search

tlswg / draft-ietf-tls-esni

TLS Encrypted Client Hello
https://tlswg.github.io/draft-ietf-tls-esni/#go.draft-ietf-tls-esni.html
Other
232 stars 57 forks source link

Questions about client behavior #294

Closed D-Sinus closed 4 years ago

D-Sinus commented 4 years ago

Cause I'm quite new to ECH, I'm little bit confused when reading this draft. So I want to ask some questions...

Paragraph 7.1. Sending an encrypted ClientHello says...

pkR = HPKE.KEM.Unmarshal(ECHConfig.public_key) enc, context = SetupBaseS(pkR, "tls13-ech") ech_nonce_value = context.Export("tls13-ech-nonce", 16) ech_hrr_key = context.Export("tls13-ech-hrr-key", 16)

Q1. Is 'Unmarshal()' above equal to general meaning of unmarshalling -get public key from ECHConfig structure- ? Q2. I think 'hrr' in the fourth line is the abbreviation of 'HelloRetryRequest', is it correct? If so, could you add some explanation about that?

davidben commented 4 years ago

Q1: It should be defined in the HPKE draft, though it looks like the HPKE draft has since renamed it and it should probably say Deserialize now. https://cfrg.github.io/draft-irtf-cfrg-hpke/draft-irtf-cfrg-hpke.html#name-cryptographic-dependencies

Q2: hrr is HelloRetryRequest, yes. The use of the key is described later on in the HelloRetryRequest section. https://tlswg.org/draft-ietf-tls-esni/draft-ietf-tls-esni.html#section-7.3.3

cjpatton commented 4 years ago

Q1. Is 'Unmarshal()' above equal to general meaning of unmarshalling -get public key from ECHConfig structure- ?

The first line appears to be pseudocode for "interpret ECHConfig.public_key as a public key for the KEM algorithm identified by ECHConfig.kem_id. IMO we should get rid of this pseudocode and say what pkR is.

Q2. I think 'hrr' in the fourth line is the abbreviation of 'HelloRetryRequest', is it correct? If so, could you add some explanation about that?

@davidben beat me to it!

D-Sinus commented 4 years ago

Oh, it was Deserialize()... thanks!

chris-wood commented 4 years ago

Closing as resolved.