Dear, list,
Sorry for sending this past the last call.
Few comments on the draft, which are:
- On Section 1:
"For clarity, we will refer to the certificate issued by the CA as a
"certificate", or "delegation certificate", and the one issued by the
operator as a "delegated credential" or "DC"."
Dear list,
Two of my colleagues, Morten Marstrander and Matteo Malvica, just published a
bit of research on using the SNI field to bypass middleboxes for TLS inspection
/ filtering. They’ve made a nice writeup and PoC (linked below), which also
gives some insight into how these solutions are co
From: Benjamin Kaduk
Sent: 11 August 2020 18:06
On Wed, Aug 05, 2020 at 10:30:39AM +, tom petch wrote:
> From: TLS on behalf of Christopher Wood
>
> Sent: 04 August 2020 19:16
>
> The official minutes are now up:
>
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ie
Kathleen
I have some thoughts below on RFC5953 and RFC6353 which I cannot find in
deprecate but thought that I would.
Tom Petch
From: TLS on behalf of tom petch
Sent: 13 August 2020 12:33
To: Benjamin Kaduk
Cc: TLS Chairs; TLS@ietf.org
Subject: Re: [TLS
On Fri, Aug 07, 2020 at 05:56:30PM -0600, David Fifield wrote:
> Most of the functions of the Great Firewall work bidirectionally, and
> the ESNI detection and blocking are no exception. Sending an
> ESNI-containing ClientHello from *outside* of China to a server
> *inside* results in temporary blo
Hi Kathleen,
Also inline.
On Wed, Aug 12, 2020 at 04:29:56PM -0400, Kathleen Moriarty wrote:
> Hi Ben,
>
> Thanks for your review. Some initial responses are inline.
>
> On Sun, Jul 26, 2020 at 5:22 PM Benjamin Kaduk wrote:
>
> > Thanks for putting together the -06 based on my preliminary co
Hi all,
In discussing ECH (draft-ietf-tls-esni) with some QUIC folks, we identified
some places where the extension would not easily apply to QUIC unmodified.
One of them is ECH’s integration of handshake information (anonymity set of
certificates, etc.) with TLS record-level padding. Since QUIC b
Weird. Thanks for the update. How are you confirming that it's blocked from
inside-out?
> On Aug 13, 2020, at 10:30 AM, David Fifield wrote:
>
> On Fri, Aug 07, 2020 at 05:56:30PM -0600, David Fifield wrote:
>> Most of the functions of the Great Firewall work bidirectionally, and
>> the ESNI
On Thu, Aug 13, 2020 at 01:04:48PM -0700, Carrick Bartle wrote:
> Weird. Thanks for the update. How are you confirming that it's blocked from
> inside-out?
I couldn't test it myself, so I am relying on the reports of colleagues
in China. GFW Report is able to test directly from China.
Measuremen
Hi list,
Some of you might have noticed a barrage of issues filed recently against
draft-ietf-tls-esni on GitHub. These are all relatively minor, but
resolving some of them may require changes for the next draft, so I wanted
to summarize them here. These were flagged while Chris Wood and I were
wo
10 matches
Mail list logo
