Re: [TLS] consensus call: changing cTLS and ECH to standards track

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sat, 23 May 2020 08:04 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA5C03A03FF for <tls@ietfa.amsl.com>; Sat, 23 May 2020 01:04:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=NAlxGe2A; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=NAlxGe2A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFe0c03GQBVs for <tls@ietfa.amsl.com>; Sat, 23 May 2020 01:04:42 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2059.outbound.protection.outlook.com [40.107.22.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3D6F3A0984 for <tls@ietf.org>; Sat, 23 May 2020 01:04:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EkzOratUAQg5SvPgupLfOmrPMlwblmj4Xl/tDp9rf8A=; b=NAlxGe2AbhPmza3WUgZC8rar6CocWxZzotPLCtotvEC98H40Wkq9bfTfdfyigt9ECUWR5Ez6KJjUft5TB0x7gLmmH8qonc0leTdSL/1ca/s8MkTquaslOsQqqlFvtp6PPjIOXhkjXWiPvKoxMCnoOwi2Lz7y45BohbwDAVIS1z8=
Received: from AM6P191CA0027.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8b::40) by DBBPR08MB4554.eurprd08.prod.outlook.com (2603:10a6:10:d1::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.27; Sat, 23 May 2020 08:04:38 +0000
Received: from AM5EUR03FT019.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8b:cafe::fe) by AM6P191CA0027.outlook.office365.com (2603:10a6:209:8b::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Sat, 23 May 2020 08:04:38 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT019.mail.protection.outlook.com (10.152.16.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Sat, 23 May 2020 08:04:37 +0000
Received: ("Tessian outbound b157666c5529:v57"); Sat, 23 May 2020 08:04:37 +0000
X-CR-MTA-TID: 64aa7808
Received: from 730c91426dd7.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1756A0BA-73CF-4E2E-A8C4-B558E90D418E.1; Sat, 23 May 2020 08:04:32 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 730c91426dd7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sat, 23 May 2020 08:04:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Exb51midotBcPZm+wNDsoDaxqgZLVzGMfDemI5IXR0No/1zjyIYhW1PDS5ZC/StIF+OwhTYQDH5iyQ4bxnvX0MpYtsGvLlbGe27+K8clDEORWJRDKS/aVmmndq2WijQ3HwykKuAxiRrFBhFI+EBsLDtWNYPR/JhfuiAYyHptkBjZ3mnohjHtqA1IOyJhqnJQJ4A9M0mFNrS7CTn5FONHOfqqRFbuFFPrPsdNPU/PzBToR59P4nl9bAEKNsgnSilthV+MqorB4g1okVfBxgMsJM5/8lczQeHJ+GXZ/C9nzYMwS3IZnM4X1miUR1yAjqu1U9daKCQZY4rjJUZlwdxNxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EkzOratUAQg5SvPgupLfOmrPMlwblmj4Xl/tDp9rf8A=; b=HqM292begkVbxUT7Tww0wQOKMgwF6rB8GLEC0jZ/XcJL1bio4S0ERcgHmlD9FxZMnRYC25mxBeE2/I+vRrSDc54mH97+Ow0KAWYtT9hLqnn4hMVhzsP3MoVmiN41iXvi3/1SCRDbRZeVgkH5hsjgzENJWoj9XtsVhLYyupDRJag8KZsUjQFZ2l1HnZk5drEGATpjkgEn4yC8ONx2M3lMI4gz0ZzhSvxokmIWWLAdFkJs44bEVJvtbJ/Dcc2Y5ipXM7bz4Os63PxhJc4iYVXmyZGH+ootVYcayV5skUFupLLspHoNRCUwygqIQFzCG7vBfYrIgr+FeSunqFrUivYbzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EkzOratUAQg5SvPgupLfOmrPMlwblmj4Xl/tDp9rf8A=; b=NAlxGe2AbhPmza3WUgZC8rar6CocWxZzotPLCtotvEC98H40Wkq9bfTfdfyigt9ECUWR5Ez6KJjUft5TB0x7gLmmH8qonc0leTdSL/1ca/s8MkTquaslOsQqqlFvtp6PPjIOXhkjXWiPvKoxMCnoOwi2Lz7y45BohbwDAVIS1z8=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4180.eurprd08.prod.outlook.com (2603:10a6:208:12d::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.27; Sat, 23 May 2020 08:04:31 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3021.026; Sat, 23 May 2020 08:04:31 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] consensus call: changing cTLS and ECH to standards track
Thread-Index: AQHWL95JspxD31+ZqkueUE1fx6JM0qi0F6wAgAACAACAATHSYA==
Date: Sat, 23 May 2020 08:04:30 +0000
Message-ID: <AM0PR08MB3716AE635DE41621CADDBBEAFAB50@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <FB85C39F-D4B5-42BC-B28B-B3D3E8CEFB58@sn3rd.com> <450FE9F7-56B4-4824-A791-01B22B641800@akamai.com> <CABcZeBPLiisrxzqc4t2CouzcPg1pz7D5w6kgsNTO7TRjpTrX1A@mail.gmail.com>
