Re: [TLS] ECH -09 interop

Christopher Patton <cpatton@cloudflare.com> Wed, 20 January 2021 17:45 UTC

Return-Path: <cpatton@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1AF93A1142 for <tls@ietfa.amsl.com>; Wed, 20 Jan 2021 09:45:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.348
X-Spam-Level:
X-Spam-Status: No, score=-2.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRmayfB5Vt8Y for <tls@ietfa.amsl.com>; Wed, 20 Jan 2021 09:45:03 -0800 (PST)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5E813A1143 for <TLS@ietf.org>; Wed, 20 Jan 2021 09:45:02 -0800 (PST)
Received: by mail-qv1-xf33.google.com with SMTP id cu2so1025914qvb.12 for <TLS@ietf.org>; Wed, 20 Jan 2021 09:45:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5yTkQWBT4qwpbh/MBfq0K7Tqq5gMh14RjzqpMe11kJc=; b=yypGlHotS7uEU9l+DuVNR7U4BLBfPUbreHaSeayt7PcWKGJDia5k9FZL1o5TBWNmsm 1Iq4+wE2StOcjN+xjM8KyE3w9D5RGr4O9H5jvOl5RipVTKZeDQDZtNxb0iF2202uCPLx FwuxEpzU9itpW66JHEfkj/fl/sFDgvKIbt/L8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5yTkQWBT4qwpbh/MBfq0K7Tqq5gMh14RjzqpMe11kJc=; b=eDVkcjS5kGwogSanusiDxwrOst+8CA1CLnu1aIi0TwnCBLuHgHb2GEdPK3xNmNmT9s qu/MJz2cbBuUwQA2Gon346QTwWR0qbjK7QeMyImll65UTn2I81u2wr38huGmSSo+yQMi HY0OdLDk2jnZ8Jx5pycByLxUxLsDTKW4zKSh7y/A/PmeM0ku91VRk2Lzlfs7E2vohLsJ Wv3UHqehYhszhoOmciZyeuz0yNu8eJ2X/+I66G6ZbmqEaX2lnKqbnb66etUi/7HJvdVy I4jyz+a/gnElZx6JpsOkBjT91mES7kijNRByybYtW13QF+WsgQmH06S+MFNjO+kU8Q6c 8qPw==
X-Gm-Message-State: AOAM532z/IvOdUTevkcAJi+J2GUXcjS0bHpLii61K0mYr1021GYhq6s2 ShVvhwScDJW2r0PMx7JEPFoUxkMMsIO3VbwgeVapTw==
X-Google-Smtp-Source: ABdhPJyC5IqyEMdnqMOIpPuZ85xvgf/Ui4uEx69QeA9IIh4PNHp3osLp/OTJoheNcn3UID96d/qv/leuEfnkyfEoTQ0=
X-Received: by 2002:ad4:5b82:: with SMTP id 2mr6850968qvp.53.1611164698077; Wed, 20 Jan 2021 09:44:58 -0800 (PST)
MIME-Version: 1.0
References: <502c04f9-3601-4e35-97c6-67bdcd6fe467@www.fastmail.com> <CAChr6SyD3Dkgv=HN3fOj_H50NmOdY77EcK04tX3AoNkE4bOu=g@mail.gmail.com>
In-Reply-To: <CAChr6SyD3Dkgv=HN3fOj_H50NmOdY77EcK04tX3AoNkE4bOu=g@mail.gmail.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Wed, 20 Jan 2021 09:44:47 -0800
Message-ID: <CAG2Zi23dxvKfJWz1q6LLT64umTo03okMH1d3J3hyx9FzJHHN8Q@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008136c405b9588364"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/A-JXv3q7NhALyZKiVtr90FfRCGQ>
Subject: Re: [TLS] ECH -09 interop
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2021 17:45:05 -0000

Hi Rob, all,

Cloudflare is now running an ECH test server here:
https://crypto.cloudflare.com

We're running draft-ietf-tls-esni-09. The HTTPS resource record containing
the current ECH config is available in DNS.

Please let me know if you observe any bugs or otherwise have issues. Our Go
implementation can be found here:
https://github.com/cloudflare/go/tree/cf/src/crypto/tls

Thanks! And for those in the US, happy inauguration day!
- Chris P.