IETF Logo Mail Archive

[TLS] Re: I-D Action: draft-ietf-tls-wkech-09.txt

Yaakov Stein <ystein@allot.com> Wed, 03 September 2025 14:39 UTC

Return-Path: <ystein@allot.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CB1795CB3DE0 for <tls@mail2.ietf.org>; Wed, 3 Sep 2025 07:39:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=allot.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6K7PyeAfQqd4 for <tls@mail2.ietf.org>; Wed, 3 Sep 2025 07:39:47 -0700 (PDT)
Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazon11023091.outbound.protection.outlook.com [40.107.159.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 349A65CB3DDB for <tls@ietf.org>; Wed, 3 Sep 2025 07:39:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wleyChjNsyHkc9h7cS73VrxUBlo1NCexEmn82h4sw5cYFEdoIcVZYjoF+iuWdh5pMfUW3Vcv4U2YrQWkZol5nQ7xpJXPO6Svri3oNWNdSmIq6lPAs9z9S7hWuvgq/UMi4zPb4hWWIh9f8yuTIc8Mx7JC/rcrxD2oekE1r58gI+IrEzBaFeIiMkUz31b/UlTKdHzUVa9EH2ckJi6MYMCbH8/AcyjgoRmKy5TERgp6hXKOCsTlyYpwyZWOGYrcDfy/AfUu4p1zXJ9L7oFgPhWhowqoEv5MsvEPJncrBsN2pgTBZBEHziLnHW1pGD8WtkQv0T3U9N8TS6IgGoMthYyQuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fSkO3zUR6obVEgFodX/bKN2st0gPFk8aVZoLwwW3kvA=; b=NRT8JBzzjF5Ph8DLqwN9gg2x36CoKrd0Ef0zYC02T0W+fzxiNbWWktBuft+d8+zTYiJDl+2OBsrG66gxL/aQJomtxX4/5izjifijC7ROOW894K1NcIQt3G8tkfhYyFb6kCftdJkG+tTiFJYd3Aypj15uIL5js7FF9MyU0oLr4PxdZgfLOiFr8wGgxRND8nrCGx6uej/ZZ7lg4olbFPm2D5UPvdr0Lc8oY9WUZRtj84EusZ+t4UCkx75sNK9zNuYHedLL7MHFzxDHc1zG5EnaZYkd0Y7L52JfUZFabgnrWHiGeAjVMkGxvs0ZHzDWb/UFqrBhIcNA8lUfemGcFAnKlg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=allot.com; dmarc=pass action=none header.from=allot.com; dkim=pass header.d=allot.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allot.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fSkO3zUR6obVEgFodX/bKN2st0gPFk8aVZoLwwW3kvA=; b=K4cFoyZalqMIUZENAxF8awecE8O7q53q4d29jU7lC7hQj0vOnCGzlesdyy4Wnb2pG77TM8ilM7VU46KZ3uc6D+m4/N22AQda8aj0LdTcmOvSAx3p97gF7ZuV6u1RQ6h705s7VfVRXFrGE0/4j+VMYX5PRpObeQEU9LuZYB7chDE=
Received: from PA6PR08MB10707.eurprd08.prod.outlook.com (2603:10a6:102:3cb::5) by AS8PR08MB6520.eurprd08.prod.outlook.com (2603:10a6:20b:319::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Wed, 3 Sep 2025 14:39:44 +0000
Received: from PA6PR08MB10707.eurprd08.prod.outlook.com ([fe80::ff02:9799:b729:ae6a]) by PA6PR08MB10707.eurprd08.prod.outlook.com ([fe80::ff02:9799:b729:ae6a%5]) with mapi id 15.20.9073.026; Wed, 3 Sep 2025 14:39:43 +0000
From: Yaakov Stein <ystein@allot.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: I-D Action: draft-ietf-tls-wkech-09.txt
Thread-Index: AQHcHOCWSiwpR3lrMky3tNE2ifSeoQ==
Date: Wed, 03 Sep 2025 14:39:43 +0000
Message-ID: <PA6PR08MB107077E95F0D4B354F24BB4FBD301A@PA6PR08MB10707.eurprd08.prod.outlook.com>
References: <175681980809.1724257.5414760990331082108@dt-datatracker-67876766b7-bkzgr> <123de075-e895-4b03-ab7a-75290ae03c8c@cs.tcd.ie>
