IETF Logo Mail Archive

Re: [TLS] Artart early review of draft-ietf-tls-wkech-04

Martin Thomson <mt@lowentropy.net> Tue, 02 April 2024 23:07 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD67EC14F61E; Tue, 2 Apr 2024 16:07:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="c0bgtj9A"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="BBhSBJKf"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acqUPP89dd0l; Tue, 2 Apr 2024 16:07:12 -0700 (PDT)
Received: from fhigh4-smtp.messagingengine.com (fhigh4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95BDAC14EB19; Tue, 2 Apr 2024 16:06:48 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 73F8711400CE; Tue, 2 Apr 2024 19:06:42 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Tue, 02 Apr 2024 19:06:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1712099202; x= 1712185602; bh=9HLnJVPtg8oJdcaNcTxF6ouSkGyctbX7PYyJwv+rqrE=; b=c 0bgtj9Aln0x3854HwNteJWivBpjWWEAU2cPfUOb/XwqtW7NqBJLxytiTMks9x4+m 8OWEjflZK6qBBNbrhFuSGPEdwSwnE9wYsWU1YZxa+DwQQDZwQH5O4fueQQ/liV73 OYA3SodMuZarEM5NH7Ld/eauYUl9wBEG8+uw1KLybo8JKTGKGDKk25qz8LmTPMOt 385aS00gi+lwREKP5NLMV0rFuZAOx3n70vlY/FLlPMUTBxYsW2DZUQFNxADsomT0 TuNqn/OCJ1zcWulTqUOx9/1sMu6fQp23UbOzNNKbBUvGyaIBFs+lngraXBVJLElI PwJWGAAjBQuEsLWcj9w8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1712099202; x=1712185602; bh=9HLnJVPtg8oJdcaNcTxF6ouSkGyc tbX7PYyJwv+rqrE=; b=BBhSBJKfR14YDy3NEjjTVBG4oJgz+Nk27hs55MRrTYBm hoNLnGbgpDGCZ4Rfr7AWb7OF1DQGDEBdqnUz4OM0QxqbBzmsf/mH9QVZeJKpjhny cY3FRKKHngYkF8bZgN2jxZpKZRbka7vmqx/h8+HTgbBmdVcSSXP5J7vn/48fClNR F7x3YnR0W83KMx8DE3RaJQp7LzS2XfdATaC26iafVCCYmd36frBq2qST5PbiAz1h s9QBmbwLZRDccSZoixj/1/sPktzy4GW1Sy3EE8RoeukS3JB2F8cLteP6m02OfK0I vDXp/fUhqQLklfWu3DO1ay6znYpMdc78c33GH9fRIA==
X-ME-Sender: <xms:gY8MZlgn-4lP5Ab_4by6p0DYn567S5WfizTbnyfGFhJxATrj6fWrYQ> <xme:gY8MZqDsXkJMAgUoj65Tp6PANERu46fq5-oxseDomTRQWeSZE_tMBhuNE4ZNZPXoW jp0tz76AyrA5mrSHt0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeffedgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeduleeufedthfegieeiieekkeejvdejgfevudffgeefvdffleev feekudeiieekleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:gY8MZlHY4mWM50H7YICU-mPPHVIX8OOzSVvuwTPzV35QfFhABj3QAA> <xmx:gY8MZqRMfh0-6puGXTfRdGNdLrUB7fZzZ3iu7hZgB4_liEQcLe8YWg> <xmx:gY8MZiy-FSPAeKZKczamR5s6rZJ1RdiDBv7y2IDdlc70h27SCF0HGQ> <xmx:gY8MZg4dlHKN6giuKmFtC2QkO1O_Arebnl02YasmB_Bu2b0owv3sYA> <xmx:go8MZsum57E_fSQ-gfFJOuz5VTIwUvh-kNBS533tOWWzvgmsGWE7AQlc>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CB0B62340081; Tue, 2 Apr 2024 19:06:41 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-333-gbfea15422e-fm-20240327.001-gbfea1542
MIME-Version: 1.0
Message-Id: <4efcc344-8e64-4699-bab8-c8c723596016@betaapp.fastmail.com>
In-Reply-To: <67f31aff-e4ef-48aa-8b88-11d92bd733ec@cs.tcd.ie>
References: <171201483192.38704.16487013536788858054@ietfa.amsl.com> <67f31aff-e4ef-48aa-8b88-11d92bd733ec@cs.tcd.ie>
Date: Wed, 03 Apr 2024 10:06:21 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, art@ietf.org
Cc: draft-ietf-tls-wkech.all@ietf.org, tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v1mugLoNkE8qcHYsahwFOuT6FG4>
Subject: Re: [TLS] Artart early review of draft-ietf-tls-wkech-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 23:07:17 -0000

Short inline comments.

On Tue, Apr 2, 2024, at 23:24, Stephen Farrell wrote:
> [...]
> I'm not really sure how to interpret the above tbh. Was that intended
> as a summary of the draft or as a synopsis of the problem space?

That's my sketch of what I think the draft should be doing.  I don't know if it truly does that, for the reasons stated elsewhere.

> Happy to document the validation more, but the basic idea is that the
> ZF checks ECH works, and if it does, then the ZF is ok to re-publish.
> If anyone has ideas on other kinds of checks that'd be sensible, be
> happy to consider incorporating those.

>From my perspective, I'm looking to understand first what the ZK is expected to be responsible for, at the layer you describe here.  Then I would also like to see a description of how it might achieve that more concretely.  You get most of the way there, I think, but it needs to be a bit more thorough.


>> Titles are not sentences.  Lose the period.
>
> Where? (Sorry, not sure, but the RFC editor will fix anyway
> so no worries.)

The title of the document.

> Given all the above, it's probably fine if you wait 'till there's a
> -05 done before we chat more, (assuming you have time), but happy to
> discuss via email in the meantime too of course.

I look forward to it.

v2.23.0 | Report a Bug | By Email