPA24brQAm44RgwyMpPCzVnCZXeqCtN0HTzmZrT5pB+cuzX9vZYY0wiVpOMZ5p3LgWTF2USlsEJdPhNCzX7sDlGltcg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS4PR02MB7975.eurprd02.prod.outlook.com (2603:10a6:20b:4ba::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Mon, 4 Apr 2022 23:06:30 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::c183:9519:74b5:b606]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::c183:9519:74b5:b606%7]) with mapi id 15.20.5123.031; Mon, 4 Apr 2022 23:06:30 +0000
Message-ID: <0bea9330-4c05-05e8-323a-a5474be6c515@cs.tcd.ie>
Date: Tue, 05 Apr 2022 00:06:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: DISPATCH list <dispatch@ietf.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------wLc83gX05jXwl8y5XFM2FBVr"
X-ClientProxiedBy: DB9PR06CA0012.eurprd06.prod.outlook.com (2603:10a6:10:1db::17) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6f30f317-46ce-4e72-cd04-08da168fc0a4
X-MS-TrafficTypeDiagnostic: AS4PR02MB7975:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <AS4PR02MB7975FBF0FBA495421E5CFA15A8E59@AS4PR02MB7975.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kfwkj3QnCj1x4cpUT8WX13IuqdK9sbZ5TK0Ne3MyPKFR5UqgXN4TOh2oAhO3oSMKAQxVM+iU8xwKJdXufFEiEs+Cl6WkEMGpcMFZmW19DsPZtSxcDsgVMCcGmwBWTH1HqkOAsUp2feIp0BzKlTtu+Uaf6nJKfrrYPsFGUSwIlZkE3mxiBHrYSX8JXu40cA05AWeVDPCgtQ7/XjAxfj1sxVtXJ8esS4dND7vDvIpBw8h0hZQ5vBRBZeFzrg+tjFcCSxBskufPseL1qCFT3pP61wSdL/YVHNjUHeFPASIoxDiA9j1FMQwOZuCoz+71wOX2uJyZP6QHV9AF6IIrsv1YRTJrndAnMJwNCDHHclupw/jRfcbUnWsfuvLpzO+R2tNPVWKm/s9DIcFS0xqWYiTXxK8fwjzphz4/TxxS9dA4yUpyygZHrRdxZbGOL30qQVLjAZmP62U5z+sZFHLNvmTBzrGw7BgorHLRvc7l9D7hDdZzknEPypapsCqxyEkyDJs9ETNSAtMy48CQ9EP2tXHbumoek5Xvf8tuMC/rZza83iXMbwaYClcUjcTAdR45cW5wu/B6Z5KOcqLAjMAbD83IWhU1lXHb4uRJc+1tRlqxZyJyUK5D+desBcsIyIaz2ozHSmBeyPeF2ve7hDl6emQ7ghaDCKZk3NuTORSLqON5NSvbNXIAj7Z/OhmCRNHU8xCTodq2qGChyKr9DSD2t0N0FqakipGn7Nrh4rZWY7qquEcWbb/dhZHQufbSxPcN5jwJc5b4YMPVHd4c+nz9ohsrC/mJW+xNPUzC+CiIYEqCpo7W5k89ejq9KJTiHAxM20BZ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(2616005)(966005)(508600001)(186003)(33964004)(6506007)(21480400003)(6486002)(6666004)(44832011)(2906002)(86362001)(31696002)(6512007)(5660300002)(83380400001)(316002)(786003)(66556008)(66476007)(66946007)(235185007)(36756003)(31686004)(38100700002)(6916009)(8676002)(8936002)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: qAkk+IU5K1gVo+kZ6e+EcmZKw34PZ+QZdRpJlKBDe2heimQPrFQ5voDudgOHLDZlyozWkkaynZJZDZiFOHAKyjOStF2O441bFJo40YgCntU3lzw0zk0J9v30y5BR2rPm38JMqDFFssArTgcfAEc8alDSVpWyAUiYeON2ix8EwrwTC3+6c7qIp56cnSGL7pc68dPGnR49JblQMsGz2n/SRHb+J/ZjkxaQ3Z22t28N4Gxun/cvFYZrLbOwWrZFoSHIjCkkENdgdoqM5NO/L+NWJLekfu1QP+rQ5aRovMwPepnlxf9BotoAhc2KpeFXwS4JUzahuL0YQ4EYUIn4gloUQ3ryH09WMWG47mjVer1lrwjcU23qbsq6nzfhKVuyPjK1MnbVCUoF7nFeJ/eW7PeIm6MZsGrLzCTvt+3jX81oZA2Fb/3oEAMyUMAbh4mZo9D/Etb6aO9g3eBr8WYkHq3kk5FpE25H4r3LgxwKW3aaihgBLaeZDTTmv/OBubn4AO73juvQMNueZvpcVnMbVMHhfXZw+WT2tnOtNjuggvo/i4xCxhdrV271lCFMKvXgYezxa7Z6ThGFsqqb6edb9M+q98C3M1YWXJ6b5OkqOTwnYNkQE/5+tGDaIh1Z8SBnjJ3L3xAShD9ZguV5rokFcIusao4ax4QxdTCaAgxhvTdtM3ulQzErAU4l4x24DP0q52XWEa1ClgVr+5nfPo43DYmcRnomXK2L2BI5sFQBJT4z4YimydOhjj03cC4DEVz4nHDDUvkihwUQJVrCoIwGOcuQv1aBQzrkIElpcPpvDBrwuec3GT/TgYMQDTeZOJvN4NngFYArQR2xDIwyK5eOrUIb9ppK3wjbr+eBFvsGtZ42KFw8R5cKQPZ2gd/jinZFNEpCksGuYUTfUo/Z+zzeKHNg0yVh5DdKI1gdHDr0Lxn35J4szveyID/CNh+m+7lnRV6SFWhCsFRRqo9voGqvidodyNj1bcAvbkhZUIQneNJGqdFp+g3PBGQE3Rs3KszunuANmkKrgqloPFagrGE3Tuuh1XoMrhq2ZNFdKW/b1aZu0RiCPgzSqQ+4tKI9pSS8QopkfjodLd1nKDUJbBhHMurc8GiH0IM/jsSE4L6PRkokkgSzuF8PEBrRDSja2/PxSy8FYSclHOqf1WAFA/anyglC/9YOeHvjxILZMVuyhtJgjsBPQKwkN/3srtdDQxdI4wl5BQGYnuGhelko7/sGWpSMLbfzZiAXAJK+x9ZLyNWmp0HAElLHs5ETs4l1uwiri98Rf9JqKnj5QkHZjNe4x9CXXFIrrW6FjEAxIm7wGo6wGs2Yz98WMQ/tNITMXVFtWR539FNN65RTUtXWQkVM3leE9I6LyomiiNt7T81WwQTn3KZ8bL4SMiYTXnW36UH8du7VBGkkLIGWVeCuxlUZdTlbcaO+nDdNgwTKU2UYdX3Mv8d/a9ueOPvxrEsAv5EVbukNYv2UTVetfxpOT63TAFBdYyhCYk+5mrHXUOkSsH+BbLnPnuKcEjrk/dYDm9OFuiGBw8i0+60wUQKWXRh/E7XHeMeq2SVw0+TuphWr/UpDPmpV7GBfreFPcYuhcMCPMCmar+jR+I3fHtGHm7Yd4u3g7fYTXt4yh+G7EgL3RLXiYFtCtxSzkcGB3EmrYu69i/g+5tbYZpZ4oVB70zOw2XZpxDxN3s5Xh2KgMqmYwmV9RAoMuLNZvrUCVjiF+vFYIYyrNWuQ5TI1hRBEp5GU/xPB92D/A9m6I4AvCj4AOGp96FZI7e5osjwTQna078TyrrHdwVz+/CR3
X-MS-Exchange-AntiSpam-MessageData-1: +l3k9CfcwU6OLg==
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f30f317-46ce-4e72-cd04-08da168fc0a4
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2022 23:06:29.9350 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: whdxVr1a66V/uWpKePPi0vnV6a04FhccNVImjLbFzk5Z25qyWS7Lw1NjgPIS3FXy
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB7975
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/QuOn03ZxxkcuVzUqfgwBonz7Gxs>
Subject: [dispatch] dispatching draft-farrell-tls-wkesni
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 23:06:55 -0000