In-Reply-To: <123de075-e895-4b03-ab7a-75290ae03c8c@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=allot.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PA6PR08MB10707:EE_|AS8PR08MB6520:EE_
x-ms-office365-filtering-correlation-id: 0ae6e9f4-1852-4c38-82b0-08ddeaf7b90a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: NBcvTRw+c2omhji9oS26SMd749X7nuS+7BIUseFrkPOjGWw/Dlfy4mCiNOSIZdMSJ2uo0eKxMs5O2Re3QTm8CeTDQ1hNTZdaMcXA/SobTrJ75JJBK5Y5HEsX027ULb8n7CqHZeXt8yAYnMIypItuZXZAWwflaTQTDDIasCl3HmtovfyDzHcL5DE3mtMoDzxw2Z8Lit5xQnRSbionTPM1wULtPz3xU09ItZKute2EYvN5o7Q1GpPrs7wUhRRXjykXrKP916XhujQsM+tGLdcM05BWgtZHDLX83pudr2KThQJF/B1m3hV6rzvKIjhruiOWKBnKye7LQR4+CtbxSCZop3j8VNjYidRWsKbpN6NRQdiNqbb5uQw2dOkz8qJW7gh1nRXHZlatI7rADR2Y/DYy5lb3tpLl0tk53HOi59+NQPb7ljWEGcFmOB12p2VStn579J7/tcccla1ZzpT022VrfhLNhOki/0hhipQfOEgyKcYLVWbZ5P3RsLQHRUllsgvMefyJW2/hLuoYTK/F1QTEmAJZvgmZcaPVQtUrzKLrSOTm/ZN5IdNXJaOQji52yyANEzNjUj9UOOPTJ1n1gtoUr2dYL3/47VtqOw3dkwy4XUuvDwLR+4kIKRp4UFhJlpS3BUxNBirXAOxFqgrSA+b6hc439F0frCxNYPEZiNuomJQVVABwWU9jiOCApWj73lJuxPIt97Q2kBW/XWSiTiOlK5Pb5UcdmQ3jwjiudoq4sR7alaoiBb3obkoXbYNqa1RsypT6WmHgwaI4dN7CaDxgQYsLXBNseU8vWrkeRRYCOVF2BFEeyrXyAogzy5xWWO0iFq0F8xkvUc85sJ1e6f/0aNG3cpfUTqxu1K51tOQoydBeKayiTTKkn8Y4/7UbBw7OQRRCRpjsHwc8+fQyL5TQVc0lSBZLNkLOtFyNxmgIEOI28mZxl4xssvbeFlcpS8vQA8TmEBM+778oq6WF+z3x+wfc7pD2Bel7X3Awne8Zab9JfJARy/WcVUGSJX5pmk5pttqJB4Nxs5iUfv9OyVyTqFjRsCxVP5vHTaIFxllB7+SPx6yd/GLnaHpS+i+7CV4T8pjF+L+9fIPRapyThMxbkHXtKtB1JshYEZ7aFsEa+Dz24qsBRnkCmupNPaOyE+WncCv+ttdkyymdR+QcCBIUY36r1mSufM7otqGZD0Sa1i8DBvr4o1pMKi4YnEDpGVf1n3JkLfA8Jul4Ha12Dn3FHh68+a02cMa7xWC6O3BCYUxR/S4JYI1BTMFmHO3LanLupzmUvVBop8+fewWStkD01rnAWZwJE/Ya7GiF0fbi+iSNvyrAnYpUdBMgeJE9mQ+QiQ8Th6gR5/s8PXUSWtJ2Ot0ZTWYUARJyOmfoenuJOuSEs+rsckwWjiKNYp5KP9PxJp3r1LtI1spIi7yrmOhT4TzhaEPC+ysmekxVeaHL0UiQd/KtvGzAUWAqCNQDaEP47pzRauBRTw8fAsNWgoBPLh7QDZcDdjVtlqq/8A+qOBc=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA6PR08MB10707.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kqDzhDSU8EAjvODD7jD4PYh+0BB3/+hTlvJOJYyzJ+buYawC8ubRHkZ/BZUk4/D2YXYdURDChlH7BxAznxpxFBQkHWJ2byZ3k9hwFu2Sjhkabd1X1386y3JPP1NKiOLpWJgBLPpcugq5m4GSfDtSJtRM15tlVi6MjNHCVNXWbtcdUzCUoh0eYM/lzkuLxKUQbEDJ5Wj/YWVwRd2+Qzca8xpfxiQWCOu8RjQlP4ePdU/RDLIDeJDJGaIvD/YSAgU20t6/2eofVmL1fJV2yW0nJxE1LdcuGWuS9iA+aM1WT8/xSiJph99tLWs+ACU6p4kTwXEPktacFXmtpbGNB3SDm3ogNrHYR39OvMTpJDaYw3X5RoyATDfCFVsLDuc2Qb2wcUVy5g19ZnZ2ja7em+qlMtbzyZswK3qThWpfbV8Y1fgNgThdwKFEgafVEAByf28/1o5l/6y7mgnK4E/pvrS8DC9I9KeXGBls/Du66B+n2P16vyF4ujswwg/b2jXR9Fqb+tWx/SoozzdEGwV3+f/+Db07aWZB92EjvF3AqT6jrWkpnTAM/DKIrMxubL/9hP5wjL7g2Eoeb/PhiwTVgK2NqHNCl+RqOgpgo/qaw1q34l0+olcS+fziHT/tk1XNQrZwnYj54xonRXPvB9jNFevga7SOcgr3gPGRKLashyaGEX/kdvlCWi9U9yljsxmWEshFlJTz+FW21Da9sm6/pr8Jya7qqwrwd4zBntrimREe0eQiAhNo7BJMtTGMudm4f1y7+vtIjvFTybYOus/03h9WzIrcl5Khm1l91u4g9D0IXIIaaF/H39p41Ei1lfMSIY8GIY45MXadZ4xP+s2FP05C/F+kFHo03sew4x53vzSkzEPMm719l1IVKW79xWTPJfaI3koghgt8Au