IETF Logo Mail Archive

[TLS] Re: I-D Action: draft-ietf-tls-wkech-09.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 02 September 2025 19:30 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 34D275C414EB for <tls@mail2.ietf.org>; Tue, 2 Sep 2025 12:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ls1thg7-E-R0 for <tls@mail2.ietf.org>; Tue, 2 Sep 2025 12:30:46 -0700 (PDT)
Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazon11022112.outbound.protection.outlook.com [52.101.66.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C8F075C414C3 for <tls@ietf.org>; Tue, 2 Sep 2025 12:30:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ulfGvuwwPfFRLooQDaBzU8n9v/SeZHZLvigHzMPfu4op633o5NnVWMhXRYT2l2a3dxsuSEdNCzsk2vnwfphqBA2ouMTQIdhJEnIYMdm+aYoK9DNX1Z7Ed6ZNWiVQiDVewaZQRUqcHsKJTA+pAfbRhvxgehrotD6PsQlpfX8YKu5ly4KOuw0hBOylFXF1yNvM6yDqEVGF4os3d7eriaxQe4KBAEaMOoe2xCFWRTcySotCgiZazFPSJhuM7FboDkkYZ+DjwYYUCZo+Ps5k9EJ044XuL533X/AupWK6hlCWCtpmOeAeUivF33N6nY3FdYKQVf7hkwCGY9NO8UBg2+BCBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XJgIwBk+8W6NBezS/GIfIHywNNSxQ9oRd4ebzHcNo4M=; b=evKD+0YC00usv5ghI4vMMDhqUBr09IABpMf4K5kaxjV9GB01D6SNH+IaAN2HOzUY2igN46yuDz4lK8mHQFE2M4d3CFmExS8LpRY1lo7XqC+lkiGhabNI1ClSCYxiCKTS2iuLF9HARVREgd5a3jyIgTyOClRUI44O0GnvRbry7zJlxMx/xPQZfyvLWDtg1k6UnceysFrEuR/FCNyfuYzcxRCgOYN7iwAOUcTDzqvgrjVHSrPgDkZ1zIx0Rwl5MhXY0JP1oVw2sXf8RoKRo+6m/Bt+7i9rTlus0MqIh8aaQ83dp4av2mW9sPdHDJjs3ILNxsX6qEMz+pvVRkfxFuHLOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XJgIwBk+8W6NBezS/GIfIHywNNSxQ9oRd4ebzHcNo4M=; b=JEpltMl3OVvoqCJ6xdSD5SXII0SVVSSnDsQjUTZHBHg88Zir29UEBwmbXEMvlGIWO8IQ5tld7vp2HjwDKFnQXjMgXkD35yZ/5i9v1XOh5e6LqGpKfKLBXQv955X5ot6zZCJ/c+iojQqV30bdeiWTR6YG5JFmTO1eFPESPEPJMjhM1aP0GNTfJTJk5b71u1o1uSGlfPWgE/E2WDl5zeOCq1q/DVhUwlA9jNgEM9+AQzvspvhr+UZajuVOAYriwT3QGbbVip9kc371J0GqP2+KPjOxFJjov44qmZyAXkkOa4B8xS1ojKTnkVgb3/uYVSdVPwJILBmre70FQqPxC9vX/g==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19) by PA6PR02MB10589.eurprd02.prod.outlook.com (2603:10a6:102:3d4::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 19:30:44 +0000
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::d308:cb8d:9d3d:31b1]) by PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::d308:cb8d:9d3d:31b1%5]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 19:30:44 +0000
Message-ID: <b1a36e45-8fa9-49b7-a4b6-1c2136bb6fa0@cs.tcd.ie>
Date: Tue, 02 Sep 2025 20:30:42 +0100
User-Agent: Mozilla Thunderbird
