IETF Logo Mail Archive

[TLS] ECH-13 HRR Signal Derivation

Dennis Jackson <ietf@dennis-jackson.uk> Thu, 02 September 2021 08:42 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC1553A08B0 for <tls@ietfa.amsl.com>; Thu, 2 Sep 2021 01:42:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNzd8hnK8BEb for <tls@ietfa.amsl.com>; Thu, 2 Sep 2021 01:42:39 -0700 (PDT)
Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [IPv6:2001:67c:2050::465:103]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9CC33A08AF for <tls@ietf.org>; Thu, 2 Sep 2021 01:42:38 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4H0ZDp1QqVzQjtt for <tls@ietf.org>; Thu, 2 Sep 2021 10:42:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1630572152; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type; bh=f8QD8QEDjs5RXmsXrPEazptSX0o/Uivsp5tcPHpBXZM=; b=ML0LJ8xBHvYlk60BN5unMEbbFt5Pk80fNk/95OCrh0EY46G5B7Mu+DX3yMZ5G/00XvnyVN wAXiNalhkFSQNwJdGyzS2ZtI9fILLtHCzrm7w8wxUD31Fyv1JPk4GLX41yBJ9bANkVi0tx osniSRl1zMqsM1WM2y/6VVYIU4is8Bqzzk2o87Of7hOvYa0CLQGh8kL8i9pCHD+ez5UY2t JFN3A9atH0KmYCXrVWXt/92ueMtWA/yizeuexG25l2cJng0nNjubYRJ1uYBTRegGtqbtNo TjF5kvvltXMvCJG0lh4hLPywzEsTYAb0xdx4+c2GfqLuDmCuEzw/tpW2QZENRw==
Content-Type: multipart/alternative; boundary="------------0kbbXykekCz9uQyRv3t04Ikb"
Message-ID: <e3fa78bd-3714-b676-c9cc-526274b15453@dennis-jackson.uk>
Date: Thu, 02 Sep 2021 09:42:24 +0100
MIME-Version: 1.0
From: Dennis Jackson <ietf@dennis-jackson.uk>
Reply-To: ietf@dennis-jackson.uk
To: "tls@ietf.org" <tls@ietf.org>
X-Rspamd-Queue-Id: 39C7B1847
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/x2GG4bKc5uTCrTxXZDE3LzFoNbU>
Subject: [TLS] ECH-13 HRR Signal Derivation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Sep 2021 08:42:45 -0000

I have two questions about the transcript for the confirmation signal 
<https://www.ietf.org/archive/id/draft-ietf-tls-esni-13.html#name-sending-helloretryrequest-2> 
for HelloRetryRequests in ECH Draft 13:

1. Should ClientHelloInner1 be replaced with a message_hash message as 
in TLS?

2. Is the entire HelloRetryRequest (with overwritten placeholder value) 
included in the transcript or is the HRR only included up to the end of 
the placeholder value?

I had assumed 1. yes and 2. the entire HRR, but an off-list conversation 
left me unsure.

Best,
Dennis

v2.23.0 | Report a Bug | By Email