[TLS] Weekly github digest (TLS Working Group Drafts)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 15 October 2023 07:38 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12AC2C169539 for <tls@ietfa.amsl.com>; Sun, 15 Oct 2023 00:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.407
X-Spam-Level:
X-Spam-Status: No, score=-2.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="Q5JZOqlX"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="cze9CSwy"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1E86VncO7bgc for <tls@ietfa.amsl.com>; Sun, 15 Oct 2023 00:38:45 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7F8C1519A4 for <tls@ietf.org>; Sun, 15 Oct 2023 00:38:44 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.west.internal (Postfix) with ESMTP id 50C433200975 for <tls@ietf.org>; Sun, 15 Oct 2023 03:38:42 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Sun, 15 Oct 2023 03:38:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t= 1697355521; x=1697441921; bh=MVunU+nUtCajeVu0F+ylitxeG7gziU5G9Lb +VIM+MN4=; b=Q5JZOqlX7sEhF1QeR1tWZV1/cm/Y7mDTrz6fhciQXWC3P2OlI+M ausXG6wL0w4N3+ZsSUrSsUCXm8G5uSsDh6ox6t7Iriy55cCluiFp80Bk7o1Fg90d JQ35MO/GEFAiPrIOWHIO5rTUPVWKfdYw9tvnTLVpvztyjmVVRXDGd7r6jzIZZIRP BwqOlrJSWEUXFdChULUBSixFUzMidMH9387Ci7RwdOPF+TdnJRCnqmxrhtYmMwnZ JXzSEjobWcBH0hFR9fVvxRqFe+8FsTybmMUTIs8mTuWmJ2Eda2Ley2aAOHaSRONz xKgTgBAvqfHgCxcj7kEi6rbDjqJ0rA1kEgA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1697355521; x= 1697441921; bh=MVunU+nUtCajeVu0F+ylitxeG7gziU5G9Lb+VIM+MN4=; b=c ze9CSwyiQzuEnXQIlfiWrR7YYhht4+ollWVL9aYvqHyksnirMIGl9s4J/uMqj76o +UHZSm4h+MBDyo6+tMrblHLe0qOwoAwaTGcj6TFMLq9jiD+l7p2uWCOeha6lD5VQ UnvpDs3cvjJiFoSINNJihmjK9w/sW9HOdWvuP4S2AzavPTmwqmmAP8FWgWXELizW s606W4dS5EJbDNXYRKBHHkiga3MalTkY05aRq/9PGZQGSigc2FFblidD8HOb0Awc KQnp7OV10S+ekNE6VWinUunsRTyhD1RSs8r841g0XS8PlUYgdN0jQeNLFg8uK6c7 xrrIR/bUVgO3zXfVaFq9A==
X-ME-Sender: <xms:AZcrZbGAxyeAu3lTRqB33dB5c7uVhT8TKNI0VmjfWOGEwSz225RkvQ> <xme:AZcrZYXtspbVW2CeZLAySzwaxL338tI7WEaojgvrXQYdy67xPrRvyXUA-7SHxklDj qavhe3buD1gF_UveQ>
X-ME-Received: <xmr:AZcrZdL3kC_mYelrAFs-dL7DCCDzLTJ-NrKK9kZ4B_dPW32AoMTvQndqWH2Rb1FwP3n4fi3l2YQVQ31g27v0DlnoCsm6lPkZC_-eSVw6goawj9kXDdDSkKNsBgxRUbC7SurT0PU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrieeigdduudelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenuc fjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicu tegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihse hmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefg fefhteetveegffekffefteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtg homhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:AZcrZZGc21UaW27AiajVGX9yH01S8m3FijpQwDA0mL_UwqTCoWTcPw> <xmx:AZcrZRW0Gy1UiR5yd-tUaOC7e0Q2dWz5j0jK3EiOgynAkcDyTuBKdQ> <xmx:AZcrZUMn2dJ8_T4JxnySTL9bGPsfscI8_MjnMXUQNoDVFYdkdonm1g> <xmx:AZcrZQBsk-2DaHi5BRl7Tkmyr2K-hXbFk1E-MaTUn72iCIoergKOog>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <tls@ietf.org>; Sun, 15 Oct 2023 03:38:41 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============8380838953041365446=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: tls@ietf.org
Message-Id: <20231015073845.5E7F8C1519A4@ietfa.amsl.com>
Date: Sun, 15 Oct 2023 00:38:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Tlx4nJf7sRLokVR96hEwFc32-6c>
Subject: [TLS] Weekly github digest (TLS Working Group Drafts)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Oct 2023 07:38:50 -0000
Issues
------
* tlswg/draft-ietf-tls-esni (+3/-21/💬28)
3 issues created:
- Make anonymity set references consistent (reference single definition?) (by klinvill)
https://github.com/tlswg/draft-ietf-tls-esni/issues/568
- Are mandatory ECH extensions deployable? (by sftcd)
https://github.com/tlswg/draft-ietf-tls-esni/issues/567
- MUST NOT use retry configs may be too strong (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/565
19 issues received 28 new comments:
- #567 Are mandatory ECH extensions deployable? (9 by davidben, dennisjackson, sftcd)
https://github.com/tlswg/draft-ietf-tls-esni/issues/567
- #565 Requirements language around retry configs may be too strong (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/565