To: Ted Hardie <ted.ietf@gmail.com>
References: <175681980809.1724257.5414760990331082108@dt-datatracker-67876766b7-bkzgr> <123de075-e895-4b03-ab7a-75290ae03c8c@cs.tcd.ie> <CA+9kkMBmELQP=crpEsiJkU8qYvYmvxk8V6dXqfP0VhcW3JPHJg@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CA+9kkMBmELQP=crpEsiJkU8qYvYmvxk8V6dXqfP0VhcW3JPHJg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------siIbUob0IV8hUB0fJjuYxSY3"
X-ClientProxiedBy: DUZPR01CA0085.eurprd01.prod.exchangelabs.com (2603:10a6:10:46a::17) To PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PA3PR02MB11163:EE_|PA6PR02MB10589:EE_
X-MS-Office365-Filtering-Correlation-Id: 830cf39c-1a7f-408a-4bf9-08ddea5735a7
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|19092799006|1800799024|10070799003|376014|4022899009|366016;
X-Microsoft-Antispam-Message-Info: c2ouVr7AXnnef8nJaenMbtL6yhpGa9F6F02oDOhiNrgTP9BG2bUkfYbw6Bg3Lbxyta7ODRDiKVGPzzLw3D9EwHlqJZddJugwYwHTwrc775iW3iSPvXEPNTMHjvX65VDUHpKqiGNNu27o8cy6L37H8zRyEBXFv9OyWQlXMB0rQSU4xp4oG5//AksI+S4WAdmEV0SlTeyb0kzGcuYd4sCPyrN870YboVuFRK4F3CWAXsopE2z/Sp4GPPIwzd6qwMrs2c5fh4lVNMQ4ctZFQKXDYzWslVW3bu5Nud1rDobCKaWRisNXi3EMwGsU/+qVqInLKnfl/jfepUbH7hy7SlktUbBokVZzc7yOWv00H++Os7v3UW7dVDcSiJ6mJSMxu61vd9jkEz4+xND+0zIB2IaguXEzcgbrPWK3i+gBdtSRMDgSXejvQbcGbBQ+3/skOCXyhpyBguEthueNg/JECVD8TYnOMu0zJlQstmtlmAf+vSjLwkr6+ERPJzNTpQ3s/4F7hO3nm2cOV11desaLFA+pg1Fupk4rJU2NQvL7igbqw38mxaOwjnIcgsNgUvHoqOkvjgA4EMpvFJOnEXQGY0anbrWRPZ3bdgCQasNpycXwp3Afkxbn8MMGdk9+5m9ZhmZGMA4lriQx+oWCSc75Ql8L26OPyV8p486EBmoSsn1rajjU9DsvYO2IuTMXbSHZIDRqPzClHj+oAAmTDQEct+WIV7tq2nWYfdFz3TZDbggaeRBZ8Om2ac9q7y6suOLDZv4iDw4lcQ7q9FE2ZvNlg9b4OaTFOyHe9P8gNyrKj7ukq6JSnQXr6ayB+oWCRImB95jBGcGp0LPgtDnq8ztt1DpMV/RmfjE1EUZv+P6wRUVeE5x6J/sebaqmeL6+5Z0lXbJPbpJcGFGi83mtyF83an5arAZjNuiaShdHbgfK41uAPkbJBPQfSdyN1Svi44E7QM4UZJbdhdLyHMF9cB60Yobb/nqylZrrLsIvUc1Kqqyx4esyxTKu2JFhYRUFJoOqH2XVuFVgv2RvjkcZCP23eIt/J4E7LD1lCJbDPMWgyz8BqfngmTFWhffldnr0Q+GcJ2w2bCyzH7gme0AjGCDZTbjDABHRaI3sDQ/XkpQWy3ZCZ3iKV3xZ95yE2kounA1wx/m/c8mJDNh2T5/OpK0iwKCzXkfxFpk5CX0iBylDL6Ki9Q37NGxrhPM85vHCdmoSW+po8+G9i3MraDjoJcKpQhxZuZ7TcbbanyQmrNZTs+loPVEPjejfJPV7FuJxsqqvxFmI6oXR34jq2BlbA4Em7un+BF+s3cM3D2wRAEVSkFcsPpGQomhKdon4i9HGgBSNciEOnop6ujpricGSs2vTu3u1AdLUvIeEbg3+Vmyo0Z5RdnA=