In-Reply-To: <CABcZeBPLiisrxzqc4t2CouzcPg1pz7D5w6kgsNTO7TRjpTrX1A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: f209b112-abf4-4a37-8f6d-7bb69cfb7f3c.0
x-checkrecipientchecked: true
Authentication-Results-Original: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [213.162.72.204]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 09f49cc1-6842-4161-13e3-08d7feeff069
x-ms-traffictypediagnostic: AM0PR08MB4180:|DBBPR08MB4554:
X-Microsoft-Antispam-PRVS: <DBBPR08MB455437596D01A266E68E04BDFAB50@DBBPR08MB4554.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:9508;
x-forefront-prvs: 0412A98A59
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 9W8S7R0ein1UOVdVgOU4VLKz7S2cRT5p/tMhmZb1i5P4MSuH1pI/Gi5hJEibMwBTqfPzK3NQMmmOMYKTJBS7cXqGlUo3ye8vMoPAivBUhbgaKTUQHiSpoDAOYNKBzz/FGHCQ2C7RmHbwwZUFZ3yQWAjIaT9jMn1YMHrAsgOQOLJlU6BhsuJZ4BgKk7TTsBtCeseJw82qXiaL4MF9YLT+YK/I5l1aD72Ek36yp0I43/P5cMQn2VIksGro7QNAhZIImVfbCR83lNrW8VUqr9ttcbxKeC/M2Tu3wG3xa0pG0qMI+hsq37rpyhRf8P3jOvNYjuhFaOj/pdTeTk0M+sSHa+LCJ60N75FgaSjDAy1twilRHeCUtNd6BfIgzRCVnf5DxD/dwiSvWneoggp02vYaSg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(366004)(346002)(136003)(39860400002)(76116006)(52536014)(66556008)(66476007)(66446008)(316002)(64756008)(110136005)(86362001)(66946007)(53546011)(9686003)(6506007)(8676002)(7696005)(5660300002)(2906002)(26005)(55016002)(186003)(8936002)(4326008)(966005)(33656002)(478600001)(166002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: LrZ2bDpMSAAR9VtAYfkwxN3j68y/2rdmYN5Wf+W78Vbxtnmmn3l0ZeUr9/tyd4uYsTm29EqdHeL82qxjMRbfETGh0AG9pesNcefVvrJRE5pxkZCAFemFDXQDQHSMicRniv9XMsxO3L7aduLnBbkVU3LGctfyGzmKTNJ14YsEFxQ/saG/vIRX4S6OpvO2s27AHQSjrVBWkkhDRWEz3djvnLtadc0OX9P489uMBJdzVCSObukfNUmjjDBWmarhTu2yL7ClpUDGDjmJ7iJrev+14bxRpEkv43EGDKexaUc9naZTq8sxoJj5rqcHGQpG0l26dT1Un12S9+sgXQtDDPeY2wRgbR/rBm9N0S6PW+nfcfdLTypLckY0vDA45nsFSIUZyY4zEAvtoiynxGnnwUof0A0vf8E3983Xi4ewjvWIFf0zszZv4rK2AH3+CS32BNgP34Bv7PF97zkxC4JjWmzRQTbN3QAybWQ1GyQ+OAotXwYkKa0Xtq+bjtS/tK3mkqOa
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716AE635DE41621CADDBBEAFAB50AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4180
Original-Authentication-Results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(39860400002)(396003)(346002)(46966005)(70586007)(356005)(186003)(316002)(166002)(36906005)(2906002)(4326008)(110136005)(8676002)(8936002)(5660300002)(33656002)(478600001)(33964004)(336012)(82740400003)(81166007)(82310400002)(52536014)(47076004)(6506007)(9686003)(53546011)(70206006)(55016002)(966005)(26005)(7696005)(86362001); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 9b4ad447-a1da-48a1-4d8c-08d7feefec4e
X-Forefront-PRVS: 0412A98A59
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oB9fu6Cxgz443Ujz03vHxlOxoS//Ytx/4AO8ZX6kPKBhKZSROHQCVoICbFDqzJ0H6ZU2kk4kex7JZFiIvXCgIi2CWivgIj+lEEmrkN6gEwkNx85KUJ7auHdxYszhKLQOznfb/xzDMJFFIOtG/vIfD8gTGMK8lLYX/GDSGqploJ5Dj+hF1y2GzWUxgZ+87j51QV4Sx2lxGTFnLTtxTHxaA1wabvXBwBt/x2geKqqdCV72D9r+wZJ7soKSUeJBxQZbaAaCmp3avYUt+l5E1dqrEby02teTq1wjeyGgvXKFKpIPoHkcNgOVtNrMTBoHYftjztkD9TMxbfkhIc5f6+oz3M3vRiVoAn9raKA20yvxqPi0rIIUNdU6LAZjfJ6szi0JvP6V/YkTkPkoz6XillbEtSoPzNeT+vavnPk2wR1pWd0SCO7YrEAU7DoqlDdJwGsRY4D8NoAG38loqkkS23zr0e1HWumfV7ZhAnWpJ9dVeX0YnBs96wrBAN7CfTduLlU2/AMqQn9xuzNJV/cPUSihYy375uwAV7U2GuAfr4iDuEvMEv8jz4gihF63UVcI4iYbca8BoQhqZWolUihveSt5dQ==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2020 08:04:37.9421 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 09f49cc1-6842-4161-13e3-08d7feeff069
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4554
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-tQMyr5vjW9m_iVlATAdTLXYMNY>
Subject: Re: [TLS] consensus call: changing cTLS and ECH to standards track
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2020 08:04:45 -0000

