IETF Logo Mail Archive

Re: [OPSEC] Operational Security Considerations and Encrypted Client Hello

Warren Kumari <warren@kumari.net> Tue, 07 March 2023 22:22 UTC

Return-Path: <warren@kumari.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43103C14CF1A for <opsec@ietfa.amsl.com>; Tue, 7 Mar 2023 14:22:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQe64Tgwzs80 for <opsec@ietfa.amsl.com>; Tue, 7 Mar 2023 14:22:09 -0800 (PST)
Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EC09C14E511 for <opsec@ietf.org>; Tue, 7 Mar 2023 14:22:09 -0800 (PST)
Received: by mail-qv1-xf30.google.com with SMTP id ff4so9983844qvb.2 for <opsec@ietf.org>; Tue, 07 Mar 2023 14:22:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1678227728; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tNx66gdASZBIhKoBvozPpDqu5oOuvfMYLzR86ntB73A=; b=Tv9U8M0JYo/QVJ40dRgZb8ZcdWMioS4YU4n99ofzOjyHfIopNNWToB1Nv1Y9jbSU2n 4b6mXfnQCaz1xaKo9G9MCG1zqZj1PTs84Qm5XWJymptiTmFT+RQUFD7KspHX8Dd2EyBu siu5MJjnzht9RL4F2AHBNFPQNXeZYwRLTD1b/qIUaeSgpemQr2oI/rhtjHlXrY3Lok79 SKnHSTB6F5+D1cDcvnM9bmcdQkBoxvtFs+WNMiPLv0fQJGzswUbsLLP0W66WFW7Qytrv Th01+dXAGER5zRC+/SaAhin+tKDxzzFR62BbIh6PbJf0f3YMKK7H3Koc+DuJvsfJR+y1 jOvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678227728; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tNx66gdASZBIhKoBvozPpDqu5oOuvfMYLzR86ntB73A=; b=PZmO8uewbHB/FY/ViMtwNY7+hBpUHmnXyw7hbF47FKs789kz/8sjbA3Q/T/cuYoT/I punqYEFQWWdKarlOInlczqEV/EZtOqwDX2S8VjFPG4pOozWfUT9kSR0Jh7zTWc4azxoa BBdfB6CnwRS/OU4O8Ip/znAY1vwLSRwsC6drDfClkD/j1uvJcg38kYfwuYb+K0oPp2Ve qIyeWosCzo7+zb9kjKDMyyjYPKeDmiVGEEyFARckDQgcWafa9BH0g8+2VFc9cKy7nO02 YzM1AP80HEIqL0gLKDNodSgnZMqohahJvlAdJ26hkXALlYP3v4cof9wy9X9eYwDWgF/Y w1mQ==
X-Gm-Message-State: AO0yUKVa54O842QrDJr0RpUq62cPA+MZ4B2e+Z7DqwJTfZuSxKA7te99 FcVJkj0Hr4kYK/cUyz0WGjY2xo2ope0iZayTgUPg0wVvdKhXhOt0
X-Google-Smtp-Source: AK7set/Szz7dzAV/caCiws7bJYc8bu7qRGQBsaemLw/6gndRU0C2iQk9ix1lnZWlUAds2vlXclzIw0vkZhXwNfybRYU=
X-Received: by 2002:ad4:4d45:0:b0:56f:1ccf:c32f with SMTP id m5-20020ad44d45000000b0056f1ccfc32fmr4623458qvm.10.1678227728004; Tue, 07 Mar 2023 14:22:08 -0800 (PST)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Tue, 7 Mar 2023 14:22:07 -0800
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2023-03-06T23:44:28Z)
X-Superhuman-ID: leytg1ui.0cf92cc7-0959-43c3-a25f-97151f009029
X-Superhuman-Draft-ID: draft00d653f707b5e5bb
In-Reply-To: <CWXP265MB51533022E8400931CDF545C4C2A19@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
References: <CWXP265MB51533022E8400931CDF545C4C2A19@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 07 Mar 2023 14:22:07 -0800
Message-ID: <CAHw9_iL_GEvSLeY1a9z=GcSOhBJFv6zKrQLqYDRzb2Gpc1jBbA@mail.gmail.com>
To: Andrew Campling <andrew.campling@419.consulting>
Cc: opsec@ietf.org
Content-Type: multipart/alternative; boundary="000000000000948bc605f656d773"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/9ywGbYZqeUSNQwjSBm0So1bOZ_U>
Subject: Re: [OPSEC] Operational Security Considerations and Encrypted Client Hello
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2023 22:22:13 -0000

Hello WG!

I'd encourage the WG to review this document - it's relatively short, and
is an easy read.

ECH is likely to be a fairly active topic in the IETF, and has significant
Opsec implications. The document is on the OpSec agenda, and so having read
it before the meeting will be really helpful..

W



On Fri, Feb 17, 2023 at 8:15 AM, Andrew Campling <
andrew.campling@419.consulting> wrote:

> Hi Opsec wg
>
> You may be aware that some of us have been looking at the potential impact
> of the deployment of Encrypted Client Hello (ECH), an extension to
> TLS1.3+.  We are continuing to develop the draft, which is accessible at
> https://datatracker.ietf.org/doc/
> draft-campling-ech-deployment-considerations/.  You will note that many
> of the issues that we have identified relate to various aspects of
> operational security in a variety of contexts.
>
>
>
> We have been encouraged to share the draft with the Opsec working group to
> see if there is interest in the topic within the group, hence this post.  I
> and at least one of my co-authors will be present in Yokohama for the IETF
> 116 meeting and will be happy to present the highlights of the draft if
> time is available on the wg agenda.
>
>
>
>
>
> Andrew
>
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>

v2.23.0 | Report a Bug | By Email