Re: [TLS] ESNI Android Implementation

Nick Sullivan <> Thu, 13 February 2020 21:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A212112026E for <>; Thu, 13 Feb 2020 13:35:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LpgHhWSxJsan for <>; Thu, 13 Feb 2020 13:35:34 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7BC22120236 for <>; Thu, 13 Feb 2020 13:35:34 -0800 (PST)
Received: by with SMTP id b2so2020655vkk.4 for <>; Thu, 13 Feb 2020 13:35:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+Wl8T/5Ht6Uw2smTOjwD0LADeZJjpT+iOPjmZcpQhXM=; b=aAMmn2fPNFo/piesID+pffVyi4hXaw50x3MYnXUMDgkAyODSsXK+bpmGyAxVeiNiW2 DLLUzIeGVV9wLdbmkLpXh6fsGD0gkjUBNROC5IeGKW9CFJ7K9eJTLvRWs7t+IC7wqQug CIZCaN1rz5SuyweN3Eh6XXrNX4YQm+bJgdOXI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+Wl8T/5Ht6Uw2smTOjwD0LADeZJjpT+iOPjmZcpQhXM=; b=bmmzrjpsYCxps1KB7tPEzCxfSYtoMG87Oymddw+cO8RwrtTyCF/JiiKp83eHWudB0V ZUF6A2cG8Ixbrqsem698AZWkvyBSsMVj+q0+cSR+s/JCwWa4W7iuMEXJhPH3mdaWXvGW IQ6/LWEbQgX9ZR9zKq5c/v9+SjaE57EeRgVKQo9JpBkk/InLgTulY+DogIyN8kT4U1kI i/3HwCewN4mp1DrvgZWolAsZd/BIBRXc4qJvrGR7NOHpjfAFKag+enKbncyeci16Tiui bTIwwoneOC+ia5vR1zyi+a5VOVWRyIP+5CsQTg05v7An4rSt/lzHgAZbvnGqhJcL0os7 sLLw==
X-Gm-Message-State: APjAAAWVYB9FHNXdewlNij91b66KYPs632rUat6Q1nSoJ9JcEcexKNvh MmVu91EfEt8r3p1jBy4VHNkErG05asHrukczuqyprw==
X-Google-Smtp-Source: APXvYqwkvlbKVXVZWIxdrAjSFgSa0H4Exz9lWYmGguYEXbShrlexCqxzfXuJNcmqtGJlcekqmQm6mxq2C2nsWRL5tns=
X-Received: by 2002:a1f:a9d0:: with SMTP id s199mr61889vke.40.1581629733446; Thu, 13 Feb 2020 13:35:33 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Nick Sullivan <>
Date: Thu, 13 Feb 2020 13:34:15 -0800
Message-ID: <>
To: Justice Parham <>
Cc: "<>" <>
Content-Type: multipart/alternative; boundary="0000000000006dd4e4059e7bde63"
Archived-At: <>
Subject: Re: [TLS] ESNI Android Implementation
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Feb 2020 21:35:37 -0000

Hi Justice,

Thanks for reaching out and welcome. At this point, another implementation
of draft-02 wouldn't hurt, but it also likely won't contribute much to the
development process for this document. We've learned what we can from -02
and the upcoming draft version will likely be radically different from the
existing published version, so you likely won't be able to re-use much
code. If it's possible for your schedule I recommend waiting or exploring
questions like how applications with different TLS stacks can get access to
ESNI records if they're fetched system-wide.


On Tue, Jan 21, 2020 at 12:30 AM Justice Parham <>

> Hello tlsWG,
> First I would like to introduce myself to you. My name is Justice Parham
> (github mrsylerpowers) a current Senior Undergraduate Student at North
> Carolina A&T State University. As my senior project I decided to create a
> android system wide implementation of the ESNI Draft. I am planning on
> implementing draft-ietf-tls-esni-02 because this is the version that
> cloudflare currently has published on their servers. I am planning on
> upgrading to newer versions of ESNI as more implementations come out on the
> server side
> My question to everyone is if creating this implementation will hurt or
> help this document? I would really like for this to be a standard that is
> used everywhere in every browser and in every computer. But I understand draft-ietf-tls-sni-encryption
> 3.4
> <>'s
> importance about not sticking out. Is there a time where vendors all plan
> to implement or do you think this is a perfect time to create this?
> _______________________________________________
> TLS mailing list