IETF Logo Mail Archive

Re: [OPSEC] Operational Security Considerations and Encrypted Client Hello

Jen Linkova <furry13@gmail.com> Wed, 15 March 2023 19:45 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6B57C1522D9 for <opsec@ietfa.amsl.com>; Wed, 15 Mar 2023 12:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.844
X-Spam-Level:
X-Spam-Status: No, score=-6.844 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7jTZBsgx0Dy for <opsec@ietfa.amsl.com>; Wed, 15 Mar 2023 12:45:33 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB488C1522DA for <opsec@ietf.org>; Wed, 15 Mar 2023 12:45:32 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id x36so798529ljq.7 for <opsec@ietf.org>; Wed, 15 Mar 2023 12:45:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678909531; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4Eyv+n7QBVqoWk85ETACfOxh9NltpIysyZz7OqvY8MI=; b=nqcwsNfiCo5Y+4D443qIPh08vRvQergcIzQoKhPVuq6LHMTG43t7RKD07Eu4iaalw2 5Nltilb/9LLjklhyTnBF6gRFFj2vtbDXjkYeC7J3tgy3KS6BQPFEjrBgNd+oskMjNKla k1d/B8YDCxKfeYT6wTOIGrk0v+4etxcV9iWySnArOX1H36eMCs/uZHq888FbdqCOs8Ma IsSLsmlOv+gd2f62CgcTU2/otnabVJ0ZuaTe7gIFBQF2W1DktMo6ANreBznwfm6vz83R MkfKBi4P/ap7MoZCnvs2NqShDgbJrBDVTu+9DTKoeM+cRniYjqgLGbUZL89Hf5Mc9D/6 lnqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678909531; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4Eyv+n7QBVqoWk85ETACfOxh9NltpIysyZz7OqvY8MI=; b=a7HbIDBp0FBfNPWyTuwVVygsMaUQMG5UEtYUWX+w1vSruG5jncmljd8/hsZgz6h77l S3uhCrJhY60YROvHyesxljhzl4DrWNnWSyyswdqKacWQo2+fbt2imGy5rbsStFRGG48U HMPgtFp72vNZQxn2W7YtGJy9RgPQJY6syb+xvQD7aS9QCpHJC8YMtPoecXYcztMuGZxg u2LN9jU+K5roRLXVYQCYucOXW5pxEC22Kgs8Op5hy4czR24K6KQEwIwP7M6XzxP0D2JX 3L5PkAmGTKOJChfSglEsdcZufcUIGkcmOaonf/fwKHHtkBGwbgpRwAkCYCHE5Sxr/mhb wHpQ==
X-Gm-Message-State: AO0yUKVndwzlkWvTHyyp3LB6X687z5JRaW1sD5Dq9X/T3OvyR7m2dYCB JIKRlyPa19f8w453kd4OUBa3/hp5/lpjZTaRGmA=
X-Google-Smtp-Source: AK7set+a5+HfZK8e1tkGn8zfO790rJoAXezzq4+6RRiP5PEQBRJAMCHQLsepuXyzn4/cE/1GHDXG7FowIOerNQGHL24=
X-Received: by 2002:a2e:bea8:0:b0:298:b378:961f with SMTP id a40-20020a2ebea8000000b00298b378961fmr766916ljr.0.1678909530937; Wed, 15 Mar 2023 12:45:30 -0700 (PDT)
MIME-Version: 1.0
References: <CWXP265MB51533022E8400931CDF545C4C2A19@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <CAHw9_iL_GEvSLeY1a9z=GcSOhBJFv6zKrQLqYDRzb2Gpc1jBbA@mail.gmail.com> <B1901045-FDEA-4912-8D02-CC26F30E6CD8@gmail.com>
In-Reply-To: <B1901045-FDEA-4912-8D02-CC26F30E6CD8@gmail.com>
From: Jen Linkova <furry13@gmail.com>
Date: Thu, 16 Mar 2023 06:45:18 +1100
Message-ID: <CAFU7BASBv8A=OPcGb5wp3Cn1j80T8Q4r5dUrODXrVpB_wBFOuw@mail.gmail.com>
To: Arnaud Taddei <arnaud.taddei.sdo@gmail.com>
Cc: Warren Kumari <warren@kumari.net>, opsec@ietf.org
Content-Type: multipart/related; boundary="00000000000033e55405f6f59690"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/DFEbmLkLUNB6zBGyKGpZJguB_5M>
Subject: Re: [OPSEC] Operational Security Considerations and Encrypted Client Hello
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2023 19:45:33 -0000

Hi Arnaud,
To be honest we don't have one (yet), need to add it to my todo list..

On Wed, Mar 15, 2023 at 2:59 AM Arnaud Taddei <arnaud.taddei.sdo@gmail.com>
wrote:

> Thank you Warren, we appreciate be given a chance to present.
>
> Please note we issued revision -04 and plan a revision -05 by Monday 27th
> of March.
> Encrypted Client Hello Deployment Considerations
> <https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/>
> datatracker.ietf.org
> <https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/>
> [image: ietf-logo-nor-180.png]
> <https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/>
> <https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/>
>
> One question as we are working on the best way to make our Github public.
>
> I observed that there is a ’tslwg’ Github entity which is hosting for
> example the ECH repo.
>
> Is there an equivalent ‘opsecwg’ entity we should be using to host our
> repo and have all the magic links done (notifications, etc.) through this
> working group mailing list?
>
> Sorry if this is a naive question. Trying to do the right things the right
> way.
>
> Best
>
> Le 7 mars 2023 à 23:22, Warren Kumari <warren@kumari.net> a écrit :
>
> Hello WG!
>
> I'd encourage the WG to review this document - it's relatively short, and
> is an easy read.
>
> ECH is likely to be a fairly active topic in the IETF, and has significant
> Opsec implications. The document is on the OpSec agenda, and so having read
> it before the meeting will be really helpful..
>
> W
>
>
>
> On Fri, Feb 17, 2023 at 8:15 AM, Andrew Campling <
> andrew.campling@419.consulting> wrote:
>
>> Hi Opsec wg
>>
>> You may be aware that some of us have been looking at the potential
>> impact of the deployment of Encrypted Client Hello (ECH), an extension to
>> TLS1.3+.  We are continuing to develop the draft, which is accessible at
>> https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/.
>> You will note that many of the issues that we have identified relate to
>> various aspects of operational security in a variety of contexts.
>>
>>
>>
>> We have been encouraged to share the draft with the Opsec working group
>> to see if there is interest in the topic within the group, hence this
>> post.  I and at least one of my co-authors will be present in Yokohama for
>> the IETF 116 meeting and will be happy to present the highlights of the
>> draft if time is available on the wg agenda.
>>
>>
>>
>>
>>
>> Andrew
>>
>>
>>
>> _______________________________________________
>> OPSEC mailing list
>> OPSEC@ietf.org
>> https://www.ietf.org/mailman/listinfo/opsec
>>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec
>


-- 
SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email