IETF Logo Mail Archive

[TLS] Status of draft-ietf-tls-esni

Eric Rescorla <ekr@rtfm.com> Sat, 17 February 2024 18:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A65FAC151076 for <tls@ietfa.amsl.com>; Sat, 17 Feb 2024 10:56:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2ix8ALNUALt for <tls@ietfa.amsl.com>; Sat, 17 Feb 2024 10:56:43 -0800 (PST)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2FABC151075 for <tls@ietf.org>; Sat, 17 Feb 2024 10:56:43 -0800 (PST)
Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-dc6d8bd618eso2851826276.3 for <tls@ietf.org>; Sat, 17 Feb 2024 10:56:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1708196203; x=1708801003; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=4ufq815co3gqiOxUIwkUnHyBwXgI1c3MCN4xMSKzW0E=; b=pN4O4sy0t70/lGzrcgVaCjJRCLhraIWok8v3sdQp5sIKZKuiwa9BMAztZiDGwljP8g Hz/+i/F/mdgs1id6mrsJQpl+/cf6bpLMTAsBkWQJiHjhJxqa4UaJTFasJTt4icUeS3Dr 9ORfgJUOpUCDxl2wS1gOVtRZb5otD5t4W85Iipvjqoa9fkpVOJgsai0yEqloPUNJm08Q 2a/giweGYjrm+eKVasYHaeWhdeuOMBHZsvW/146jiut/SF8oTVVKrJppikLPqMBe6Pws BeKXBHhDNF1+7qyzfujjIh2bTmTfTpyl69JtOPIh3GLu3P7R7k9HDzYAySS3ho3xOlc8 mKLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708196203; x=1708801003; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=4ufq815co3gqiOxUIwkUnHyBwXgI1c3MCN4xMSKzW0E=; b=BZEg2BIbDrJetA49EGHqtK4xRoinUN4c9+7QPdVu030cCdYOXryrDm86giVI++5wyW mzJalWw2LsGYuoBdf3p17Ayx7CxVBUt9eca/IHT4YXJBGPeOZh7zvMA/QNR0f7n6uinQ KLl9uB6e0joPKROC+EyGOpZgzPgPVWqiizD2g1fWgv8F8MpBYhtsZq8ogJYjbuloQVNz jEsJ8gIVw/KLcZxmZfoMcL3IjmUka4JtxR2bR1xxu57/ZByLJ46Vn6E3icT1aKRFzlSJ nt9Q4KaQ5EFK8q3/FGlY1WzeNqOmuJlmywz82oGTZ0/YaBtIAl+tzNSnngydD2OxIgx0 3Zjg==
X-Gm-Message-State: AOJu0YzETWRuUfkq6O+WdSjHPz2/hZKj/G0aIVh7WWO9HlcRmsPpKGrs p7wVkQYVQhBKAtxX/S5kycze8ZXQVYaxCHcEXk+R3fjyQG1vtlGLJRCO99KqOF151mbu5JuAXZA 6qOyJiCEzYwCB5gb/iBY5HFMmohFyAeEXcET+0xOhPSOdUeci4Dg=
X-Google-Smtp-Source: AGHT+IH69r7lcjziMDe44wS8Xjo9ABoqj72E4f3C09gWoRDuDc0Goh33BjM/7kny+KzhgEH3vuuJVVHCdpEq8X7r2mU=
X-Received: by 2002:a25:f402:0:b0:dc7:48d7:9ed8 with SMTP id q2-20020a25f402000000b00dc748d79ed8mr8035101ybd.20.1708196202660; Sat, 17 Feb 2024 10:56:42 -0800 (PST)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 17 Feb 2024 10:56:06 -0800
Message-ID: <CABcZeBPdf7khfCu=hB79HXiVAkLvK3TkYB-QzucDibeY7psvrw@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dde07b0611986b08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8dyCtsJEozhKLLZ8L128G0XBhWs>
Subject: [TLS] Status of draft-ietf-tls-esni
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Feb 2024 18:56:47 -0000

Hi folks,

I wanted to provide an update on draft-ietf-tls-esni. I went through
all existing PRs and issues as well as some of the recent list
discussion. This message provides a summary of the status:

PRs
* 594: A first proposal to fix the no-sni section [Arnaud Taddei]
  I think this is fine and will merge on 2/24 unless people object.

* 602: More explanatory text [EKR]
  This is a pretty substantial rewrite of the overview section
  to address some of the clarity issues raised by Arnaud Taddei.
  This is editorial, but needs review.

* 603: Clarify that you can fall back by providing no ECH in EE [EKR]
  This addresses a point made by Elardus Erasmus about what indicated
  you're disabling ECH. Hopefully this is uncontroversial.

Arnaud also provided two editorial PRs with clarifications
(587 and 588). I believe that these are addressed by 602.



ISSUES
* 866: Server retry flow, section 7.1 [Robert Sayre]
  I'm not seeing support for a change here, so I propose to
  close unless someone provides a PR that receives some
  support.

* 591: Can we clarify the Misconfiguration section? [Arnaud Taddei]
  This is addressed in PR #602, so I propose to close it once that
  lands.


Finally, Erlardus Erasmus raised some issues around limiting
retries (
https://mailarchive.ietf.org/arch/msg/tls/bvvWbtxJAiMfilfy32EvdaCszQ4/).
I have filed an issue with some thoughts at:

  https://github.com/tlswg/draft-ietf-tls-esni/issues/604

I think this needs some discussion before we have a PR.


Assuming that there are no strong objections to the resolutions
of the PRs and issues above and we can get consensus on Issue 604,
I should be able to spin a WGLC-ready version of ECH before the
draft deadline.

-Ekr

v2.23.0 | Report a Bug | By Email