[TLS] Re: ECH Proxy Mode
A A <tom25519@yandex.com> Wed, 11 September 2024 10:08 UTC
Return-Path: <tom25519@yandex.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B3E9C14F71B for <tls@ietfa.amsl.com>; Wed, 11 Sep 2024 03:08:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.375
X-Spam-Level:
X-Spam-Status: No, score=-1.375 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yandex.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FV5UDQ3_haQQ for <tls@ietfa.amsl.com>; Wed, 11 Sep 2024 03:08:39 -0700 (PDT)
Received: from forward501a.mail.yandex.net (forward501a.mail.yandex.net [178.154.239.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7672C14F695 for <tls@ietf.org>; Wed, 11 Sep 2024 03:08:39 -0700 (PDT)
Received: from mail-nwsmtp-mxback-production-main-99.vla.yp-c.yandex.net (mail-nwsmtp-mxback-production-main-99.vla.yp-c.yandex.net [IPv6:2a02:6b8:c18:51c:0:640:b176:0]) by forward501a.mail.yandex.net (Yandex) with ESMTPS id 3DD2C61B9C; Wed, 11 Sep 2024 13:08:37 +0300 (MSK)
Received: from mail.yandex.com (2a02:6b8:c0d:290a:0:640:89fd:0 [2a02:6b8:c0d:290a:0:640:89fd:0]) by mail-nwsmtp-mxback-production-main-99.vla.yp-c.yandex.net (mxback/Yandex) with HTTPS id V8gQDR2O2mI0-jdrrVQC0; Wed, 11 Sep 2024 13:08:37 +0300
X-Yandex-Fwd: 2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1726049317; bh=C2GAxx3Iqnn3PEvUSM710HwAT1v9IzSZL+8NYTaJMxE=; h=Message-Id:Cc:Subject:In-Reply-To:Date:References:To:From; b=XKkaNFZfBCh65SCOtMYQeH/6oRTaR8jxEzDdI4b3eNfJyIc3I/mLGmLNmLEnXzDff sfjtTc1+owphvRn0zm2ykoqDJ/jBCxwxObH4yJQNG65Esa1RmmBSD584rBnYXXbDxh Fd/V86OeW3g9ml36fZRZqRG5M45OzuUJ+dnnDohw=
Authentication-Results: mail-nwsmtp-mxback-production-main-99.vla.yp-c.yandex.net; dkim=pass header.i=@yandex.com
Received: from ybzyx5bgt3byggqr.iva.yp-c.yandex.net (ybzyx5bgt3byggqr.iva.yp-c.yandex.net [2a02:6b8:c0c:2ba3:0:640:ea02:0]) by mail-nwsmtp-mxback-production-main-38.iva.yp-c.yandex.net (mxback/Yandex) with HTTP id B8g2Kw5OwGk0-iLVaUfPc for <tom25519@yandex.com>; Wed, 11 Sep 2024 13:08:22 +0300
Received: by ybzyx5bgt3byggqr.iva.yp-c.yandex.net with HTTP; Wed, 11 Sep 2024 13:08:22 +0300
From: A A <tom25519@yandex.com>
Envelope-From: tom25519@yandex.com
To: 涛叔 <hi@taoshu.in>
In-Reply-To: <CEAB4C16-F88F-4EDB-A6FC-450F578B45FE@taoshu.in>
References: <03D6DC16-2AFE-41E8-8404-F456D67582EB@taoshu.in> <ME0P282MB5587AFB9A303CE7FABEAF008A39C2@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <C3A1FBAA-CEB9-49FD-A50F-831D86FDECC7@taoshu.in> <ME0P282MB55870395CC2C672C7A607C01A3992@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <7E16914E-3F97-4DB3-8AFD-40898A4DABD0@taoshu.in> <ME0P282MB55871BDDF016659F149743E8A39B2@ME0P282MB5587.AUSP282.PROD.OUTLOOK.COM> <CDD4A0D6-188E-4CC6-B976-F5B4C384C56E@taoshu.in> <82811726047107@mail.yandex.com> <CEAB4C16-F88F-4EDB-A6FC-450F578B45FE@taoshu.in>
MIME-Version: 1.0
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Wed, 11 Sep 2024 18:08:37 +0800
Message-Id: <91121726049071@mail.yandex.com>
Content-Transfer-Encoding: base64
Content-Type: text/html; charset="utf-8"
Message-ID-Hash: SWJNNTXEXTQH3QLFABDFJWWLKH7XEZ6W
X-Message-ID-Hash: SWJNNTXEXTQH3QLFABDFJWWLKH7XEZ6W
X-MailFrom: tom25519@yandex.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS] Re: ECH Proxy Mode
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wmlUNcuXzvHrkcr2oBbVSukgjDA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
According to https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.3" rel="noopener noreferrer nofollow">https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.3A client which receives a legacy_session_id_echo field that does not match whatit sent in the ClientHello MUST abort the handshake with an "illegal_parameter" alert.So we can't use the legacy_session_id_echo of SH.On Sep 11, 2024, at 17:35, A A <tom25519@yandex.com> wrote:I don't think need to use random, we can use Session ID, which is deprecated since TLS 1.3. Random is used to derive master key, AFAIK.
- [TLS] ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode Christopher Patton
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode Raghu Saxena
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode A A
- [TLS] Re: ECH Proxy Mode 涛叔
- [TLS] Re: ECH Proxy Mode A A
- [TLS] Re: ECH Proxy Mode A A