2Z2jUD/r4VBA/0fE8mQEpTTI1UFQZ1aV9m2u80PJUseOSRWM7aICkHI5i+XrVFSxAiqlzM69T1+JhaCNEWcJJX9qlBt5ZCGIUDwokCfYx1HOxRTHKp76JkTYikUqXfbTc/FMU9crS1NSwqk+kT1cqCJGm+E1Sv2jM7wOs5kxMYpKHXPbv7Y4vwxC+IF1FDU40hROXAukdmkSEpec3290UB4mNZehMbUVkieEWJ43jZwyVYAKgr3BEsbt13QLOWvRVRiGlRpxukGwdnkC0+cbSfzOpdzUHkB/GMRFwk6q8IIM87ETewqIPSIEyHFNGaZZ3TCgWC31gQ0O9met1QAdzg90XISAgCfWq2Vy2XVEUXS+R1n7HcKL5wSeQm0h7iczRy+XOKqImM2F4zyX9XDB/dxdV/JBnX1VbDeQ2TThpCVIFx2wRLTU0Shbsrw68UDhJT9DZI3fNdqIZT2tBAXOU2M1TkAVOzg9McgKVaahdJYnQizkrw8cc640Ac1bDtiI3MYk6GpVUmHTP3Gk33c7R91YoB3my7o2U8Udg70ICw3PaZWlKsxqzSRcgrb6ZuHcAvq4Bsp9g6pGSlf8ccdDKyeI78aA5H7zl53ijm1Hn98Fd6UxpSJgAShJmZaUFZNjD/+QJF/KyeCFLtX6JJX/TdmfHxS8ip89I=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: allot.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA6PR08MB10707.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ae6e9f4-1852-4c38-82b0-08ddeaf7b90a
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2025 14:39:43.8225 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 789e5ff8-0396-414e-803b-13a424e9f5d2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EX5TlLcMelZ2NNqaGG/n2YUXBlnxvcUsni8M02mqkbunQK0GvNZvy81cSNlPT21IMCQV7mZYaulE6ZQ+JvM53A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6520
Message-ID-Hash: 5LCVMVH45545CKGTKBYZCFWKIIRWX6NN
X-Message-ID-Hash: 5LCVMVH45545CKGTKBYZCFWKIIRWX6NN
X-MailFrom: ystein@allot.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: I-D Action: draft-ietf-tls-wkech-09.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kCjgKqP8yFfvILu814sQeRWuu8I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Stephan,

Just a few minor nits:

1. Please reference the term "origin" or use the term "HTTP origin" (or even better "web server") at the beginning
     until the context is understood.
2. s/bindng/binding
3. You state that the document uses ECH as an example, but is more general.
     However, this seems to almost be an afterthought (most of the Intro and all section 3 deals with ECH).
     Can you mention another use case in the intro?
4. Now that the sentence containing "where the web server doesn't have write access" is gone
    the sentence describing the ZF needs to be :
    We use the term "zone factory" (ZF) for an entity which can validate service binding data
    and that has write access to the zone file.
5. s/Yakov/Yaakov/ ;)

Y(J)S


Hiya,

We made a bunch of editorial changes after the comments received at IETF-123 with which the commenters seem ok, so the authors would like to ask if the chairs think this is ready for WGLC. (We understand the plan is to park it after that awaiting more implementation experience which is fine.)

There are no outstanding issues or PRs on the git repo. [1]

Cheers,
S.

[1] https://github.com/sftcd/wkesni

This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.

v2.36.0 | Report a Bug | By Email | System Status