IETF Logo Mail Archive

[TLS] Re: Mohamed Boucadair's Discuss on draft-ietf-tls-esni-24: (with DISCUSS and COMMENT)

mohamed.boucadair@orange.com Fri, 16 May 2025 13:45 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E806329539E3; Fri, 16 May 2025 06:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.793
X-Spam-Level:
X-Spam-Status: No, score=-2.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTCl3cUSnHgY; Fri, 16 May 2025 06:45:37 -0700 (PDT)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.210.124]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C0AFA29539DC; Fri, 16 May 2025 06:45:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1747403137; x=1778939137; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=9O6bl6WrSQLhigGJzAm5mYBXYLmRYO1FR2wADWoYC/Y=; b=TI0J9GerRmW8HJkviDfA1gFVXHEfof4BSBtNe8sQuLeHf6iUMzSnnXbD 1exI2Q1JD+Munw1P7J15usJY/LkzuaWPIIu/SPZyEjghXNP0jgO2CcWSH Z4BidSNZNdBR17bk6Y9er+e3Z0zLETy7Y7aPQgy9UVDGaaOoZOMFaSSNE wD28s+smtkL5ytK/v0650rKL+/gCjxti61mfKAPQg3oEfDLhgwsw0tnOk R+BqdE9nileRtPUUegOec0mzK6FGoVyunTqxMylNuwLBCwWYYqKB7MeCA A7vem0zX1GrHis890uRLaTkTNyWD5UQiM5aISf/3ZiAC1rlKDXVSiApky g==;
X-CSE-ConnectionGUID: aMo2imIVTEit27zF4weeNw==
X-CSE-MsgGUID: Gp6kqNdpTzOLwFCTNVtkFQ==
Received: from unknown (HELO opfedv1rlp0d.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2025 15:45:36 +0200
Received: from unknown (HELO opzinddimail6.si.fr.intraorange) ([x.x.x.x]) by opfedv1rlp0d.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2025 15:45:36 +0200
Received: from opzinddimail6.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id EEB7B12320E2; Fri, 16 May 2025 15:45:34 +0200 (CEST)
Received: from opzinddimail6.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id D5C6912320BB; Fri, 16 May 2025 15:45:34 +0200 (CEST)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail6.si.fr.intraorange (Postfix) with ESMTPS; Fri, 16 May 2025 15:45:34 +0200 (CEST)
Received: from mail-francecentralazlp17010006.outbound.protection.outlook.com (HELO PA5P264CU001.outbound.protection.outlook.com) ([40.93.76.6]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2025 15:45:34 +0200
Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM (2603:10a6:508:1::231) by PAZP264MB3303.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:141::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8722.32; Fri, 16 May 2025 13:45:33 +0000
Received: from MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233]) by MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM ([fe80::e61b:f910:8bbf:2233%6]) with mapi id 15.20.8722.031; Fri, 16 May 2025 13:45:33 +0000
From: mohamed.boucadair@orange.com
X-CSE-ConnectionGUID: BL8ft5B/TFGEqQhF0+bYow==
X-CSE-MsgGUID: skGPpl//SOqfifH7UnjNkw==
X-TM-AS-ERS: 10.106.160.159-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
X-CSE-ConnectionGUID: nUXQQDIaTTu3EOp4JBavkg==
X-CSE-MsgGUID: 4SCFCJQcSNuu4dSs4kgBxQ==
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none
