Re: [TLS] ECH-10 interop test server

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 07 April 2021 21:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCB93A2AED for <tls@ietfa.amsl.com>; Wed, 7 Apr 2021 14:48:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tcdud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mEBxXeEn_1qC for <tls@ietfa.amsl.com>; Wed, 7 Apr 2021 14:48:08 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30135.outbound.protection.outlook.com [40.107.3.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17CC23A2AEB for <tls@ietf.org>; Wed, 7 Apr 2021 14:48:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nv0ConqkKHuUPmUSgieJrl5jU7r34nxOwFzFp+Fn/35xo65sk4+W4QGkfeZdM/BcdYOVMCIgW8lwBKzQhI+E8CLR6s4ini5F9so73v1z7Ucu4ZueyiXdh4rYKPzdlKM8TArwo2GxCpka+CNvvWfkStMQI+ow1NuO0pa2v4Mjhsd6r7KJ5I4iXzCKSd6fIgjtV6p4VSjPSPQgKIvMWuXkcPXv9W2rEeAFygXffwVc8jtQ+Kraca7uThlqtPbpb6QfD4+0LDWAw/VtYnV+5pP+dya9bIkM9vEItbvpZhqS33EWrY4ZN//oDnFJN5PttjO0PD0qV61dENjl8SqtWVlbug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3+WWAxqjpBEuiaOlMjeESEdM5c0Wnd5/GqpdtqaYpdU=; b=B1JIKp6xjbBp/ECnS4tKmclVJaZM48YWRRwAryp4ZRBoY7ddPqjWxY/e7t1OwuuWoGdX1GemKkCN10g8cJqhozBqQCuG6Qy99W1o6iNSjPqjcIf3xrIzKgMuq+LiihXqeIaYW+I2+7B6Lcf8l4UTpHdjZNLrnF4jJPFmbonT4B9n8Zq3rDixuISgmKgY3OsTukYgns6PskPxpAEciTqHegTt/44G0Jitv5jO+TzMhzB6Mg2nejsRasPi2ao70LftXQ47clTFlii8AuTvj/Wal4KgZwgSVvFq7eDphmuxS7xbjI63HihypNFinRvObJT1aGY22LMMYWSkeyP/AJwZ1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TCDUD.onmicrosoft.com; s=selector1-TCDUD-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3+WWAxqjpBEuiaOlMjeESEdM5c0Wnd5/GqpdtqaYpdU=; b=MhUwdJWyYW7rFCSnFjrVRvd8zBIZ4IxCkfdqT5eHQRmabcJAqjkMUhQmN3cTLi2EIijOmZxgmrhsNGVI40fzUMqNQKLX3CoaypNN6AAVYUG/XRZ44f1oStLXoHO4CJPIGiY6YXn+VpZM0bP85djKHrcJMKWc1JpWI3zRT1qJfwo=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB4122.eurprd02.prod.outlook.com (2603:10a6:10:42::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Wed, 7 Apr 2021 21:47:58 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::2d8d:9193:d3f3:6cc6]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::2d8d:9193:d3f3:6cc6%5]) with mapi id 15.20.3999.033; Wed, 7 Apr 2021 21:47:58 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, tls@ietf.org
References: <CAG2Zi23mtGwmpNSvUigOdph8y05MvWV_uGm8H0W=vbRFdZ6euw@mail.gmail.com> <0069a206-7ca9-e79c-42ae-f2c7633bcc7d@cs.tcd.ie>
Message-ID: <05aa52f8-056d-9d68-28f0-b38513cf43ac@cs.tcd.ie>
Date: Wed, 7 Apr 2021 22:47:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
In-Reply-To: <0069a206-7ca9-e79c-42ae-f2c7633bcc7d@cs.tcd.ie>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Dxa2aASxkAa8yk5C2fTf7QGl8mBPXIlw3"
X-Originating-IP: [2001:bb6:5e5e:b458:ed7e:851a:f4f5:ddb4]
X-ClientProxiedBy: LNXP123CA0017.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:d2::29) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:ed7e:851a:f4f5:ddb4] (2001:bb6:5e5e:b458:ed7e:851a:f4f5:ddb4) by LNXP123CA0017.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:d2::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.32 via Frontend Transport; Wed, 7 Apr 2021 21:47:57 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7278570f-0ba2-426f-8e29-08d8fa0eceea
