Re: [TLS] ECH & HPKE versions as an example of too much githubbery
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 27 October 2020 22:59 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 848373A03C9 for <tls@ietfa.amsl.com>; Tue, 27 Oct 2020 15:59:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.246
X-Spam-Level:
X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtIBmLG7fskn for <tls@ietfa.amsl.com>; Tue, 27 Oct 2020 15:59:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76FC23A03AA for <tls@ietf.org>; Tue, 27 Oct 2020 15:59:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 54222BE4D; Tue, 27 Oct 2020 22:59:39 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0-J6kFC-fDm; Tue, 27 Oct 2020 22:59:35 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9293EBE4C; Tue, 27 Oct 2020 22:59:35 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1603839575; bh=VGgzCGM1hFR/BjM1F5PWvw3pI8sTjsiGOujA536myms=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=awN5KaxGOXF2bQ8gwF9RGdmba/yV3R3fLpQ7rVttwGh/NZQcb8KaIMX5WKKZRgvXC J6/peslYDRxYGgg1g0gtcZvii70Lfas0wMQwRtJIk2ZIJvz5SYdPVFxtwgYNH/bSU+ lK+VphxbdpjWCjREVr1C73PstKJINIvyMKwCSCpU=
To: Mark Nottingham <mnot@mnot.net>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <06eebcd3-1532-1df4-cd4b-c92110bbf010@cs.tcd.ie> <8F6CBA53-967D-49C5-A3DE-B85C486F8DD5@mnot.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <07735271-7d4e-1f9c-2262-7493fb6122dd@cs.tcd.ie>
Date: Tue, 27 Oct 2020 22:59:34 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <8F6CBA53-967D-49C5-A3DE-B85C486F8DD5@mnot.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="sXFkAEjGspmt0bFLp8dBV4wlxKquLYhdI"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2_g5bYN9c6C9lUFQYCBVF21LNHs>
Subject: Re: [TLS] ECH & HPKE versions as an example of too much githubbery
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 22:59:44 -0000
Hiya, On 27/10/2020 22:28, Mark Nottingham wrote: > Stephen, > > I don't think what you're complaining about can be attributed to > GitHub. Tools are just tools, how they're used is what's relevant > (i.e., this could just as easily happen over e-mail). Sorta. I doubt the volume of traffic would've happened via email for non-contentious, not-trivial-but-not-earthshaking topics. I "watch" the repos for these drafts, and in just the last month, I've seen 401 esni emails, 127 hpke emails and 157 dns-alt-svc emails. That's too many, is encouraged by the tools IMO and has to mean a lot not being discussed on the list that ought be. So I do think the tooling is really part of this. But yes, had someone taken on the mega-task of bringing the useful bits of those 683 mails per month to the list, it may have been that the mismatch would've been avoided. Cheers, S. PS: I neglected to say in my earlier mail that hpke-05 has an interop bug that we discovered when I was verifying the test vectors a few months ago. It's not the right basis to pick if we want esni-08 to be used for interop really. But more to the point, nor is a moving target. > > Cheers, > > >> On 28 Oct 2020, at 7:31 am, Stephen Farrell >> <stephen.farrell@cs.tcd.ie> wrote: >> >> >> Hiya, >> >> The latest ECH draft from Oct 16 says "ECH uses draft-05 of HPKE >> for public key encryption." >> >> The latest HPKE draft (-06) from Oct 23 has a few minor >> incompatible changes (for good but relatively trivial reasons). >> >> So for interop ECH apparently requires use of an outdated I-D, >> despite the one week difference in publishing and a common >> co-author. >> >> It seems a bit mad that all that githubbery results in such a lack >> of co-ordination in two closely related specs. >> >> Anyway, I can manage to handle both HPKE-05 and HPKE-06 but this >> seems like yet another case where there is too much githubbery >> going on with the result that two closely linked drafts with a >> common co-author end up out of whack despite being issued within a >> week of one another. >> >> That and the velocity of discussion and changes on github are a >> major disincentive (for me) for implementing ECH. I simply do not >> have the cycles to keep up with it as it has been happening these >> last months. If that were the goal of the authors and those >> endlessly commenting on github (and I do not believe it is), then >> they would be close to reaching that goal. >> >> Can we not please freeze this stuff for at least long enough to get >> implementations done and somewhat tested? >> >> Frankly, I expect my plea here to be more or less ignored just as >> my previous entreaties were. I decided to send it anyway on the >> basis that the perhaps what seems like an obvious failure of the >> current approach (ECH can't interop unless you use an outdated I-D >> for HPKE) might show that all this apparent high velocity >> discussion on github is not as effetcive as claimed (in at least >> this case). >> >> Thanks, Stephen. >> >> _______________________________________________ TLS mailing list >> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls > > -- Mark Nottingham https://www.mnot.net/ >
- [TLS] ECH & HPKE versions as an example of too mu… Stephen Farrell
- Re: [TLS] ECH & HPKE versions as an example of to… Mark Nottingham
- Re: [TLS] ECH & HPKE versions as an example of to… Stephen Farrell
- Re: [TLS] ECH & HPKE versions as an example of to… Eric Rescorla
- Re: [TLS] ECH & HPKE versions as an example of to… Stephen Farrell
- Re: [TLS] ECH & HPKE versions as an example of to… Eric Rescorla
- Re: [TLS] ECH & HPKE versions as an example of to… Salz, Rich
- Re: [TLS] ECH & HPKE versions as an example of to… Stephen Farrell
- Re: [TLS] ECH & HPKE versions as an example of to… Sean Turner
- Re: [TLS] ECH & HPKE versions as an example of to… Stephen Farrell
- Re: [TLS] ECH & HPKE versions as an example of to… Rob Sayre