IronPort-Data: A9a23:6cya1qtbXuK8hrrQWo/mdu/AEefnVAFZMUV32f8akzHdYApBsoF/q tZmKTuOMvqPMTfzLop2PIuz8UwH6MDRydU2TFNl/ilmFyhE9ZOVVN+UEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZhSAhk/nOHPykU7Ks1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws LsemeWHULOe82Ayaz98B56r8ks14ayv4W1A5DTSWNgQ1LPgvyhMZH4gDfHpR5fIatE8NvK3Q e/F0Ia48gvxl/v6Ior4+lpTWhRiro/6ZWBiuFIPM0SRqkEqShgJ70oOHKF0hXG7Kdm+t4sZJ N1l7fRcQOqyV0HGsLx1vxJwS0mSMUDakVPKCSDXjCCd86HJW33R88xXIGA/AbEFoctQGT1s3 /UGKz9YO3hvh8ruqF66YtFF2/x5cpXAAdtH4zdn0C3TCusgTdbbWaLW6NRE3TA2wMdTAfLZY MlfYj1qBPjCS0EXfAZMTs1g2rnAanrXK1W0rHqQoqo+5mXfigZ2zbPkPNPUYPSNX8xTkUver WXDl4j8KkFAbYXClmHUmp6qrrP0tg3QersZL5ul66Jmu0bPxWM5GCRDADNXptHi0RTiBLqzM Xc88CcrpLM53EmmUtC7VBq9yFaFswUTc9tdD+N87xuCooLY+Q+XGi0FQyJPLcAir4o7Xjor/ l6Eg92vAiZg2JWJTWnY/bedrCmpESkYMWFEYjULJSMZ58LLoYwvgFTIVNkLOKyuh9nyBjzh6 z+PpSk6wb4UiKY2O76T+FnGh3eivJHPRQM+6wPLRGuh5xF9fNf6P9XwsQCFq/FdMIyeU1+N+ mAenNST5/wPCpfLkzGRROIKH/ei4PPt3CDgbUBHGaQRzg2B2nefQZ0LzRZmeGVDO9gHdmq8C KPMgj956JhWNXqsSKZ4ZYOtFsgnpZQM8/y1B5g4ifIeM/BMmB+7wc14WaKH907X+HXAfIk6M JafNMi2BHARBK9qyiasTuMUw7szn39mnDuLHc69yAm7272DYnLTUa0CLFaFcuE+6uWDvRnR9 NFcccCNzn2zsdESgAGJrOb/znhTdxDX4KwaTeQLJoZvxSI6SAkc5wf5m+9JRmCct/09eh301 n+8QFRE71H0mGfKLw6HAlg6N++wBs0k/CxhbXN8VbpN55TFSdf3hEv4X8pvFYTLCMQ9naMoJ xX4U5neXakXFmqbk9jjRcCh/N0zL0TDaf2y09qNO2NlI8EIq/3h/97vZAz08ycSRiGwr9NWn lFT/lKzfHb3fCw7VJy+QKv2lzuZ5CFB8MosBRegCocIIi3ErtM1QxEde9dreang3z2fnGPCj 257wH4w+YHwnmPC2ICV1fze8djzQ4OT3CNyRgHm0Fp/DgGClkLL/GOKeL/gkez1PI8sxJifW A==
IronPort-HdrOrdr: A9a23:u0a0OawMhnfWp5v/Yv+QKrPwA71zdoMgy1knxilNoEpuA7elfq eV7ZAmPH7P+VMssBNJo7q90cy7LE80mqQY3WB8B9iftXDdyQ2VxeJZnOnfKl/bexEWrdQtrZ uIGpIWYLbN5D5B4/oSizPIcOrIruPnzEgG792utUuE4WtRGsZdB6YSMHfjLnFL
X-Talos-CUID: 9a23:x+gGtGPW95dKxe5DXhRXzXc4O8kZTmCG4VDIf22SAHhqR+jA
X-Talos-MUID: 9a23:oBIcXAWyTx3QFHDq/GPXrx9JFv5j2IKzFRwBqo5auMauJRUlbg==
X-IronPort-AV: E=Sophos;i="6.15,293,1739833200"; d="scan'208,217";a="82115739"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RUpso0xKjP34ccfOObEU106cgh0zC7pY+xR78A/acX+5IX4G7UPOUHLqRIYZJpOK8wx2aiZrHC1QjuqnaW79prrFZ9fPJTKU7LpDEQDPXQT3QxWZJLJyRDjDTE9nKhSSiLPda8oQ8U9bYm9JHCVoOAGXvwSMr1FQRZpskTBvLC5qLvSOzVA5/HG0mauGI1ZQ7byGZBW9dSAvBnKWgvjZ8JSHuU3rml93fmOsYB1BpkyB5XfhFF6ZVPwdJ/WlAtCXixomYh07nXdWzWXEMCPEX/K40nvLjUCmgeJHHPHlfE8CjLjhnLs0+wkDadvUXSGQH87zVCgvQYR1U14K27IlfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VU4MrpxSfOcDxoocXQUJFuaMwbeEV9VV+Y/O8sKtssQ=; b=LZXecIJeTw/rWEd2zN6cQ5lr25luYtPxzThnEUdZttF4wNJ1zZmC+YOxOxoFyACrDDUtymwDOdb/hnT2FWsYe/PbMwDbCmKKLF5pfvAdvVEAexU4k79+gGhW1XaD0nPcIcOp83LnBa2TlYjIwdTjXDsJHeUoVoWZn6ordPGZ2gpGESItFZU2DtqegfZg8qKuvYjV36eDuexVSsWF5nWcqx1flbzDyulr9pNzYTK8NMQ/OlZUY2LWAJyN8MG5+Pri1WBwaVtesxB1z4w/hXJeCYN9uuzBLXMy6g7dSj8Bn3rUG2NthQyIMav/6q+m3BkIOmNUsy0g3Zm012FGvfgu0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: Ben Schwartz <bemasc@meta.com>, The IESG <iesg@ietf.org>
Thread-Topic: [TLS] Mohamed Boucadair's Discuss on draft-ietf-tls-esni-24: (with DISCUSS and COMMENT)
Thread-Index: AQHbvpDXvWUBRO53pkq8BtsROl3YwbPFtNSHgA+fH4A=
Date: Fri, 16 May 2025 13:45:33 +0000
