[TLS] Secdir last call review of draft-ietf-tls-esni-23
Adam Montville via Datatracker <noreply@ietf.org> Wed, 05 March 2025 20:45 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from [10.244.8.170] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id 5310E7E5977; Wed, 5 Mar 2025 12:45:44 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Adam Montville via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.37.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <174120754417.828825.10147920073896587165@dt-datatracker-5dd67b77bb-4k4zh>
Date: Wed, 05 Mar 2025 12:45:44 -0800
Message-ID-Hash: JCVXMRJ2EDC4OY4XHEOZMXWMKLJT6W5X
X-Message-ID-Hash: JCVXMRJ2EDC4OY4XHEOZMXWMKLJT6W5X
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-esni.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Adam Montville <adam@onepenny.group>
Subject: [TLS] Secdir last call review of draft-ietf-tls-esni-23
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/76mM1TNkNTLxO0n63tzOI94pHxY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Reviewer: Adam Montville Review result: Ready Based on my review of this draft I would classify it as "ready" for publication, with some minor caveats that don’t fundamentally undermine its readiness.The draft defines a clear, well-specified mechanism for encrypting the ClientHello. It leverages established cryptographic primitives and preserves existing TLS 1.3 security properties. The threat model is thoroughly addressed with a formal analysis documented in a reference. If it is possible (possibly not in this drat) to offer more detailed operational guidance on key rotation, that would be helpful. There are some points in the document that might allude to implementation-specific configuration choices. Implementations would ideally expose these choices to operators so they can make the best possible choices for their needs.
- [TLS] Secdir last call review of draft-ietf-tls-e… Adam Montville via Datatracker
- [TLS] Re: Secdir last call review of draft-ietf-t… Eric Rescorla