[TLS] Re: ECH Proxy Mode
A A <tom25519@yandex.com> Fri, 13 September 2024 14:05 UTC
Return-Path: <tom25519@yandex.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBE7FC18DBBA for <tls@ietfa.amsl.com>; Fri, 13 Sep 2024 07:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yandex.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pwLB9etljFYm for <tls@ietfa.amsl.com>; Fri, 13 Sep 2024 07:05:35 -0700 (PDT)
Received: from forward501d.mail.yandex.net (forward501d.mail.yandex.net [IPv6:2a02:6b8:c41:1300:1:45:d181:d501]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D804EC15107F for <tls@ietf.org>; Fri, 13 Sep 2024 07:05:34 -0700 (PDT)
Received: from mail-nwsmtp-mxback-production-main-28.myt.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-28.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:4181:0:640:63d:0]) by forward501d.mail.yandex.net (Yandex) with ESMTPS id 751F560DD5; Fri, 13 Sep 2024 17:05:30 +0300 (MSK)
Received: from mail.yandex.com (2a02:6b8:c12:5a2d:0:640:5a9f:0 [2a02:6b8:c12:5a2d:0:640:5a9f:0]) by mail-nwsmtp-mxback-production-main-28.myt.yp-c.yandex.net (mxback/Yandex) with HTTPS id T5mwFr4O9eA0-71lgbsje; Fri, 13 Sep 2024 17:05:30 +0300
X-Yandex-Fwd: 2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1726236330; bh=Y9Z0e9l09RMmeEPYU50wL+8S+LWHEMo8SJl/mIdnNRM=; h=Message-Id:Cc:Subject:In-Reply-To:Date:References:To:From; b=s7EnrkAiVOZ6Hh6ykKGVM3mQmhnqlTKk6JwURRYrvjzZ+0ws13ORNY+sZrlIsGNqC jiY7uIjtz9MnMki1IM0LmCS0yq/OUa2y92/foJPq/n6VGEQbGsR+5qKY/GoS98O+du 2CI+mIbDCjyVFPYMdEGY9W3EzZzJeFh4VdOXVN2w=
Authentication-Results: mail-nwsmtp-mxback-production-main-28.myt.yp-c.yandex.net; dkim=pass header.i=@yandex.com
Received: from ljtiidcn7zuuiaie.iva.yp-c.yandex.net (ljtiidcn7zuuiaie.iva.yp-c.yandex.net [2a02:6b8:c0c:7b87:0:640:9dc3:0]) by mail-nwsmtp-mxback-production-main-15.iva.yp-c.yandex.net (mxback/Yandex) with HTTP id e4m3nk5OAqM0-ift3Sqhp for <tom25519@yandex.com>; Fri, 13 Sep 2024 17:05:15 +0300
Received: by ljtiidcn7zuuiaie.iva.yp-c.yandex.net with HTTP; Fri, 13 Sep 2024 17:05:14 +0300
From: A A <tom25519@yandex.com>
Envelope-From: tom25519@yandex.com
To: 涛叔 <hi@taoshu.in>
In-Reply-To: <CEAB4C16-F88F-4EDB-A6FC-450F578B45FE@taoshu.in>
References: <03D6DC16-2AFE-41E8-8404-F456D67582EB@taoshu.in> <ME0P282MB5587AFB9A303CE7FABEAF008A39C2@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <C3A1FBAA-CEB9-49FD-A50F-831D86FDECC7@taoshu.in> <ME0P282MB55870395CC2C672C7A607C01A3992@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <7E16914E-3F97-4DB3-8AFD-40898A4DABD0@taoshu.in> <ME0P282MB55871BDDF016659F149743E8A39B2@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <CDD4A0D6-188E-4CC6-B976-F5B4C384C56E@taoshu.in> <82811726047107@mail.yandex.com> <CEAB4C16-F88F-4EDB-A6FC-450F578B45FE@taoshu.in>
MIME-Version: 1.0
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Fri, 13 Sep 2024 22:05:29 +0800
Message-Id: <98951726236057@mail.yandex.com>
Content-Transfer-Encoding: base64
Content-Type: text/html; charset="utf-8"
Message-ID-Hash: PJ6H426YT4NOCCCK6YKNYC5Y5DU7667Q
X-Message-ID-Hash: PJ6H426YT4NOCCCK6YKNYC5Y5DU7667Q
X-MailFrom: tom25519@yandex.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS] Re: ECH Proxy Mode
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Aqpx2hZ6aS4cZ0Qjxn4mJ3snLMs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
According to https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.3" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.3A client which receives a legacy_session_id_echo field that does not match whatit sent in the ClientHello MUST abort the handshake with an "illegal_parameter" alert.So we can't use the legacy_session_id_echo of SH.On Sep 11, 2024, at 17:35, A A <tom25519@yandex.com> wrote:I don't think need to use random, we can use Session ID, which is deprecated since TLS 1.3. Random is used to derive master key, AFAIK.
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode Christopher Patton
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode A A
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode A A
- [TLS] Re: ECH Proxy Mode Naomi Kirby
- [TLS] ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode A A