IETF Logo Mail Archive

[TLS] Question to draft-ietf-tls-esni 6.2.1.

风扇 滑翔翼 <Fangliding@outlook.sg> Tue, 11 March 2025 10:28 UTC

Return-Path: <Fangliding@outlook.sg>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 25E7C9EA3E1 for <tls@mail2.ietf.org>; Tue, 11 Mar 2025 03:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.sg
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQ7hMOrJNErx for <tls@mail2.ietf.org>; Tue, 11 Mar 2025 03:28:47 -0700 (PDT)
Received: from OS0P286CU011.outbound.protection.outlook.com (mail-japanwestazolkn19010007.outbound.protection.outlook.com [52.103.66.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EA4339EA3DA for <tls@ietf.org>; Tue, 11 Mar 2025 03:28:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dLFX6Kc+Gi1GHk38W5ECJcC5x1hZH8MOA2uHvNBMyIgsFSiRzrFIHGDq1YSNt84fviTbeWbY0tEvWsz3RtJ/wRIevA6F+ihN/oPWPp1N38JLfjrfnswvpr0x+Kw4Jznj6yXM3AEOjll9upc0avNidWyFIxGUl4Ya4kqPcZluHluZJ7WZbt3aqfyisa/aIEOLZj0YM0Bx4/qqJI2iuPf8awncIxmvCyXtY59A+TuCJvw+iTtyVJQIi6fEtLEx3r431bOxShLlsAqdzzh8+2tgWIAQsCYjm01UNasMaxlDxsvPbcXnKOJgm3U1k4ofwhbbWlK7c+EB04kTdRB6Ub2SFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7bt+wToSjC+nKPNXDqsnvCsFgC2YfQ80f6A6TwOJ/wg=; b=tdJue/9YgzpKSKXU7cnObz1OYpdfEhSFodjG5w6tATYsrLrLdPaMXkQsFg7Wqjt41ICijODXBtP1HWJDC3y9KMubyI/OhzY2Sfos7v1cIWrcmZ3aVUXTbvRtmzEtATtNtf5mox7cUylqi7QHlN9RhkSVLIiKRng/w5WG+PVssbSKch9n1MaJT/uqzgELRE6+EF0yBNl75tJ/SLmQ7ab7n90bbEEYAL0r2ZGkBjS6FeYl7z86plswRr7cIgQH5waRfbWHsSEPKG7yZTXTm3hC7aie1iQQRX7YHknE39UlTxv7/hKVrXJNfxGqDQM+t1+OkBwOQmOAx9ikgvcUkzfceQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OUTLOOK.SG; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7bt+wToSjC+nKPNXDqsnvCsFgC2YfQ80f6A6TwOJ/wg=; b=O6J8rhZxnQJrQsLGUUEFHyXazc1trJxCJ5uH5xpxPG2bdL43tnEq0pnwtOu1OqpYopgZWXhZsSz9+DaFCraCL1pAOWNjb0jD5qqjkfi+Gm+BM9z1CFpr9X9AuydNHLXhxzyO4ncna7q2qpVzFwGZFGvjq81q8HNxFJCOnAA1tuFUFCldQV2hBd3TElaxd2lhBZLOvYmvfAX8CeWyKGVSAaks7+I4uTjhULIQZBcW4x/4xnuvCWid7M8NeOkRt15oWTNJLy9JM1UhdWcziuKYw5NFw6bSz8i9JvXz6Hl9Cpz2uQbYWJu9dUZQeBB8d12FMd4Mn4mP9MwV5T7Pa0kVMw==
Received: from OSZPR01MB6953.jpnprd01.prod.outlook.com (2603:1096:604:132::14) by OSAPR01MB7253.jpnprd01.prod.outlook.com (2603:1096:604:11c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.27; Tue, 11 Mar 2025 10:28:44 +0000
Received: from OSZPR01MB6953.jpnprd01.prod.outlook.com ([fe80::f1fd:b62f:d5f3:d4f4]) by OSZPR01MB6953.jpnprd01.prod.outlook.com ([fe80::f1fd:b62f:d5f3:d4f4%4]) with mapi id 15.20.8511.026; Tue, 11 Mar 2025 10:28:44 +0000
From: 风扇 滑翔翼 <Fangliding@outlook.sg>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Question to draft-ietf-tls-esni 6.2.1.
