IETF Logo Mail Archive

[TLS] updated PEM file format draft for ECH key pairs

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 20 November 2021 02:37 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 637A43A09E7 for <tls@ietfa.amsl.com>; Fri, 19 Nov 2021 18:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9VN-eARjwYe for <tls@ietfa.amsl.com>; Fri, 19 Nov 2021 18:37:51 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20093.outbound.protection.outlook.com [40.107.2.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BEF83A09E5 for <tls@ietf.org>; Fri, 19 Nov 2021 18:37:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ksoZm/ntiuP+tIudgzRI47OWIDGJhQQN0r69/dATrZMu990L+3bjVTCPOO8cwsbc91mseuJqToOn6Q5Mt/CD/NLw9NRb61/f8KQM0N75fE05xXvo8MqN3iCawuuw4JNno5PLIpj7ty8b6j1wGIOn9CPHCMFiCOwZl5hSx2iTwjaNCRlZu34waAsEKEVLydbZFHLtob6CCjknxCWef9PBBRF/SHZtgEmTuiSFdvAaIaCmRCFbvDAAe/fa+sHZMR6AMgz+teN25bFeom1tTh59iBsxFadEMaSumpOPPF6gHns+LVNuA6ntLaO8IDtlfJK9RUC9JtE+SsVE3KIIuZbeKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tjoUdRaiWE8ohf7yi26jdgQygEpw/9k3kYpCciLpIo0=; b=HmHD/LUZy7a+hndv0Sjvypx97sbIKmqfm3yL7VzK7EsE/kIzs7jFoYaJ+JHpwJzpgB+VZXWc/niwG/ReXz+yJmdVfOJ2HxplO+nZbT2bMGCW09TQWovmILS9E9R+SQc5ASnup2Dxws7WY/ka3kDeJJI6ky7OfcOGajVAGW6q7OTjkYf6mNqmDApXRTPFX8mFxI6vDn/Dx8NXuCBzvnpVImDmdgYCb0w9DLUwiQ45iV3/Hp9/PufSXE1CtdYyJT1iyan7QiddrtAXsTWJFInBd70Tu0JJ3d2e1ityNesHS+53t48OkGJxduB67YHWO6fbaI1211XWwyo+J/PiZvw7cA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tjoUdRaiWE8ohf7yi26jdgQygEpw/9k3kYpCciLpIo0=; b=Ble0d/WEHQk8VQB3EOjLJ1oGnGOmAEfYfBbHz71C/tlXXG1K4fzwNP/wf+9GMuStzD8EwuO90/pvjoeU/0GN4A2+PcA2y993qJPpMahG3F6z8Yh8Gtar3w/8Ol4dP0dZ1FHLpJxIRcLDyT2o4h1yuUSiltPh3MRV4sNIGEo0NcVcQECB11sdkIf5jw/LWVxQ/hqFGxXu5hcJtEIlhhb54WXqLUeQ78j72Cm5G/Fpmuf1/eLcHu7E47t9EJ4j00c8YH4if694Y3jw0YWMy5PGEZrhdKqbo92z6ewGs/ANiMLq1IV54dFZVCoomyQ/Mx7hflYSo8gQNReQLyXd+9rJjw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB3PR0202MB3273.eurprd02.prod.outlook.com (2603:10a6:8:2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26; Sat, 20 Nov 2021 02:37:46 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::a85c:e144:6533:99ea]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::a85c:e144:6533:99ea%4]) with mapi id 15.20.4713.022; Sat, 20 Nov 2021 02:37:46 +0000
Message-ID: <1358e3ab-13dc-1a70-b919-fdb8cbd1c10a@cs.tcd.ie>
Date: Sat, 20 Nov 2021 02:37:45 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1
Content-Language: en-US
To: "tls@ietf.org" <tls@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------2JVBxSQe0IsjvtzAbdk58cD0"