- #547 "Don't fallback to non-ECH" option (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/547
- #545 Server reuse of key share leaks the target domain for a given connection (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/545
- #544 What does ECH acceptance mean in Split Mode? (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/544
- #543 RFC9180 recommended max for info is too short for ECH (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/543
- #542 Use of MAY in section 5 needs to be fixed up (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/542
- #524 How to retry in ECH is ambiguous (2 by chris-wood, dennisjackson)
https://github.com/tlswg/draft-ietf-tls-esni/issues/524
- #520 HRR rejection and ECH contents (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/520
- #519 Anonymity set definition should include behavior (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/519
- #517 Question on Section 10.2 (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/517
- #516 split-mode may be more a three-way thing than a two-way thing (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/516
- #515 Improve guidance for Second ClientHello construction in the event of HRR (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/515 [editorial]
- #476 Feature Request: `ECHConfigList.permit_plaintext` (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/476 [parked]
- #454 Make the definition of key protocol elements easier to find (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/454 [editorial]
- #451 Reserve some code points for GREASE (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/451 [pre-wglc]
- #440 Mitigate HRR when possible (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/440 [parked]
- #430 Make it easy to reference EncodedClientHelloInner decoding concerns (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/430 [editorial]
- #395 Add some more structure to "Offering ECH" (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/issues/395 [editorial]
21 issues closed:
- Lessen possibility of client implementation choices undermining GREASE cover https://github.com/tlswg/draft-ietf-tls-esni/issues/512 [parked]
- Anonymity set definition should include behavior https://github.com/tlswg/draft-ietf-tls-esni/issues/519
- What does ECH acceptance mean in Split Mode? https://github.com/tlswg/draft-ietf-tls-esni/issues/544
- Split mode correlation attacks https://github.com/tlswg/draft-ietf-tls-esni/issues/513 [editorial]
- Do ECHConfig extensions use the same ExtensionType enum from TLS? https://github.com/tlswg/draft-ietf-tls-esni/issues/555
- Move ECH references over to draft-ietf-tls-svcb-ech https://github.com/tlswg/draft-ietf-tls-esni/issues/554
- Hard to imagine ECH handling in constant time - ponder and document? https://github.com/tlswg/draft-ietf-tls-esni/issues/400 [ready-for-text] [editorial]
- Question related to section 10.9.3 (Prevent SNI-Based Denial-of-Service Attacks) https://github.com/tlswg/draft-ietf-tls-esni/issues/551
- Add some more structure to "Offering ECH" https://github.com/tlswg/draft-ietf-tls-esni/issues/395 [editorial]
- split-mode may be more a three-way thing than a two-way thing https://github.com/tlswg/draft-ietf-tls-esni/issues/516
- Improve guidance for Second ClientHello construction in the event of HRR https://github.com/tlswg/draft-ietf-tls-esni/issues/515 [editorial]
- Use of MAY in section 5 needs to be fixed up https://github.com/tlswg/draft-ietf-tls-esni/issues/542
- Make the definition of key protocol elements easier to find https://github.com/tlswg/draft-ietf-tls-esni/issues/454 [editorial]
- HRR rejection and ECH contents https://github.com/tlswg/draft-ietf-tls-esni/issues/520
- Make it easy to reference EncodedClientHelloInner decoding concerns https://github.com/tlswg/draft-ietf-tls-esni/issues/430 [editorial]
- Question on Section 10.2 https://github.com/tlswg/draft-ietf-tls-esni/issues/517
- Mitigate HRR when possible https://github.com/tlswg/draft-ietf-tls-esni/issues/440 [parked]
