Re: [Hotrfc] HotRFC: ECH Deployment Considerations
Arnaud Taddei <arnaud.taddei@broadcom.com> Sun, 23 July 2023 18:02 UTC
Return-Path: <arnaud.taddei@broadcom.com>
X-Original-To: hotrfc@ietfa.amsl.com
Delivered-To: hotrfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C743C14CE54 for <hotrfc@ietfa.amsl.com>; Sun, 23 Jul 2023 11:02:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.994
X-Spam-Level:
X-Spam-Status: No, score=-6.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGFm8DWl8syV for <hotrfc@ietfa.amsl.com>; Sun, 23 Jul 2023 11:02:21 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83BE0C151070 for <HotRFC@ietf.org>; Sun, 23 Jul 2023 11:02:21 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-4fa48b5dc2eso5262014e87.1 for <HotRFC@ietf.org>; Sun, 23 Jul 2023 11:02:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1690135339; x=1690740139; h=mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=xELcUAR1a5DXkPQpuiyHU5+Fk+qyI0Vbes6gsiXjCQM=; b=XW8huyVHREB23P656j/pGFTcDYzEvoHOUf3LXuoInKefAN10cdII/heTXYQswVPDNn qWy/0QfMRtP69n6iivh6/MVa0dVQnDh+MVCKknXOldPks2SbNJaQGcA+g2FqEpY5wqO4 OfJOR55gucaGGCcfyMJrK1uYTHEtOiW/ZxOkE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690135339; x=1690740139; h=mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=xELcUAR1a5DXkPQpuiyHU5+Fk+qyI0Vbes6gsiXjCQM=; b=HtkqeYscoaEeWVjtO3GJGOLFWxyTCdtr1pg0gbndHibFEyHOAjDdrk0MTqqUxZ2AWT fQHyyy4MPA2IYIVEbDNPSjk0uSFpESDF37BjRccwKQOylDW0H3fJ0WBAPqaQcByw6exi ZDC2BrlGEIWq342BS57WxC6DQPjmwiR8KR7Aw3lxVCbS7Gtg+GFkS8hCPqH2fOo0fmoD O/zH3VQ8pQg0bZ9XeqhJVdS2sceyZ7ch2mi3TKJEtrMT76tGQ/5ao+YJZ3pw+y5ifvB/ mxQrS3cbSAMY54BAyQPA3Wzr/+XWWs9EpGLLT1X2tXKcRDDGcB0bhTdQTZCH/tyGtU8L /gEA==
X-Gm-Message-State: ABy/qLaRwHSXXWsepxA0kbtmIp9dEf7A8WqMdrt2NJxV9qjd3gM7mvSp mvjpP03m6x8J99PFkJQrrWAooDW3CQs8f4iTMaM73aybDdkPZrVcieeppfsixmqkw32/l6loTzk tVZaD5Q9YddancA==
X-Google-Smtp-Source: APBJJlHvQZYAqGFx4VlppaVN/+udhcu4qoDvIinqxA4ImfyQQQLU3Qbk5QiaBUDCkSk/ErRlSUgADw==
X-Received: by 2002:a05:6512:6cf:b0:4fd:c882:bb42 with SMTP id u15-20020a05651206cf00b004fdc882bb42mr4046905lff.15.1690135339241; Sun, 23 Jul 2023 11:02:19 -0700 (PDT)
Received: from LO2P123MB3839.GBRP123.PROD.OUTLOOK.COM ([2603:1026:c06:71::5]) by smtp.gmail.com with ESMTPSA id c7-20020a05600c0ac700b003fbbe41fd78sm8272038wmr.10.2023.07.23.11.02.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Jul 2023 11:02:18 -0700 (PDT)
From: Arnaud Taddei <arnaud.taddei@broadcom.com>
To: Liz Flynn <lflynn@amsl.com>, Andrew Campling <andrew.campling@419.consulting>
CC: "hotrfc@ietf.org" <HotRFC@ietf.org>
Thread-Topic: [Hotrfc] HotRFC: ECH Deployment Considerations
Thread-Index: Adm83k4GFB99tmr+S7KKlXp5BdcuSQAsCGYAAABNVgA=
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Sun, 23 Jul 2023 18:02:17 +0000
Message-ID: <LO2P123MB3839B0616A83C602812E927CF73DA@LO2P123MB3839.GBRP123.PROD.OUTLOOK.COM>
References: <CWXP265MB51533BFA152CA5B9AB23F072C23CA@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <5B04C6D7-4F82-44B2-BBD9-014E89B65982@amsl.com>
In-Reply-To: <5B04C6D7-4F82-44B2-BBD9-014E89B65982@amsl.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000008bcd8e06012b4c0d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hotrfc/xFECBcyKeI55Oy0VIbMpaQpioJ0>
Subject: Re: [Hotrfc] HotRFC: ECH Deployment Considerations
X-BeenThere: hotrfc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: HotRFC Lightning Talk submission list <hotrfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hotrfc>, <mailto:hotrfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hotrfc/>
List-Post: <mailto:hotrfc@ietf.org>
List-Help: <mailto:hotrfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hotrfc>, <mailto:hotrfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2023 18:02:25 -0000