Hi all,

(Thanks again to Joe Salowey for presenting this in Vienna
when I had to be in another room.)

My impression of the discussion [1] of this draft [2] is
that there's interest in the draft but people were fuzzy
as to where it might best be processed. The meeting notes
indicate that more dispatch discussion on this list was
the desired outcome, so here goes...

My take, in case it helps: ask TLS to adopt with review
from HTTPBIS. I fully agree it ought be processed by an
IETF WG.

Responding to what I think is the main technical issue
identified at the meeting (relevant to the dispatch
question) and that will need to be addressed during WG
processing: the appropriate level of generality here is
a tricky issue, and (again as pointed out in the notes)
needs input from those who'll operate servers.

I figure though that there's a useful guideline we can use
here. The relevant HTTP server for this spec is the ECH
private key holder. The ECH private key holder processes
the outer ClientHello so whatever they wish to ask be used
there by eventual TLS clients, in the outer ClientHello,
seems like it should be supported here. And that's the
ECHConfigList which is already an extensible structure
and is the meat of the HTTP response defined here.

What ought be in the inner ClientHello is up to the
eventual/backend web origin (the "publisher" of the
HTTPS/SVCB RR) which is the HTTP client in this spec
and so ought not be represented in the JSON (or
whatever) HTTP response messages defined here. IOW,
that's an argument for the current design in [2].

Of course, experience may demonstrate that some more
is needed, but I'm sure that'd emerge in WG processing,
regardless of which WG "owns" the spec.

Also looking at the notes, I agree that the timing for
this ought be driven by ECH (also a TLS spec) - from
my POV, this one would ideally turn into an RFC a few
months after the ECH spec, which again, for me, argues
that the TLS WG is best placed to process this.

Cheers,
S.

[1] 
https://notes.ietf.org/notes-ietf-113-dispatch#A-well-known-URI-for-publishing-ECHConfigList-values-20-mins
[2] https://datatracker.ietf.org/doc/html/draft-farrell-tls-wkesni