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA3PR02MB11163.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(19092799006)(1800799024)(10070799003)(376014)(4022899009)(366016);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 9tVeXWRNFYaRBD9q/SuXaFVX+zW/g3HeQeZX+ewhSuBQLU5OTL10sz78SEDsfhObhIx+h2ZQLnZ9ct5u5MM8e5Bd408Xf1VS8oPCG/xgxW+y/4a22QDmCvGL6wEUAwfZfHd4TDTpouL2aL76fq8/F8abUonG7fVT1N+id7EPA2FOMtvQ9hswpjRSkRrvPSpJRBpHWUyQIWNVdL/LbFXEoMtQwUb60f1+Yk9Pwo5gMjXGz3E56bZ1ntE7FvmO+8S+ww18wh5jtngm2s1YE5I436KMkIHGxUDTVddbc6aPka3oxYCZEmyXob5F/Sx+9mdb/M4lW/ospY1Lg7qOTEE7G3WGdr/KF27OnhmfMKGJJVCfrLsmXCCDE7/DWJWFiE6QCCCuhLGKBd6zwp4ZTx3iHjHJoP5bw60K71rbsHPLAx65uEcQBc+yR21IC9U2UPrEWOT+9FlENnRaDJL56oUpWCbtIXF1/ez2i7ZrgLFWsArQPPMFcJrVcUqQt9Y+DiA2PEoQDTELVHNHUEOVWm2eXqK0xO7R5Lckc8qMb4B5WiRXtd+uLvnbOGxPD7MoepevKdOV5CfM1nND9DA1vtWxDW2xxSHKc1rtp1M+iCdGso0h7CJchBRFOWy2iVVtG/u2uQlWGTjMWhaOs+IHDvHKp3TAdu9L3xisES+SjfFvlLJjhSyTMuopg4Ey9/xfVO9Ilm70dHRsevb8gkC857iaCIlNLTrAzusGL4Bs6pQFJNDz/VbEcD8jTGhzeMLJEGd2mOjCPf5mqRwTFZ7UPb636HKLFirs4mfwquAEq5DnttUpN206bGkmMjfcq11iWNKU7h10h13v7inWQv/HMABVax6k4O8OZCWuu+MKIZ9JYuGlW6bK/7xKFrk4Nj+o5EvpSA1Hre35XigTIM4vZBgJ1rYBlcD+jlq0HrDifaS+/sRgnqYCHbFRgttC4RFW56WIkQY88yEojRJlLEVSwb/64Nqf6XwcsS/tdWtCxH3KHdKGzxU9B/0PIg15r986Z8kzzioZ0QZ0xdcvbgTuo9/o4vGtHVoNER3qB6XhdXheeInzeInI11LCFT7xKucOFGYB74Nmc+DXuWXbUCk0nOa6CE+RQA0GF49H4FJWUMyxRQZ7u8XAMgdLegt7L9Oaa4vMq8sczX043QFOi5wV0irDgsTqg1R+HNE+LuVapdzQ2vW1DL5kA9YYEQZHX7YvOadnp4O9h1FkFmm0LcGjFesnMlY5FiQrKyPY8TfWVzo3TeW6MIz5Ak0OvRFAg6MAHkCzFUrXy38ZtgqRX1xEXBAzJeJzcmyG1IFnEIYBnCczacmi9s9IMcrcIJDqxyesVzG2xaqGyKmC+q8ucCGQYyegxFAXEFjwdenUYjB/RIDG4K9MB+VHarztcZKYKYmzOisjF91+/MVDr3oj6ewlWYnMxcvIHrqSlCILnJUO33XFumTj4sHVoh8DgF35VyiYm2gXpY4yQ8F3l9ugfLVCGAqa2guwucp2aDXB5bibomLZ8J5Az3Cmm3YF/SlUYAX8drHKcl/oOlTTsjWPsWWTvTf0GlFDxsFmzP/AGyNJOP+bBjPP4ltGt6mAjQidMVtqisFOIxo2eAuFM74CyE63JuFoDK6L4Efyz7WjAe7nItbB0JtIDsGvQR3NzcfX+IAT8PGN
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 830cf39c-1a7f-408a-4bf9-08ddea5735a7
X-MS-Exchange-CrossTenant-AuthSource: PA3PR02MB11163.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 19:30:44.0889 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: KFm2FKjHZpobQLRvsbZ4pv16U/0LYLLpghvio+uNlbF932pB8U/n29i6j5p6TTnF
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA6PR02MB10589
Message-ID-Hash: WWTCHGHFBJJO7EVKVVSK2XHKUIHNCAG2
X-Message-ID-Hash: WWTCHGHFBJJO7EVKVVSK2XHKUIHNCAG2
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: I-D Action: draft-ietf-tls-wkech-09.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/D6GfoeJhGkjpjz2u73L0TUfxhbU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi Ted,

