This draft looks really good. I just have two questions of clarification. I am not sure that I understand the point made in appendix B, Total Client Hello Encryption. The text in that appendix explains that "The design described here only provides encryption for the SNI, but not for other extensions, such as ALPN." This seems to contradict the design description in the introduction, "The design in this document introduces a new extension, called Encrypted Client Hello (ECH), which allows clients to encrypt the entirety of their ClientHello to a supporting server." Am I correct to assume that the text in appendix B is a leftover from the previous version of the draft?
I am also not sure on how we could implement the "Optional Record Digests and Trial Decryption" methods described in section 10.3. The syntax description in section 5 specifies the record digest as "opaque record_digest<0..2^16-1>", and defines that field as containing "A cryptographic hash of the ECHConfig structure from which the ECH key was obtained". Would it be correct to implement the "optional record digest" method by just encoding a zero length field? -- Christian Huitema On 6/1/2020 12:41 PM, internet-dra...@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Transport Layer Security WG of the IETF. > > Title : TLS Encrypted Client Hello > Authors : Eric Rescorla > Kazuho Oku > Nick Sullivan > Christopher A. Wood > Filename : draft-ietf-tls-esni-07.txt > Pages : 31 > Date : 2020-06-01 > > Abstract: > This document describes a mechanism in Transport Layer Security (TLS) > for encrypting a ClientHello message under a server public key. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-tls-esni-07 > https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-esni-07 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
