Hiya,
This is a "just wondering" type email...
On 26/10/2022 23:32, Martin Thomson wrote:
harder part: getting people interested in deploying a fix.
If ECH+PQ-hybrid turns out to be problematic (size-wise) and
PQ-hybrid by itself increases occurrences of HRR, and if ECH
is generally desirabl
On Thu, Oct 27, 2022, at 09:23, Martin Thomson wrote:
> On Thu, Oct 27, 2022, at 00:01, Ilari Liusvaara wrote:
>> Idea
>
> We're not short on ideas (your idea is not new). We're short on the
> willingness to implement and deploy them.
I should apologize here. Ilari's idea is - I think - a relat
On Thu, Oct 27, 2022, at 00:01, Ilari Liusvaara wrote:
> Idea
We're not short on ideas (your idea is not new). We're short on the
willingness to implement and deploy them.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
>
> OK, that's more than I expected, although I kind of wonder what
> combinations are doing this.
>
It varies a bit over time, but today most were caused by a certain client
sending a P-384 keyshare while also announcing support for P-256.
On the other hand, most clients today send x25519 key s
On Tue, Oct 25, 2022 at 02:57:47PM +1100, Martin Thomson wrote:
>
> Removing HRR might be possible if we look at putting more stuff in
> DNS or something along those lines, but that would require a bunch
> of care and preparation. That's effort that - at least to me -
> might be better spent els
On Tue, Oct 25, 2022 at 3:43 AM Bas Westerbaan wrote:
>
> 1% of Cloudflare's TLS 1.3 handshakes today used an HRR.
>
...
> For those reasons I think it's a bit early to consider retiring HRR.
>
OK, that's more than I expected, although I kind of wonder what
combinations are doing this.
But, d
On 10/25/22 06:30, Rob Sayre wrote:
That's ok. I noticed that no one seems to test it very well. That's why
I raised the possibility of deletion.
I don't think anyone actually uses it, but Stephen's request for data is
probably the way to go.
Hi,
HRR is used as well to the cookie retur
On Tue, Oct 25, 2022 at 6:30 AM Rob Sayre wrote:
> I don't think anyone actually uses it,
>
1% of Cloudflare's TLS 1.3 handshakes today used an HRR.
I hope a de facto PQ kex will emerge — the old strategy of just sending
multiple keyshares is more expensive with large PQ public keys (~1kB). We
On Mon, Oct 24, 2022 at 8:58 PM Martin Thomson wrote:
>
> Removing HRR might be possible...
That's ok. I noticed that no one seems to test it very well. That's why I
raised the possibility of deletion.
I don't think anyone actually uses it, but Stephen's request for data is
probably the way to
