Re: [TLS] ESNI/ECH: minor progress, much githubbery
David Fifield <david@bamsoftware.com> Tue, 29 September 2020 17:35 UTC
Return-Path: <david@bamsoftware.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50A63A0F71 for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 10:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bamsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WlB9GKEH8dlK for <tls@ietfa.amsl.com>; Tue, 29 Sep 2020 10:35:53 -0700 (PDT)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com [IPv6:2600:3c00:e000:128:de39:20ee:9704:752d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D2E23A0F46 for <tls@ietf.org>; Tue, 29 Sep 2020 10:35:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Type:MIME-Version:References :Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rASMuThdyxAdFgV+VMJ03q9EtUWk6wpf2xGpeapHXPU=; b=H/RUNwm0s2akaduWGx3WjgkmBv yN/w9KYik+b5SFZ874jVJyGw1PfGNzVTe+kFhe5YJeES5xqL4W04OaRLgAwfanSKMRVNJda8puHpn lmcP/715uEp8SZrzoVW28ICtcnyUDGiP6570w9EyP4MIwStgBCCjRTgcYRWdNGPhbBC8=;
Date: Tue, 29 Sep 2020 11:35:47 -0600
From: David Fifield <david@bamsoftware.com>
To: tls@ietf.org
Message-ID: <20200929173547.3zqwurqfkkcwuz7p@bamsoftware.com>
Mail-Followup-To: tls@ietf.org
References: <72d35b92-ea36-b6b7-5e35-ba528ba5faf7@cs.tcd.ie> <CAChr6SyObv29gzofL4yL29nNXxVGR5xZcafK0oTz9qnAQ2Yf6Q@mail.gmail.com> <CAG2Zi23_aEckzY3Ahawx=A3N7N=Hk1g7jcrvf9Wh83LJtopU4g@mail.gmail.com> <fdd06b1e-f62d-1680-70a3-3b8ca21cf9ae@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <fdd06b1e-f62d-1680-70a3-3b8ca21cf9ae@cs.tcd.ie>
User-Agent: NeoMutt/20180716
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F7yWz_S_hxB5SBcBX68E0TsQnFI>
Subject: Re: [TLS] ESNI/ECH: minor progress, much githubbery
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 17:36:02 -0000
On Tue, Sep 29, 2020 at 03:55:54PM +0100, Stephen Farrell wrote: > On 29/09/2020 15:50, Christopher Patton wrote: > > > >> Are there OpenSSL / NSS / etc implementations others can work from? > >> Probably the best way to lock this in and ship is to write the code. > >> > > > > There are three implementations I'm aware of, all works in progress: > > > > 1. Cloudflare's prototype (written by me): > > https://github.com/cloudflare/go/pull/30 > > 2. boringSSL: https://bugs.chromium.org/p/boringssl/issues/detail?id=275 > > 3. NSS: https://bugzilla.mozilla.org/show_bug.cgi?id=1654332 > > Mine has a readme at [1]. It works fine for draft-02 to > draft-04. Later stuff (draft isn't working yet. As I said > I had parked it for a bit, but am back working on it now. > > [1] https://github.com/sftcd/openssl/tree/master/esnistuff There is also this, implementing draft-05: https://www.tunnelbear.com/blog/tunnelbear-implements-encrypted-sni/ https://boringssl-review.googlesource.com/c/boringssl/+/42644
- [TLS] ESNI/ECH: minor progress, much githubbery Stephen Farrell
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Rob Sayre
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Christopher Patton
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Stephen Farrell
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… David Fifield
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Christopher Patton
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Rob Sayre
- Re: [TLS] ESNI/ECH: minor progress, much githubbe… Rob Sayre