I have started working on the cTLS implementation and will continue doing so together with my co-worker Hanno.

A bit more details:

We have re-based the 1.3 implementation* to the development branch of Mbed TLS and we have refactored the code so that we can put a new messaging layer in place**, which contains formal annotations. Besides the cleaner separation of the handshake layer and the underlying message transmission and record layer handling the refactoring also allows us now to test each handshake message individually. This was not possible previously and one instead had to run through the entire handshake to test a specific message pattern. The new code has made it easier to add the cTLS functionality as well, which is what we are doing right now. Once we are done with the development, the rest of the Mbed TLS team will review the code.

In a nutshell, a bigger restructuring of the codebase and we do the cTLS alongside as well.

Ciao
Hannes

*: For the moment we put the code here: https://github.com/hannestschofenig/mbedtls/tree/tls13-prototype. The plan is to merge it into the mainstream Mbed TLS repo once it is ready.

**: The new messaging layer, called MPS for "Message Processing Stack", can be found here: https://github.com/hanno-arm/mbedtls/tree/mps_implementation. The plan is to incorporate it into https://github.com/hannestschofenig/mbedtls/tree/tls13-prototype.

From: TLS <tls-bounces@ietf.org> On Behalf Of Eric Rescorla
Sent: Friday, May 22, 2020 3:27 PM
To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Cc: TLS List <tls@ietf.org>
Subject: Re: [TLS] consensus call: changing cTLS and ECH to standards track

We have already implemented ECH (old versions) for NSS and are eager to deploy it in Firefox.

We are likely to implement cTLS.

-Ekr


On Fri, May 22, 2020 at 6:20 AM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:
I am reluctant to make CTLS standards-track without a statement from someone that they are likely to implement it.  We already have such a statement from Stephen about OpenSSL for ECH, and I'll add to that.

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.