X-MS-TrafficTypeDiagnostic: DB7PR02MB4122:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB41225F90A382E5DBEF0F1C62A8759@DB7PR02MB4122.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:469;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: czr6CuQ7tlGMzrwgjmtT0ruoSiYxhkR7wu6xY4kfBYZeSH5XNSAXz+4ql+etVvOSY3N3HuEWNcTEZiC50fySE6kgum+LZUIQj0e0MSLNVfy0T/742AxCP3znBBmICZzFmctUTHrntTQldeZ1GxUISK4Om9CFJM6nhIm9tCqxoYUWOIUjzM1MF2AiLKxIXwlyxPh3Xjty1ZiOZJ4EAsMdt87emQTN1rIrnwfRGISjlLCF6FMIQ67wjy6HN3kSkO78zGtiJfrfiQwMNCfeewvwyP3KASH2iASuXIkg1HopCgsy2Hy6GbLkO0CNLeeIDeQPN/Qahaadc7irZJdXRQfvUnvyVKBwnWv7ZG3urAZvqlXwX9g2owvHPlwgglH+DZ3Cr4xUsHW+KxVRMCpQg5YPVHFMXJMJnLm7b0Nd888BO3nhBcxtKZZCfmiQDkeS4euzSvY2sxFHfOYmtxYouAaDJ5V38AWJq0LB8HMmFUJVLMvws8rvijKWkfvuY/2DYNhV+BwjdLJBw49DdoHP1coS0/4XKfhJh+1s8LPil9FFDzFDNl7xr4/nTSoj6oqyl2T3uHddGAYhpGHKQF9Xy1FaLSaGMf9ZLZ21FZfORme+C74MvPAVz8HFvC1nCSo0t3e4A82ot3VUXefGecnyNmGwrhdLPILveduwGVWBCWycKoXWPFOnUI/jCRUGcVSSYAgiIyUOlxWJRIk2vx6/+o38kuLXT24WenNbvK0P84KK9kq8ke1VWz0dGZZhkx+3sCMWQr2nfSFDbx0v3rxtYBFtCfuFq/d/4a4SJu0Uado3gCo=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(376002)(136003)(346002)(39850400004)(2906002)(8676002)(478600001)(66946007)(2616005)(44832011)(8936002)(966005)(66476007)(31686004)(66556008)(66616009)(38100700001)(53546011)(5660300002)(52116002)(235185007)(33964004)(186003)(21480400003)(6486002)(316002)(83380400001)(86362001)(31696002)(16526019)(786003)(36756003)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?RWtnZmVUVE9WQ1c3NnpzU1FNQlFaakxtc1NrVCtNUnJ6S2VZS01HVElFQ284?= =?utf-8?B?SE5ub2IyTTVJQndzclRNcXUrSVdZa0RXVDdoZlBzSE9OWHV0NzVxUFZHcG5Q?= =?utf-8?B?L3E2K0tiSkcwQXdnKzBNYWNvUERVNndwYU91dDRwYUdScDdncEdvZ3ExcGZt?= =?utf-8?B?UHYzKzcwaEoxRWxXWTVYbXozMHpRZDR0L05xR3BCVDRCdWNVc1lEa3hnWnpz?= =?utf-8?B?UlF1WG5yT3UyeDVXalFWemRaWmgyc0xRN3hYYi85VG5TcktEVktUZ2RKWk5J?= =?utf-8?B?RStSbTVCNGRxY3kzY1FqRWN2NU5HNE5UQjRnQkJ0a25oeEhDczc5WS9lQVpp?= =?utf-8?B?NnVkeVloaEFZS3BRYlNWbnR4WWFSMGhCcGE5MFFQdEN2WlpJcEkrV2J2cVY3?= =?utf-8?B?dDFxZDVDdVVPa2Y0OTgvckNzNWFpVzEzRTF4YUZmNE1xYUVrWmFYcUFlMHZH?= =?utf-8?B?YmUxb3BOSVI4eXNXMmF0TkVFS2pTQ1R4b3ovM0xzaXFudWJiQ2pZTDRmS2l3?= =?utf-8?B?djVpOWlVS3dNays0UmRTVXB2cVBWeGlUNHZtc2xRU1AzdXhaa252ZWUyOU4r?= =?utf-8?B?V2dJTzBLVk1MZEk4MklMd21VaUFYZW55a05RekNTS21EdyszN3JKVEpEcmJz?= =?utf-8?B?STJkQXZrTS8vcDYwUTNXUll0SEp0TDJabDRJWWZBSGdzNDg4QnNsZjZ0SWZr?= =?utf-8?B?NXVreEx5T0g5RU1kdWYvclVDdkdQOEpoOE5KQkRxc1ZiMWpCK2R4bCs0dmpq?= =?utf-8?B?YXFZT3VIT0hrYTl4dzA0U2d6b1BDOXNiQkxGcjBaRHJKOEFkbHIzUlQ4a0hl?= =?utf-8?B?eW5Hb0M4UWlXUWs0Sm11M3hPUmpRYWJhYjdjaVBXYVpYdlBoMUpVU08welkz?= =?utf-8?B?ZEZMbWt2UDNCK0J6aHVEUFpmYmFSMlJWZ1FiQmpVY2xRY0I5Z1dvbVNCWFp1?= =?utf-8?B?czNuUjNTWXpLajBEL0xIZU1xQnZGd0crS1hwdW1TL3htbXEycGJGcHpUNHA1?= =?utf-8?B?RnFDdmo0a3R0MURnYWRVbzJWcnFoZXV2YmJFaXVXdkhTR0s2OGc5My9GQnBj?= =?utf-8?B?ZlFxbHhvekZUczJkT1NLUkxlY2RGcXNwcFBzTDB3a212UnhBNVJTZnl2cUZK?= =?utf-8?B?M0JLTEJITWJiZlR2OXJHTzJ4M2VxOWVZRVg1amVFV0JzVWx3a2JCNzF5eXhJ?= =?utf-8?B?QlVIL004NmNRRFlvaE5TR0R2dFBEbjlBRFRNR2w3U1ZoOG5CSEN5M0dodTFE?= =?utf-8?B?OXIzMysyVEtKaEJ1SGVXbUNsZGlsOExwREhOR0ZtNTVhQkl0WEJXdmQ5clV2?= =?utf-8?B?ZG5rOW9tWUthclRIdHZkdGZvV29GSTRDU1p0bTZLWXhVZ2psWVNQa09HaElz?= =?utf-8?B?bVNWcEFVc00wSTNCMUxaS1ZMQnVwM1V0V1pQbmVHdnpQV0RLWEdTREkyT3Rx?= =?utf-8?B?RldVMFh5dTg0SCthcnp0eTNjaW9tSlg2dlVKQjRQMlNIclVTcDhPVE5VRmcz?= =?utf-8?B?VXI2c0lCNTE4Y2Ztam9INXBsNTkwS0YrSVRmYWt1ZWROeFp3eXRaOXJMcGsv?= =?utf-8?B?bjFPbHV0RFpIQzVlcWkyWGNYTzhGYjR1ZGlURi8wMGZNdG9QQXdpYThva1Q1?= =?utf-8?B?WXRBcElIcTVYR2FsZHRDUWd2SUgwT0p5Z25ZN3k3L0JUbVZFS3czb1BkRDlK?= =?utf-8?B?TnJZdEd5SnpPa2pxQmZoejZkNXpENmhCdFFpUmUzOUVoeGNMaGthNjdZV01O?= =?utf-8?B?N1BiVnpUdDRya0dHdTZ0aFFXcnZYZDA2R05JUVFzYzF6NklVSXpHd0EyZHVy?= =?utf-8?B?UEtLbUgxSS9oenJyQ2UrNDBBT0YvSGRYNXhwR1BYd2RPcXpkZy9aNFkzT2dy?= =?utf-8?Q?x5ajhO7X/9hSg?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 7278570f-0ba2-426f-8e29-08d8fa0eceea
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Apr 2021 21:47:58.4767 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: anUKdXmj6cN7gOIWXIjijSIOmGFoyz8eBONfgW0dnSC2upeaxVKMMiDjPgq66kY7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB4122
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3VMsxOSalZO_m-RXj5t6WliaD-g>
Subject: Re: [TLS] ECH-10 interop test server
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 21:48:13 -0000