Message-ID: <MR1PPF6395AA9E6AF7B23549B0DCC2F50168893A@MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM>
References: <174654055559.678918.7219031199891418697@dt-datatracker-58d4498dbd-6gzjf> <SA1PR15MB4370603308C6D619A7DE3554B389A@SA1PR15MB4370.namprd15.prod.outlook.com>
In-Reply-To: <SA1PR15MB4370603308C6D619A7DE3554B389A@SA1PR15MB4370.namprd15.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=c1cbf165-2495-4507-94bc-567359694a5a;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2025-05-16T13:45:26Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MR1PPF6395AA9E6:EE_|PAZP264MB3303:EE_
x-ms-office365-filtering-correlation-id: 9286d0e6-8b61-4e12-8168-08dd947fee13
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018|8096899003|7053199007;
x-microsoft-antispam-message-info: Vj2AQFActJ90wyQlMCz1OQ7Tv+0q06uU2Ut/BOJdUAYyGWrO9HjdqGoBGc8ct1f0YRxVz9dTjewH+oWM3mwN5g0sfwwt94IoXVNKtu7Ci8dOg8YhVX+8ItucusN/6CNlZcYX1p7t2m425FC3q3Te+woSHhn9HpKEJwmQEcM0/3czzVR02qaZe4CTjt7m5aVb/cu7Wft1IOGZ3Q/YbxNdorO1ZuMBJhlHb92UlPr1PmcNjvVRwSTRio4ruFUM4C6t3oVqhhGh3Y65iC0v85RMuqEr1FpbA7NRTzst+H/ImDbhdBsOb9NSd+I9tSZgwlG8+xEnoY+eoNtA25lK55qxMf0h/xkETjCC0mmg9x+6I9T5Ltj6pHisE/IVpmmb700NWJNYPUFpSSz66+Ap74VY8xURuOfwAKnYtSaY/Dswxh4HXZ743CHGitKaiCkU4SWl60JRVqGitepySPSN8PCOeZ7HXdekMP/CmVqDDdSN9M+qWY/9/Xa1a9qAWSDf7+PuTExtvoQUzXDhbK/LTJ9f6mpGHYjgJF/tG9MOOJxciILwHbMlgQYCTyQkf/qMwAQ5yWZnxq2Zj1Vi8JKD95P0BzGOVqCw8xe3EYVSDTlhvBp6fzyrmUb45CHpRzl7a9i9l3jPMZ1XYzOvQoSBrXmkjGX/uwTDYn/fXt+UELENmXh8G0letMZIKgzDLOhz2hE4Du0V5Lp0uyKhVFH1TB2AND5GQxf1xRGIzKzOE38+SvnP8FCe/fxmEPVtF93ISMnEbIL4EsvoeAGBB1I1o/qWRW+NIn6VZQlTFk9ns3W7Z2L9RWBsv3M1I5AiK8ydbd3bIcQUxH5IgyoTy59iw5rFhCQEnqFX+rJlkiGcYs8aT01WiJv2qFxxPEORzGZkOOQ0kHqu61AMstlqhGbxb+ThF8mPUPC5TxChrSgJvHzlbzeLRjVkz29Ff01T0doKcUSMm0BIEtfGo0sZYIy5iXBLbyR7+qX5dJHnUdh2GUqREacmCLkADF05UEWLVVrkU+6ntib7y4rFWmv9MVZTi+A1yodyMpLOHEG0mTv6pt93cD3X/V4cpQX9NlHHdEJiQ7J92o1Qqgdi6f1evctFYg6A4TMh0QZ6KNExezrRA4fVI7QcjRB3nA8euRMu6EPuOp60p0lWTfwF0B5JqTvyPpilkgFQ6qp19h06E11PCYT0XzbDqzGfMjxN7oh7DUBK5X7lmQ2Vut/Hi6Ng7ZhCzkrtSaOHoErjcPAKI0RFu8D9Sl7CU2JKnn0M+ifwKIjTchvCYAYuqHTDSI2hvu9xRcoNIrDMVb2/RUSKPiP8ax3y3PvMd/4qLwKoB3D1ia2xE1UNYpPnWp/IHaSVpwPzO+1wt5TJL1Q6yy2hTP4kPsONTbEW3z8uXsaeaKMsJfp8HXqxjPkzwCHAITvPx+PgWk8e0FR9lABpJTX2jKeKq1xjOuJOJj21p1Ax5Pr+kjqSDrW0IsD8l8EJSCwfaSoPus2Xy9uK36FYzkMl6GkVGDuGghw=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: K7NhJuxoFHMsBM6Q6Qob/1l6B52JsXIQbh8OeqiqxQ2hJz8Kyq71QK4x8IJK6cOB2T7g9mgePsBePtTHb8MYi9c215ww3iSB4ZKJsogzXXYSJDRx+S3mp9LcYBUNovsATOwFqbtSkvbik7jgIh9bjB9EFRVr4hNQ83mnmOn7BORNDteQ2IgZTGkyr7U1OHY3GBHo0oxVaKGPGAyBskrlYDMTyaZQnHjEJK14F9VMWO3e8chIkIVWaJ7FLfrznZ0ZL2b27aizxz0lOP4rOI+MBFEnjYZnC5l6pB8ffQxnpU/O7HH+hRvXstv2aooRi+xT3s4IVw9/5gWyyT4PS9tI3dW8MovkbIlToxpV9xBiBtIN9WrncbDl5jbQA68q2bpNClZHPU9poSIXtB9pjKehCmmUZdz3+aYffztQnLD2BoZHkX4bn3xjZnrfO2P1kaGXm2iUdozY2L1o/rxzrBzqcYck9W6n0hMDTAAUrpcAf09p5+VF7WZoyqoC0qDZucp+npA7NitMrP2ozvelQw7qzrvG3aq1JDkL7ZTDlbRWDr9teIXBoTddhXUZy+D5AO6h7TIb3WVdv8CkBkAU8ejI9FS73zk5u0z61bSO7lfA7LXHD/cEe1xdMaJvSIUPwWNR4BhEkCTN3JQLPBJPfDvAtSRUeJKzO6oAD4VlNoDBtWOP+8cLc6o5vv3GuVH430kgLt/4m1dm7vz4OjS2uU4qJZ4so54qS5tvtr6Dl6umAeI4jzKyJIvxmfAANkFxt5RDTst2rsYZ5T2yZfwVKmGCyUWnUagtWPC8TNq6W5mvl5iJTRs+jA9aKrNJH8drq5XwQ+oRsaL/MkEYaafiLpcwZo7woLIUy/95Dc2c/Nl2PA8XokByq3/CGFEylQrCQnAK3K0NzlWOrSmd+3uVdR9YCoRblHclbUvPk/QCNCjSINRvj8vIrnIh/9LQwhjwTD3aaecaVbWKA0PLoO6KNYQdwDwPNZxm/Y+Cx0a1pE0ylb57yf5I0dwQZFhohbue2bJrYTaGfBlxxnTpWgYwHYmanfgGaDxMVhKusMpAZth18Q4DgQeY7RvqA8TjWvfCBSKOtGxLohdF5/E33yM7ysp2fTOSPhXIMHLXxPHAQC48JKNQFNfgAAIewz8rnZHxx7Bfwma4DFnrRWtdfRlphdrF0Zy23Y6PeEVbZ818UffROWdqM2BpjnPaJcu53JrMyJhahu4SFFMQgm6ATUzHBSkub3zohVfcP4giqY/bqekGqMt53iWWTjN0uNIacpeP1FNuwHRVv0bSE69jm/lHMnSgON4weYwcOsCkaJTT519Lo1vi9WPLyt++mViukThsZ0bgkUxapTcKUhMyePtz0wVmefD89ROKAW4VwdANYoZPTvVd9Xm0w7pCUaOIPJbyLKttGppMeYBwJegMDn5JW0vXiu4t3HTUmcUIPVNDEBxN09KJ+N+o4qkLAizSoEffdtImCYXCsbNIcFihcJFd81R5xtmiGwznp5HnmwRK+roOu7qdMWKyFb7USwQQwcp11gOthK6KTsQdPh7b6YGbvkkZh9c4fuHPDtyESl0QXALG0yWjHG2zvu/5ynnrBOKvgcGfZ3t9tuJMogUbYw4mxgegAQ==
Content-Type: multipart/alternative; boundary="_000_MR1PPF6395AA9E6AF7B23549B0DCC2F50168893AMR1PPF6395AA9E6_"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MR1PPF6395AA9E6.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9286d0e6-8b61-4e12-8168-08dd947fee13
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2025 13:45:33.2088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j30eOqhlj6O5jtacLQFtFEpW/yyLngSLLqYCZ4NnAJc9K8kj2XjWCTVm5ejMOGRRbxe2R1A8oAIi7w8wzL2+j1HaQzBm6iczblvjQ9Awwu4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAZP264MB3303
X-TM-AS-ERS: 10.106.160.159-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.1.1004-29188.005
X-TMASE-Result: 10--30.618300-10.000000
X-TMASE-MatchedRID: Kx0w2sAofbtiHm449d3ili+6f/7y7+GzgcrZCG1wmwcwA0zrW4Apb+z9 H+EUMUMl1Ug2VvRhaJW5PBZnV9tuHGr9HOtJn0L7MGAKZueP0mZUENBIMyKD0WUS/oAi0pYX5B0 m8v8rUyiDefyXDwaGu1OsG5f3UbNbJuhaiqI5jzcdZEkR8Y/meSwB2jqVCX61SRIyY6RIQp/SwT QHPkH9hobCFagS140eV9ZiTox2lghUmikXgjVtg95x7RpGJf1aOactXQNn35InIXwGgysI0O//v bMLiEkV0+0G7io/4HWtQ57zuXEmXKOUVKBdY9a45p1ddw6V4Rtd5/m3qrxFzEqa6TyhyXvPOCjy kMcvhP4LwTxkKC1upQ1qNf7wRfPF6BK9nVSPxrIK3Ma88LL+blTizEWrqKARdigxMAcafVqFAf5 iylR8WhiZsVhauLEn2QQJvp4Wi4Bq9oJbnOqI2ovptQwz5tsiCCdq6k3LmHZf0yVReoVM7dDSnI WWPMFHRtqxwxytKE4AFmb/zOv8CGjnMhgjKIiPDrDTQZ5YEVpKHhaQPPG6/o5hyiW8kJaQiJtHL SORchni8zVgXoAltk77e4Y1xq/3gY9lxARefXfI+J/9cwnC0hIe1e0XhI6FAqYBE3k9Mpw=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: 7276ca82-241d-4419-85aa-88b576d723e3-0-0-200-0
Message-ID-Hash: HEB2F4UX5QVFV2WEZJPEWZGUH7SH3CYE
X-Message-ID-Hash: HEB2F4UX5QVFV2WEZJPEWZGUH7SH3CYE
X-MailFrom: mohamed.boucadair@orange.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-tls-esni@ietf.org" <draft-ietf-tls-esni@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>, "jsalowey@gmail.com" <jsalowey@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mohamed Boucadair's Discuss on draft-ietf-tls-esni-24: (with DISCUSS and COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jpQuoFWPN-d9PS9yzu_Af-MSiNU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi Ben,