X-ClientProxiedBy: DB6PR0301CA0061.eurprd03.prod.outlook.com (2603:10a6:4:54::29) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.119] (95.45.153.252) by DB6PR0301CA0061.eurprd03.prod.outlook.com (2603:10a6:4:54::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.21 via Frontend Transport; Sat, 20 Nov 2021 02:37:46 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1f9c21c4-7bda-4f6c-be45-08d9abcebc97
X-MS-TrafficTypeDiagnostic: DB3PR0202MB3273:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB3PR0202MB32730B844345DFB001DCC9C4A89D9@DB3PR0202MB3273.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1303;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0kpeF+9geXEAGWPfdfZ/99WLbS8Tjmmvk6V9mpSw+/yIsRvSXWd1dHv0hI3ABgyBdEQ0ekBi8yQgV0tN8JRol8NMWAeX/KShWNq9HF2hOEqvF6cWRP+YVbBRJ6avxDsr4OKzq5KOmw8KL9nZ1ItmdsUk7e+V2wmy2al0gnoM/UuAzoZfQiKKJ1rdv59bNm43/om4XWdpdf5gOL9l+FdpKE+Jg2m4oe50xH9YqrFk86WrBMPGM8JyOqNXcnfXO7BielZQam6tzCNVFHLG/EMYyTdSSlUsqu2ZUklaMtqJSideVaUcnecYAFmaOVTdzoTeatlIvRhN1v3MdH/WTZ+HzAcR2uyQRCFyVAFlUtXvv2GOzHHKqlHo59CXWfIBupzsv4nvW17+WUsVVSHMZJyScZCu+xJuUWjBxqDvFpT1ukXioIqHPw8b/l87GdR8xbQkmrCd8fFt3PYGXSJ+Ocd3xnYcCakN7EPtj8DJS+0a5x1Id/IfQKNenxcmTU8KzVT4aCxEgSJ6k1YtYBFjFX3pn/yANyLEgDK97mDOmftxDhxQU+KlvlLJ917Kla33AIfgvKq3p9dnxJ5hKaN2Ivdev86ROx2BnkJ/p+SfhauRk+TZ9xe7TiZc7w3qgueX4SW6HVw1jSXevjCnwjr3fvVTS2dMcvcEyAJHJkb6Z4xcrJ/jJ8jQfeLwimugAk8w9p2yRE7rfR/3WxQjfCMvYck4wsQgQAsy18LNjYdrmt+KLJLiCyFUv73PFvHKv4KrGUsv5EAzHqUB/S8EA5PNMZT0DjRkC9lbEAJ6gkkEGH6YW9nWEoUBneBQLw/YN8Qsog6t
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(44832011)(66556008)(66946007)(966005)(8676002)(38100700002)(2906002)(33964004)(66476007)(956004)(2616005)(31686004)(15650500001)(235185007)(26005)(5660300002)(86362001)(186003)(316002)(6486002)(21480400003)(36756003)(16576012)(8936002)(31696002)(83380400001)(508600001)(786003)(6916009)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: zqr/XzlC7ZuPsOvCYYrs4hqlYW4SoxRa2Kk8jYN+6Pg7gznm4wZdmOROPoM1f0YRdMRMtK+3zGrEIBmc/EV3SrjyEUCjeWMgErMGBNNiYY6Zovr7tTnmXE/9JI7iYiNyezdzzqwxCIO2/cTBKsR9R3U4nRJtl3u0zE3H/EJ4LPRZxG1pUXUnxVrOHvMCFMWNW49xYkOzoKWyQFcCxHnuZ4Vfv6IIgSiNCue0WpsxYYytpw3s310uXDK+hK/ED84RyiNQb2iZEfKR8215bnqaKRHucrxsRkl/Zt81rx9H9VHYIrOs6OhQlP8F7eMSGJ3BHczg4ZZyUC5b+Y7E099Y/nmoDe3ewMjBZOH2i6l1pQkAGKiyBc5z5yJSlDdgJhI5lvX+E2MMaTDRyteXBQBLDHcbtydDeR2cGGeLb6evhbagbOQK54LzWGP+TrK0ixHh8SyKUCUoL9d1P0/apmY/dke/vZs5QlvJ0XNKJ3068LvpnraqzyiLFDauE3xXDMaTr77HI9TerkQ+CSbMA1XHzkzTrA2+e1qa99EGCzTGVXYuOP+Pk6WbAOIgbnHHoL7ScE0/Ltk2N5S8DbKMe3YT4mquEa416yR6PkHHt8JVRoB3Ahi5FA2GTzUelnHCTZbbDWR8phFoW3AC5pvfDa3lC8tCmyQ6AqhhuIrTe9esbmEqu/tFJiE63CqDpU1gv93m4YW/KbZkDA2o/p9M2Xhu64auDxk8xe4WqrZ0tJakTVhIU9SKFOy+GKYePA0zxZVedGsjqQeT3KWVCQbBRoqCqaOQog0FVmre/t1oYAN10beo06WqesnrpDSYSXZESEL16rY/eSSKkEvnoz7mp648ORIww2YIymOK6zTD2ND4rBjR2OvRiwszpR7ZxX7LNgh9jd7I/ro/HMvFRm/tZAe59WywRAM1NYq3OQVxTtThqcny6J87mMoyanIYoOgtvrFjaS5pFOFrHgRV+WdsjvSxf+xVo98soPQx032Z04Uwlvx+dv3wry/6oAPRHsg2HiW/Dgz+03EgZgkiLPmh1xFFru3fRiE+HlfYkTCeOT8noJ3F0xekzex/FI7d8bDNWT3XwgriRtbprq5ef1en+gD0+Fh1kUs2KKsuIR7Rx4dYkWsF0aBIYk1vxcLXBOPo/wszXeGJM8RK2Ypcuv+ulGcZpQLtqay8oa23SQKVZHgg1C/ML6qeiRqxknM8MBJVMW4SUDKQBiMYi8pZsg36SxgTWkxZ2Y5Y/2TKO4dEQXXvJiXVdVEcap/iZzLfZ2QLXq1gwVvOrp2w9A2R+Y1dRNhlD0Fj9veJfaPZfyXaklPnn2hj4FQ6Ox61vih4SETZv9WBiXqUL9XdCpxOtB4k1ccV6IAIqqJ7TKp9djL6J00JcTZUNvRnx7ZTisGnoRqV8URVhSpIgPGmT6dJ/MyVKShCz/DY+wcYminCmqrxqEB9XB2Id+0XEKuSV/9StVHJ6iEtdx5OSRyJFFa1aAnEAoNh49RDuED+5jhPwofK9WK0tu1u31jp425iHu/geRmJVaowkWwk1Fhe+Qv2icaWzC5ZVNo+p4/FPb1Omdr7dF2c/tk=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f9c21c4-7bda-4f6c-be45-08d9abcebc97
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2021 02:37:46.6778 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 40fCXWJkT5deVQMeOe9t44e0XsMRKD5s+3eZ553ChclUA9KJQ5+BGMO4MQfnEjiI
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0202MB3273
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/smurZlfVqAF7Lm0J-hAAskV-CoE>
Subject: [TLS] updated PEM file format draft for ECH key pairs
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Nov 2021 02:37:58 -0000

Hiya,

As discussed at IETF112, I've updated the PEM file format
draft for ECH. [1] Happy to take comments via mail or via
that github thing:-)

As and when the chairs think it's a good time to consider
adoption, or incorporation into the ECH draft, or sending
this somewhere else, I guess we can have that discussion.

This format is supported by my OpenSSL fork [2] which has
CLI tooling for making/consuming these and can be ingested
by the various TLS servers (lighttpd, apache, nginx and
haproxy) with which I've integrated that ECH-enabled build.
(There're pointers to forks for those servers at [3].)

I'll work on the well known url draft in the next while.
It likely needs a bit more work than simple substitution.

Cheers,
S.

[1] https://datatracker.ietf.org/doc/draft-farrell-tls-pemesni/
[2] https://github.com/sftcd/openssl/tree/ECH-draft-13a
[3] https://defo.ie/

v2.23.0 | Report a Bug | By Email