search

tlswg / draft-ietf-tls-esni

TLS Encrypted Client Hello
https://tlswg.github.io/draft-ietf-tls-esni/#go.draft-ietf-tls-esni.html
Other
231 stars 56 forks source link

Add some more structure to "Offering ECH" #395

Closed sayrer closed 1 year ago

sayrer commented 3 years ago

I think a brief summary at the top of the section might help a lot. It could just be a list with links to subsections containing the text that's already there.

As an example, I wrote this brief summary for Rustls collaborators.

The client steps are as follows:

- Create a ClientHelloInner (just a ClientHello with some restrictions)
- Create an “EncodedClientHelloInner” that can be a no-op for now, since we won’t deduplicate anything in the ClientHelloOuter for now.
- Create a ClientHelloOuter for the EncodedClientHelloInner (a ClientHello with some other restrictions).
- The ClientHelloOuterAAD is computed to created “Additional authenticated data” for HPKE by serializing the entire ClientHelloOuter less the last extension (which is ECH)
- The encrypted_client_hello extension (ECH) is computed using choices from the ECHConfig (done for -09) and the ClientHelloOuterAAD.
cjpatton commented 3 years ago

I like this idea. Send a PR?

chris-wood commented 1 year ago

@sayrer I think this has been overcome by events with the latest structure of the Offering ECH section. We now describe the steps that clients follow in linear fashion. I'm going to close this as having been overcome by events.