I am not very familiar with IETF working group practices, however it
strikes me as surely unusual to have a document enter Last Call
(supposedly believed by its owners to be ready for publication) and yet
immediately then be revised showing it was in fact not ready at all.
However this seems to be
The chairs would like to have an interim to resolve the remaining open
issues for ECH. Since we need 2 weeks notice we are targeting the week of
September first. Please fill out the following with your available times
if you are interested in attending:
https://doodle.com/poll/wa4633uafmvdr9hv
Hi list,
In the current ECH specification (draft-ietf-tls-esni-07), the server
provides no indication of whether the inner or outer ClientHello (CH) was
used. This means the client must do trial decryption to make this
determination, which creates implementation complexity and potentially
raises s
HPKE recently removed the Hash() interface from the KDF, which means we need to
either (a) change how the config_digest (formerly record_digest) is computed,
or (b) constrain ECH to HKDF-based HPKE ciphersuites. This PR takes approach
(b):
https://github.com/tlswg/draft-ietf-tls-esni/pull/27
Ben Schwartz found some problems and edge cases with the current ECH padding
policy text [1]. This PR proposes a fix:
https://github.com/tlswg/draft-ietf-tls-esni/pull/268
Please have a look and provide feedback.
Thanks,
Chris
[1] https://github.com/tlswg/draft-ietf-tls-esni/issues/252
__
Thanks for writing this up! We've been pondering this subject as well, as
part of identifying places where ECH and QUIC interact interestingly. (The
other being the padding issue in
https://github.com/tlswg/draft-ietf-tls-esni/issues/264.)
As with the padding issue, QUIC replaces the record layer,
On Tue, Aug 18, 2020, at 07:09, Christopher Wood wrote:
> HPKE recently removed the Hash() interface from the KDF, which means we
> need to either (a) change how the config_digest (formerly
> record_digest) is computed, or (b) constrain ECH to HKDF-based HPKE
> ciphersuites. This PR takes approa
Hi Martin,
> Or maybe just running the HPKE KDF with a fixed input.
Do you mean something like this? Let `config_digest = KDF.extract("some
salt", "some label", config)`, where `config` is the ECH configuration?
Unless I've missed something critical, you don't need any sort of preimage
> resist
On Tue, Aug 18, 2020, at 07:55, Christopher Patton wrote:
> Hi Martin,
>
> > Or maybe just running the HPKE KDF with a fixed input.
> Do you mean something like this? Let `config_digest = KDF.extract("some
> salt", "some label", config)`, where `config` is the ECH configuration?
Sure. I wo
Just to be clear, you're proposing something like this? Referring to the
KDF API called for in draft-irtf-cfrg-hpke-05:
config_digest = Expand(PRK=Extract("some_salt", "some_label", IKM=config),
"some_info", 16)
It's maybe more hashing than necessary, but I'd be good with this.
Chris P.
_
On Mon, Aug 17, 2020, at 3:30 PM, Martin Thomson wrote:
>
>
> On Tue, Aug 18, 2020, at 07:55, Christopher Patton wrote:
> > Hi Martin,
> >
> > > Or maybe just running the HPKE KDF with a fixed input.
> > Do you mean something like this? Let `config_digest = KDF.extract("some
> > salt", "some
On Tue, Aug 18, 2020, at 09:04, Christopher Patton wrote:
> Just to be clear, you're proposing something like this? Referring to
> the KDF API called for in draft-irtf-cfrg-hpke-05:
>
> config_digest = Expand(PRK=Extract("some_salt", "some_label",
> IKM=config), "some_info", 16)
> It's maybe
I worked out this suggestion into a PR:
https://github.com/tlswg/draft-ietf-tls-esni/pull/276
Please have a look!
Chris P.
On Mon, Aug 17, 2020 at 4:28 PM Martin Thomson wrote:
>
>
> On Tue, Aug 18, 2020, at 09:04, Christopher Patton wrote:
> > Just to be clear, you're proposing something like
Dear Nick and list,
The PR is here now: https://github.com/tlswg/tls-subcerts/pull/79
Looking forward to been submitted to WGLC#2.
Thanks!
--
Sofía Celi
@claucece
http://claucece.github.io/
Cryptographic research and implementation at many places, but mainly at
Cloudflare
FAB9 3EDC 7CDD 1198 DC
14 matches
Mail list logo
