[TLS] ECH: What changed?
So IETF 118 it appears that the TLS ECH draft is headed for WGLC. What changed since at IETF 117 it wasn’t ready and we needed more “something”. (I asked if we had measurable criteria and we did not.) ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Adoption call for Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3
On Monday, 6 November 2023 18:25:20 CET, Joseph Salowey wrote: At the TLS meeting at IETF 118 there was significant support for the draft Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3 (https://datatracker.ietf.org/doc/draft-davidben-tls13-pkcs1/01/) This call is to confirm this on the list. Please indicate if you support the adoption of this draft and are willing to review and contribute text. If you do not support adoption of this draft please indicate why. This call will close on November 27, 2023. I don't like that it looks like we have to do it, but I'm not surprised that we need to do it... (put it down as "not opposed") If adopted, I'll definitely take a look on it from the perspective of testing, and including the test coverage in tlsfuzzer -- Regards, Hubert Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] ECH: What changed?
Hi Rich, During 117, both Firefox and Chrome were just starting to roll out ECH to release users and we had no sense of how it would go and I at least didn't feel we should progress without some deployment experience. These roll outs finished a few weeks later, see e.g [1,2] and went fairly smoothly, and today its deployed at 100% in both Firefox and Chrome, with ECH GREASEing enabled as well. Best, Dennis [1] https://blog.mozilla.org/en/products/firefox/encrypted-hello/ [2] https://chromestatus.com/feature/6196703843581952 On 14/11/2023 15:02, Salz, Rich wrote: So IETF 118 it appears that the TLS ECH draft is headed for WGLC. What changed since at IETF 117 it wasn’t ready and we needed more “something”. (I asked if we had measurable criteria and we did not.) ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] ECH: What changed?
Interesting how the browsers have already rolled it out, but no major website (afaik) has. Even Cloudflare had to rollback their beta due to some issues[0]. Are there any websites (not test ones like defo.ie) that actually support ECH? Regards, Raghu [0] https://community.cloudflare.com/t/early-hints-and-encrypted-client-hello-ech-are-currently-disabled-globally/567730 On 11/14/23 23:57, Dennis Jackson wrote: Hi Rich, During 117, both Firefox and Chrome were just starting to roll out ECH to release users and we had no sense of how it would go and I at least didn't feel we should progress without some deployment experience. These roll outs finished a few weeks later, see e.g [1,2] and went fairly smoothly, and today its deployed at 100% in both Firefox and Chrome, with ECH GREASEing enabled as well. Best, Dennis [1] https://blog.mozilla.org/en/products/firefox/encrypted-hello/ [2] https://chromestatus.com/feature/6196703843581952 OpenPGP_0xA1E21ED06A67D28A.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] ECH: What changed?
Hiya, On 15/11/2023 02:09, Raghu Saxena wrote: Interesting how the browsers have already rolled it out, but no major website (afaik) has. Even Cloudflare had to rollback their beta due to some issues[0]. Are there any websites (not test ones like defo.ie) that actually support ECH? defo.ie is indeed a test site, but if anyone has an interest in doing any larger scale web-site trials of ECH, please do ping me. (That's probably off-topic for the TLS wg list, so off-list is better.) We'd (the people behind defo.ie) be happy to chat about what might be doable, and to offer what help we can. That said, it'll take a while before web server ECH code is upstreamed and can be easily switched on, so we'll need yet more patience;-) Cheers, S. Regards, Raghu [0] https://community.cloudflare.com/t/early-hints-and-encrypted-client-hello-ech-are-currently-disabled-globally/567730 On 11/14/23 23:57, Dennis Jackson wrote: Hi Rich, During 117, both Firefox and Chrome were just starting to roll out ECH to release users and we had no sense of how it would go and I at least didn't feel we should progress without some deployment experience. These roll outs finished a few weeks later, see e.g [1,2] and went fairly smoothly, and today its deployed at 100% in both Firefox and Chrome, with ECH GREASEing enabled as well. Best, Dennis [1] https://blog.mozilla.org/en/products/firefox/encrypted-hello/ [2] https://chromestatus.com/feature/6196703843581952 ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls OpenPGP_0xE4D8E9F997A833DD.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
