[TLS] Re: [EXTERNAL] Re: New Version Notification for draft-stein-tls-ech-considered-harmful-00.txt

Muhammad Usama Sardar Fri, 04 Jul 2025 09:18:57 -0700

I don't have an opinion yet on whether ECH is harmful etc. But I do want to point out my analysis that in the ProVerif's formal model of ECH, 14 out of 23 modeled keys deviate from the TLS specifications. Whether it breaks proofs or not, I can't say yet. It has several configurations and some of them take several hours on a high-end server.


Also, one clarifying question inline:


On 04.07.25 02:08, Watson Ladd wrote:

But let's be clear: a DNS name is not an "attack".

Sincere apologies in advance if I am missing something obvious here, but why not? Why do we have misbinding attacks [1] in RFC8446bis then?


Usama

[1] https://www.ietf.org/archive/id/draft-ietf-tls-rfc8446bis-12.html#appendix-F.8

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

[TLS] Re: [EXTERNAL] Re: New Version Notification for draft-stein-tls-ech-considered-harmful-00.txt

Reply via email to