Thread-Index: AQHbkmpTPVhm1t+85EOkOe/Vf0PBWw==
Date: Tue, 11 Mar 2025 10:28:44 +0000
Message-ID: <OSZPR01MB69530987F781FAB8C82DE6FD81D12@OSZPR01MB6953.jpnprd01.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: OSZPR01MB6953:EE_|OSAPR01MB7253:EE_
x-ms-office365-filtering-correlation-id: 032859e9-2f09-4164-d046-08dd60878068
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|8060799006|461199028|8062599003|15030799003|7092599003|15080799006|3412199025|440099028|102099032;
x-microsoft-antispam-message-info: B1GFmiMzR+TeWaUhfzZ1PzqcfC0jnBTiIzKV/EaTyMODB0HQC4G257NgMH1XWThur8ouyfsePmE+HQ1ige54CsObNPS/LrMitAHOR73RPw4fpX3103IoyNGi+LlOdUhfaHonUsob+ZQgrEAtNB3xWqfBfteXGsUaemtVjvh46V/BiJE79N4N6O7zyllF1sJasyX+BDyCEpWEkoeEwbk1zuGvrdztgI3qnrRjL6x4I3rNcX6tnSdRB5AAobybMqgfcJIViW+XoXDCbFydtwreYQKC6i2IGCGzlpeGrJVUonuz1rJ9MBz5Bi7shYo8GMFCZW91beDzRDAVklO7nSL7cyNgeI4WY7Md5+XwG0Njp+vMaTb+K6dX6lwGF92G/YxdgXU2y+mf8zhkP0T8XqFdV0yDpkOyA/V74BM2vA1aQwGkNMd3JhW2GqLcV484TomFGzOMKbIyyvhZBdo81Kq3FLXTbJxvO8pIaE9l0ndcPG59vhCA2bsicC/M7Vb+AX6IaNoJgdIhP2ClT+R1Y215xTvmId0KK3FYT8TW9tlFFYiQAu4e2voRf5LYWSHMNovZHWAXomRvCAnS3GNISFgznuMZkRUEjC+ZhN1olcZwe1lytIMlV0Omw6Debsol891lqYEBsZblB8/b0bQGIuEpwlYeaeklGNPV8MVaPeSfNWPrG8uSlAXBNa7YwrRBskhx7i5QDJ8gqukotvCpqmDVa0IaQBuXG63sJfLqKIdCjf+ZcFYeX4ay96cSrQ1j0xvtKIYeO9/bg5aDF1nF8kA2zSOxns5gyBMMJaAvHiWnCjUAhb6N+Tcodvgv4xcrwkc1bgZmXXZpUP5KRZCCOicaim24dROATYWKiyP3OrPQs4VbZw4oetSLY2LvrL1Rli/MJ68nnd9ZtwYKUkiJqOz7HssPSCpU2E+ZgCl/fpaMoePqb1tLgapr0Iq6uWmsQ7R2UTyLkH5ZI3N2XlJSsFD4HJAEF+8X8rhG/BYIZAaQYVCyE8o8La9xc7KD6307YqUPZ1jksOUfYZnSZJKT+P0mr1wLN/iN66E23ZkYIgDgFAbhFoyVaMSdvPlKyzkYDR5SoU/csbU2iTJhuENXUBH+3NND/28+jgoKeXqVcznLqXA=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vNsUybTLaoTHKw2XTLq02sqZ8I9G+rtyW686rkTeIQoSCMKreNpn3nrR3T9y2gdL9G58wuy1KPVyo5MyOTgpYprfFNsVbnicPojgGzjY0G3KncRuzttW1Ex6B5zGfTP6ISANFAQNrzS33W7y2Wajr4RqftN/g8fkNZFLwJaPzhHapS/u3WEHXcXBNVkSRKm8CPQV4LKu0kV5DrEPwRvttcLBsau1EF/CQ9zcBDFAy83giRPkMqksOi3oQ3GxvIWo2W1KRPXMOsUZ2q+wD42MkqCiupXr6LTzZCZ3+/ZHyzb9dLTlfuTW3/Qow/6tN78MiZaxOGrNmINiQNIr/O90AgvbzNa964xOW/wLWm8Y/pwGvID2Y0v/htah3AKigBXjZUn5IsfwH6wjdZwHE2p8cCd53EvsLmy19iGpF2bFlg7ENAFII4FthJfW+agzX5Q4PQHV2a9BYJBdgA4U5BaLYpzMIVDf8iuEalpiTnP8i4DW+ZvikjQ956ByEUOPhcoe79XPCUo+bTe6ufG8pZoxCTRYt6uka0gE0qsJNpt9TxBOmTClRMN3RPLXiF4jXfA7HhYeYV7Ly51J0Hk5+uOZlWxY7UB3pa9aHqJB1lm5SyVPDJ1T9uHz/xln0ZP0i9Tvff4BsryhP9PgVVJfnKRiHKlXRaZ3yOuwYWHaGjVByJ1gwcZQXInpgN/Fc89uhD+ym/SPOqJ3UwTpHljstN6iJL7u1hxtu8dpGY+gKx3b5hgkHx8yN7tYhqKepuK4k6BuIrnZTKEXKAjZnym9xyZt9j/k5HTcclvqI9D2MiTQB1Tyf4GuqHGpV6iNLQz8N6pDcqv3+weeAYNHbVa/R/9fn9FZQ5+1g/sTibD/lKBNnIcTPSumt5QaMmyiCHRijn3cCSJwvOfM/dBCuQbVWBtKUiIsipopwumfkB6LCBK8DOs3qqG+zjMpyiVXoxqUgqJt1w2lt1kJ1qJZZgaYlknC0qEgJQpfKbAg3adwrppTBGXIF9dC9W6Mcl5aq9GI7bax6KKVMP5ON3RbCDTiKDD84QiS99t0bjDMQw01xG6NFT0EX4HsDOaq4TkAi8Z6qklkWI0+plqO8Ix5SkGo15JLflmJPvI9WHvrQGt/AycpW/gby/3oO9Gr3MviflUdf1Pg0UB83arWoF5Uyf1Tawb3infenR+K2IzCEJQzlNf3W/8RF96BwY+2GnK/zkBNIhIjwU772nCbuWmkHSLFLWVp2sRppmAyqmIUz/k2d2cLksiD4+VzDQCEkSseLDmpA01mtz1xwOuxhG1Zl21HU4t/Lw==
Content-Type: multipart/alternative; boundary="_000_OSZPR01MB69530987F781FAB8C82DE6FD81D12OSZPR01MB6953jpnp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-15995.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: OSZPR01MB6953.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 032859e9-2f09-4164-d046-08dd60878068
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2025 10:28:44.7294 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSAPR01MB7253
Message-ID-Hash: I3C3UUA5Y6GCWGOQH4BXO6IYDKFFZRAT
X-Message-ID-Hash: I3C3UUA5Y6GCWGOQH4BXO6IYDKFFZRAT
X-MailFrom: Fangliding@outlook.sg
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Question to draft-ietf-tls-esni 6.2.1.
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/I264SSADUfUCKqi_aQWxQ3wJtgI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Due to the existence of GREASE ECH, for requests made by clients that have implemented ECH but do not have a suitable ECH Config, the server always fails to decrypt and can choose to send retry config.
Why not treat this an opportunity to upgrade Plaintext Hello to ECH(if certificate verification succeed), but require the client to ignore it? Will this lead to a possible vulnerability?
At present, the initial distribution of ECH Config can only be done through DNS. Can't it uses methods similar to mentioned earlier to remind clients of potential upgrades?

v2.29.0 | Report a Bug | By Email | System Status