Re: [Hotrfc] HotRFC: ECH Deployment Considerations
Liz Flynn <lflynn@amsl.com> Sun, 23 July 2023 17:52 UTC
Return-Path: <lflynn@amsl.com>
X-Original-To: hotrfc@ietfa.amsl.com
Delivered-To: hotrfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550EEC14CE54 for <hotrfc@ietfa.amsl.com>; Sun, 23 Jul 2023 10:52:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ah2xmI1wKfO0 for <hotrfc@ietfa.amsl.com>; Sun, 23 Jul 2023 10:52:26 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86CFDC14E513 for <HotRFC@ietf.org>; Sun, 23 Jul 2023 10:52:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id 74537424B432; Sun, 23 Jul 2023 10:52:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABvlQ8ZTUYHM; Sun, 23 Jul 2023 10:52:26 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2001:67c:1232:144:d533:9a20:1e6d:a76f]) by c8a.amsl.com (Postfix) with ESMTPSA id 4F700424B427; Sun, 23 Jul 2023 10:52:26 -0700 (PDT)
From: Liz Flynn <lflynn@amsl.com>
Message-Id: <5B04C6D7-4F82-44B2-BBD9-014E89B65982@amsl.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C065DEF2-252D-40FC-9627-BB85EFAF9363"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Sun, 23 Jul 2023 10:52:24 -0700
In-Reply-To: <CWXP265MB51533BFA152CA5B9AB23F072C23CA@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
Cc: "hotrfc@ietf.org" <HotRFC@ietf.org>, Arnaud Taddei <arnaud.taddei@broadcom.com>
To: Andrew Campling <andrew.campling@419.consulting>
References: <CWXP265MB51533BFA152CA5B9AB23F072C23CA@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hotrfc/BTupxzqdOLhwDhCx2wxNLP48JKg>
Subject: Re: [Hotrfc] HotRFC: ECH Deployment Considerations
X-BeenThere: hotrfc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: HotRFC Lightning Talk submission list <hotrfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hotrfc>, <mailto:hotrfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hotrfc/>
List-Post: <mailto:hotrfc@ietf.org>
List-Help: <mailto:hotrfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hotrfc>, <mailto:hotrfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2023 17:52:30 -0000
Hi Andrew, Thank you! I’m updating your abstract now and uploading the slides. See you tonight! Liz Flynn Project Manager / IETF lflynn@amsl.com > On Jul 22, 2023, at 1:59 PM, Andrew Campling <andrew.campling@419.consulting> wrote: > > Hi > I’ve attched slides for our slot at the HotRFC session tomorrow and have also tidied up the abstract a little as I did th eoriginal on an overnight flight to hit the deadline whilst trying not to annoy my neighbours. > > Andrew > > > > Talk title: ECH Deployment Considerations > > Presenter, Affiliation, and whether you'll be presenting in person or remotely > Andrew Campling, 419 Consulting and Arnaud Taddei, Broadcom, both in-person > > Short topic abstract (topics should be IETF- or IRTF-related in some way) > We are working on a document that is intended to inform the community about the impact of the deployment of the proposed Encrypted Client Hello (ECH) standard that encrypts Server Name Indication (SNI) and other data. Data encapsulated by ECH (ie data included in the encrypted ClientHelloInner) is of legitimate interest to on-path security actors including those providing inline malware detection, parental controls, content filtering to prevent access to malware and other risky traffic, mandatory security controls etc. > > The current draft of the document already includes observations on current use cases for SNI data in a variety of contexts. It highlights how the use of that data is important to the operators of both public and private networks and shows how the loss of access to SNI data will cause difficulties in the provision of a range of services to end-users, including the potential weakening of cybersecurity defences. Some mitigations are identified that may be useful for inclusion by those considering the adoption of support for ECH in their software. > > What you're looking for (education, collaborators, implementers, etc.) > We are looking for the involvement of additional collaborators to augment the contributions that we have already and are continuing to gather, especially from the end-user and opsec communities. > > Coordinates to learn more, contact those involved, participate in existing mailing lists and scheduled meetings, and/or relevant formal or side meetings. > Andrew Campling and Arnaud Taddei will be on site in San Francisco all week and can also be reached viaAndrew.Campling@419.Consulting <mailto:Andrew.Campling@419.Consulting> and Arnaud.Taddei@Broadcom.Com <mailto:Arnaud.Taddei@Broadcom.Com> respectively. > > Any relevant drafts or helpful resources you'd like collaborators to look at > Datatracker - https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/ <https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/> > GitHub - https://github.com/echdeploy/draft-ech-deployment-considerations <https://github.com/echdeploy/draft-ech-deployment-considerations> > > > <Encrypted Client Hello Deployment Considerations Hot RFC, 23-07-23.pdf>-- > Hotrfc mailing list > Hotrfc@ietf.org <mailto:Hotrfc@ietf.org> > https://www.ietf.org/mailman/listinfo/hotrfc <https://www.ietf.org/mailman/listinfo/hotrfc>
- [Hotrfc] HotRFC: ECH Deployment Considerations Andrew Campling
- Re: [Hotrfc] HotRFC: ECH Deployment Considerations Liz Flynn
- Re: [Hotrfc] HotRFC: ECH Deployment Considerations Arnaud Taddei