Thank you both Andrew and Liz, I will certainly be very happy to present. From: Liz Flynn <lflynn@amsl.com> Date: Sunday, 23 July 2023 at 10:52 To: Andrew Campling <andrew.campling@419.consulting> Cc: hotrfc@ietf.org <HotRFC@ietf.org>, Arnaud Taddei <arnaud.taddei@broadcom.com> Subject: Re: [Hotrfc] HotRFC: ECH Deployment Considerations Hi Andrew, Thank you! I’m updating your abstract now and uploading the slides. See you tonight! Liz Flynn Project Manager / IETF lflynn@amsl.com<mailto:lflynn@amsl.com> On Jul 22, 2023, at 1:59 PM, Andrew Campling <andrew.campling@419.consulting<mailto:andrew.campling@419.consulting>> wrote: Hi I’ve attched slides for our slot at the HotRFC session tomorrow and have also tidied up the abstract a little as I did th eoriginal on an overnight flight to hit the deadline whilst trying not to annoy my neighbours. Andrew Talk title: ECH Deployment Considerations Presenter, Affiliation, and whether you'll be presenting in person or remotely Andrew Campling, 419 Consulting and Arnaud Taddei, Broadcom, both in-person Short topic abstract (topics should be IETF- or IRTF-related in some way) We are working on a document that is intended to inform the community about the impact of the deployment of the proposed Encrypted Client Hello (ECH) standard that encrypts Server Name Indication (SNI) and other data. Data encapsulated by ECH (ie data included in the encrypted ClientHelloInner) is of legitimate interest to on-path security actors including those providing inline malware detection, parental controls, content filtering to prevent access to malware and other risky traffic, mandatory security controls etc. The current draft of the document already includes observations on current use cases for SNI data in a variety of contexts. It highlights how the use of that data is important to the operators of both public and private networks and shows how the loss of access to SNI data will cause difficulties in the provision of a range of services to end-users, including the potential weakening of cybersecurity defences. Some mitigations are identified that may be useful for inclusion by those considering the adoption of support for ECH in their software. What you're looking for (education, collaborators, implementers, etc.) We are looking for the involvement of additional collaborators to augment the contributions that we have already and are continuing to gather, especially from the end-user and opsec communities. Coordinates to learn more, contact those involved, participate in existing mailing lists and scheduled meetings, and/or relevant formal or side meetings. Andrew Campling and Arnaud Taddei will be on site in San Francisco all week and can also be reached viaAndrew.Campling@419.Consulting<mailto:Andrew.Campling@419.Consulting> and Arnaud.Taddei@Broadcom.Com<mailto:Arnaud.Taddei@Broadcom.Com> respectively. Any relevant drafts or helpful resources you'd like collaborators to look at Datatracker - https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/<https://www.google.com/url?q=https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/&source=gmail-imap&ust=1690739549000000&usg=AOvVaw2lfhKH1wbKfpIrTsrrJsMk> GitHub - https://github.com/echdeploy/draft-ech-deployment-considerations<https://www.google.com/url?q=https://github.com/echdeploy/draft-ech-deployment-considerations&source=gmail-imap&ust=1690739549000000&usg=AOvVaw2LDnAe4sEYyHNxcqBZx9s5> <Encrypted Client Hello Deployment Considerations Hot RFC, 23-07-23.pdf>-- Hotrfc mailing list Hotrfc@ietf.org<mailto:Hotrfc@ietf.org> https://www.ietf.org/mailman/listinfo/hotrfc<https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/hotrfc&source=gmail-imap&ust=1690739549000000&usg=AOvVaw0cwu7Ujji-d7mVd16Q10Lx> -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
- [Hotrfc] HotRFC: ECH Deployment Considerations Andrew Campling
- Re: [Hotrfc] HotRFC: ECH Deployment Considerations Liz Flynn
- Re: [Hotrfc] HotRFC: ECH Deployment Considerations Arnaud Taddei