[TLS] ECH & HPKE versions as an example of too much githubbery

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 27 October 2020 20:31 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C5A33A159C for <tls@ietfa.amsl.com>; Tue, 27 Oct 2020 13:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sODKqP71AyTe for <tls@ietfa.amsl.com>; Tue, 27 Oct 2020 13:31:20 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 985063A159A for <tls@ietf.org>; Tue, 27 Oct 2020 13:31:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 959C3BE50 for <tls@ietf.org>; Tue, 27 Oct 2020 20:31:18 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UoiuutntxXNr for <tls@ietf.org>; Tue, 27 Oct 2020 20:31:17 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0E296BE4D for <tls@ietf.org>; Tue, 27 Oct 2020 20:31:17 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1603830677; bh=b+1ahx+DUiwhk0Q2XDWm2AvevtkO1gKpPnluLPbzQj0=; h=From:Subject:To:Date:From; b=pEG+uGF4mVM9z3WMsgvFWae1vA+OXUg6Mlr74noaFPJqqRCo71L9T9vp16tjvhooe 2jCOziXCHGCWIhf7Qs3NTT50587vSzfd1lmgF8Vbz1zRQFgj0NCpXVFU4ljLQIt4ir ZTJeOB+M181CA5kMu6whV75dUCvwLsjdMRSufIig=
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: "tls@ietf.org" <tls@ietf.org>
Message-ID: <06eebcd3-1532-1df4-cd4b-c92110bbf010@cs.tcd.ie>
Date: Tue, 27 Oct 2020 20:31:16 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/URWgTS5Es8rgJkERbLZlPoY_PW4>
Subject: [TLS] ECH & HPKE versions as an example of too much githubbery
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 20:31:22 -0000

Hiya,

The latest ECH draft from Oct 16 says "ECH uses draft-05 of
HPKE for public key encryption."

The latest HPKE draft (-06) from Oct 23 has a few minor
incompatible changes (for good but relatively trivial
reasons).

So for interop ECH apparently requires use of an outdated
I-D, despite the one week difference in publishing and
a common co-author.

It seems a bit mad that all that githubbery results in
such a lack of co-ordination in two closely related
specs.

Anyway, I can manage to handle both HPKE-05 and
HPKE-06 but this seems like yet another case where
there is too much githubbery going on with the result
that two closely linked drafts with a common co-author
end up out of whack despite being issued within a week
of one another.

That and the velocity of discussion and changes on
github are a major disincentive (for me) for implementing
ECH. I simply do not have the cycles to keep up with it
as it has been happening these last months. If that were
the goal of the authors and those endlessly commenting on
github (and I do not believe it is), then they would be
close to reaching that goal.

Can we not please freeze this stuff for at least long
enough to get implementations done and somewhat tested?

Frankly, I expect my plea here to be more or less ignored
just as my previous entreaties were. I decided to send
it anyway on the basis that the perhaps what seems like
an obvious failure of the current approach (ECH can't
interop unless you use an outdated I-D for HPKE) might
show that all this apparent high velocity discussion on
github is not as effetcive as claimed (in at least this
case).

Thanks,
Stephen.