Hiya,

On 05/04/2021 18:07, Stephen Farrell wrote:
> 
> Hiya,
> 
> On 05/04/2021 18:01, Christopher Patton wrote:
>> Hi list, just FYI that Cloudflare's test server is upgrading to
>> draft-ietf-tls-esni-10 this morning. It should finish rolling out in a 
>> few
>> hours. Note that we've dropped support for draft-ietf-tls-esni-09.
>>
>> The endpoint is https://crypto.cloudflare.com. You'll also find our ECH
>> config in the HTTPS resource record.
> 
> Good stuff. I have a client that thinks it's ready to go but
> we'll see:-)

Well, surprisingly for me, that appears to have "just worked"
with no change to my draft-10 clients (neither s_client nor
curl).

(In case it helps someone else...) Is there any way that the
HTTP response content could differ if ECH succeeded or not?
I'm seeing the same 302 response in either case I think but
maybe there's some specific pathname or something that'd
result in different HTTP responses?

Thanks,
S.


> 
> I also have an openssl s_server running on port 8410 at
> draft-10.esni.defo.ie with an ECHConfig published in the DNS
> for that. It's probably v. fragile, so likely best to contact
> me if playing with it. That works with my draft-10 openssl
> s_client and with a build of curl using my fork of the
> openssl library.
> 
> Cheers,
> S.
> 
>>
>> Best,
>> Chris P.
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>