Thanks for the clarification.

I consider the "(apparent) Inconsistency vs ECH-IN-DNS?" point closed.

Cheers,
Med

De : Ben Schwartz <bemasc@meta.com>
Envoyé : mardi 6 mai 2025 17:17
À : The IESG <iesg@ietf.org>; BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
Cc : draft-ietf-tls-esni@ietf.org; tls-chairs@ietf.org; tls@ietf.org; jsalowey@gmail.com
Objet : Re: [TLS] Mohamed Boucadair's Discuss on draft-ietf-tls-esni-24: (with DISCUSS and COMMENT)


...

> # (apparent) Inconsistency vs ECH-IN-DNS?
>
> ECH spec says the following in Section 8.1
>
>    Thus server operators SHOULD ensure servers understand a given set of ECH
>    keys before advertising them.
>
> ECH-IN-DNS says the following in Section 4:
>
>    When publishing a record containing an "ech" parameter, the publisher
>    MUST ensure that all IP addresses of TargetName correspond to servers
>    that have access to the corresponding private key or are
>    authoritative for the public name
>
> Avoiding failures is the main motivation for both "ensure" behaviors.

Not quite.  The first quote is about avoiding the ECH recovery flow.  This flow is slower than a normal handshake but does not result in a user-visible failure.  The second quote is about avoiding user-visible failures.

> Is there
> a reason why one spec uses SHOULD while the other uses a MUST?
Taken together, these quotes mean "deployments SHOULD avoid using the recovery flow, and MUST NOT create an arrangement that will fail to connect".

--Ben Schwartz
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.40.4 | Report a Bug | By Email | System Status