- Feature Request: `ECHConfigList.permit_plaintext` https://github.com/tlswg/draft-ietf-tls-esni/issues/476 [parked]
- Server reuse of key share leaks the target domain for a given connection https://github.com/tlswg/draft-ietf-tls-esni/issues/545
- "Don't fallback to non-ECH" option https://github.com/tlswg/draft-ietf-tls-esni/issues/547
- RFC9180 recommended max for info is too short for ECH https://github.com/tlswg/draft-ietf-tls-esni/issues/543
Pull requests
-------------
* tlswg/draft-ietf-tls-esni (+10/-10/💬11)
10 pull requests submitted:
- Add text describing deployment impacts of no SNI access (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/566
- Clarify attacker capabilities (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/564
- TCP is not the only transport (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/563
- Punt on new transport connection specifics (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/562
- Cross-implementation decisions may be differentiators (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/561
- Note behavior and give an example alongside configurations (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/560
- Note timing side channels (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/559
- Remove alternative designs (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/558
- Create a new ECH config extension registry (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/557
- Cite draft-ietf-tls-svcb-ech for ECH in DNS (by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/556
5 pull requests received 11 new comments:
- #566 Add text describing deployment impacts of no SNI access (3 by chris-wood, dennisjackson)
https://github.com/tlswg/draft-ietf-tls-esni/pull/566
- #564 Clarify attacker capabilities (4 by chris-wood, dennisjackson, kazuho)
https://github.com/tlswg/draft-ietf-tls-esni/pull/564
- #562 Punt on new transport connection specifics (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/562
- #561 Cross-implementation decisions may be differentiators (1 by chris-wood)
https://github.com/tlswg/draft-ietf-tls-esni/pull/561
- #560 Note behavior and give an example alongside configurations (2 by chris-wood, klinvill)
https://github.com/tlswg/draft-ietf-tls-esni/pull/560
10 pull requests merged:
- Cross-implementation decisions may be differentiators
https://github.com/tlswg/draft-ietf-tls-esni/pull/561
- Note behavior and give an example alongside configurations
https://github.com/tlswg/draft-ietf-tls-esni/pull/560
- Clarify attacker capabilities
https://github.com/tlswg/draft-ietf-tls-esni/pull/564
- Add text describing deployment impacts of no SNI access
https://github.com/tlswg/draft-ietf-tls-esni/pull/566
- Remove alternative designs
https://github.com/tlswg/draft-ietf-tls-esni/pull/558
- Create a new ECH config extension registry
https://github.com/tlswg/draft-ietf-tls-esni/pull/557
- Cite draft-ietf-tls-svcb-ech for ECH in DNS
https://github.com/tlswg/draft-ietf-tls-esni/pull/556
- Note timing side channels
https://github.com/tlswg/draft-ietf-tls-esni/pull/559
- TCP is not the only transport
https://github.com/tlswg/draft-ietf-tls-esni/pull/563
- Fix typo retry_configs
https://github.com/tlswg/draft-ietf-tls-esni/pull/552
Repositories tracked by this digest:
-----------------------------------
* https://github.com/tlswg/draft-ietf-tls-semistatic-dh
* https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate
* https://github.com/tlswg/draft-ietf-tls-esni
* https://github.com/tlswg/certificate-compression
* https://github.com/tlswg/draft-ietf-tls-external-psk-importer
* https://github.com/tlswg/draft-ietf-tls-ticketrequest
* https://github.com/tlswg/tls13-spec
* https://github.com/tlswg/tls-flags
* https://github.com/tlswg/dtls13-spec
* https://github.com/tlswg/dtls-conn-id
* https://github.com/tlswg/tls-subcerts
* https://github.com/tlswg/oldversions-deprecate
* https://github.com/tlswg/sniencryption
* https://github.com/tlswg/tls-exported-authenticator
* https://github.com/tlswg/draft-ietf-tls-ctls
* https://github.com/tlswg/external-psk-design-team
- [TLS] Weekly github digest (TLS Working Group Dra… Repository Activity Summary Bot