On 02/09/2025 15:40, Ted Hardie wrote:
> Hi Stephen,
> 
> I have what I hope is a small question about the IANA registration.  In the
> protocol description, the draft says:
> 
>     The JSON file at the well-known URI MUST contain an object with two
>     keys: "regeninterval", whose value is a number, and "endpoints" whose
>     value is an array of objects.  All other keys MUST be ignored.
> 
> In the IANA considerations for the new JSON Service Binding registry, you
> specify Standards Action is required to update the registry. 

Ah. I think Standards Action was Ben's choice, or else, apologies to
Ben, and I just forget why we said that;-)

> It seems to
> me that you actually need something a bit narrower, a Standards Action that
> updates or obsoletes this RFC, since other actions wouldn't eliminate the
> "MUST be ignored." requirement.

That's logical.

> My IANAbis chair hat isn't on for this question, but it does cause me to
> think about what folks mean by Standards Action in a case like this; do the
> authors assume Standards Action is sufficient, because that process would
> check to make sure that the new standard didn't need to make an update to
> this RFC?

Yes, I would make that assumption, and it may be worth stating
in the document I guess?

Or... we could consider "loosening" the registry update rule to
expert review with guidance to the expert that they should think
when adding things to that registry as the current setup means
they'll be ignored by existing implementations. (So, not much
point adding negative-things/constraints that need to be honoured
I guess.)

I created a GH issue for this. [1]

Thanks,
S.

[1] https://github.com/sftcd/wkesni/issues/57

> 
> Thanks,
> 
> Ted Hardie
> 
> 
> On Tue, Sep 2, 2025 at 2:40 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>>
>> Hiya,
>>
>> We made a bunch of editorial changes after the comments
>> received at IETF-123 with which the commenters seem ok,
>> so the authors would like to ask if the chairs think this
>> is ready for WGLC. (We understand the plan is to park it
>> after that awaiting more implementation experience which
>> is fine.)
>>
>> There are no outstanding issues or PRs on the git repo. [1]
>>
>> Cheers,
>> S.
>>
>> [1] https://github.com/sftcd/wkesni
>>
>> On 02/09/2025 14:30, internet-drafts@ietf.org wrote:
>>> Internet-Draft draft-ietf-tls-wkech-09.txt is now available. It is a
>> work item
>>> of the Transport Layer Security (TLS) WG of the IETF.
>>>
>>>      Title:   A well-known URI for publishing service parameters
>>>      Authors: Stephen Farrell
>>>               Rich Salz
>>>               Benjamin Schwartz
>>>      Name:    draft-ietf-tls-wkech-09.txt
>>>      Pages:   18
>>>      Dates:   2025-09-02
>>>
>>> Abstract:
>>>
>>>      We define a well-known URI at which an HTTP origin can inform an
>>>      authoritative DNS server, or other interested parties, about its
>>>      Service Bindings.  Service binding data can include Encrypted
>>>      ClientHello (ECH) configurations, that may change frequently.  This
>>>      allows the origin, in collaboration with DNS infrastructure elements,
>>>      to publish and rotate its own ECH keys.  Other service bindng data
>>>      such as information about TLS supported groups is unlikely to change
>>>      quickly, but the origin is much more likely to have accurate
>>>      information when changes do occur.  Service data published via this
>>>      mechanism is typically available via an HTTPS or SVCB resource
>>>      record.
>>>
>>> The IETF datatracker status page for this Internet-Draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-tls-wkech/
>>>
>>> There is also an HTMLized version available at:
>>> https://datatracker.ietf.org/doc/html/draft-ietf-tls-wkech-09
>>>
>>> A diff from the previous version is available at:
>>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-wkech-09
>>>
>>> Internet-Drafts are also available by rsync at:
>>> rsync.ietf.org::internet-drafts
>>>
>>>
>>> _______________________________________________
>>> TLS mailing list -- tls@ietf.org
>>> To unsubscribe send an email to tls-leave@ietf.org
>>
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
>

v2.35.0 | Report a Bug | By Email | System Status