search

tlswg / draft-ietf-tls-esni

TLS Encrypted Client Hello
https://tlswg.github.io/draft-ietf-tls-esni/#go.draft-ietf-tls-esni.html
Other
231 stars 56 forks source link

optional configids seems wrong, maybe random is better? #495

Closed sftcd closed 3 years ago

sftcd commented 3 years ago

minor suggested change

sftcd commented 3 years ago

Hiya,

On 05/08/2021 22:50, Christopher Wood wrote:

@chris-wood requested changes on this pull request.

config_id SHOULD be set to a randomly generated byte in the first -ClientHelloOuter and MUST be left unchanged for the second ClientHelloOuter. +ClientHelloOuter and, in the event of HRR, MUST be left unchanged for +the second ClientHelloOuter.

The intent was to say that optional IDs are to be implemented as random IDs, i.e., if you don't care about IDs (hence optional),

For me, for a protocol element, "optional" means "not included" whereas here we're talking about "optionally ignoring the proposed value." (Yeah, I probably read too much ASN.1 once, or even twice:-)

"Random" might not be right, but "optional" could maybe briefly confuse an implementer.

then just set them to a random byte. So I'm not inclined to take this change.

I do like the clarification to include "in the event of HRR" -- can we split that out into a separate PR?

Sure. (Not that I know how to do that easily, but feel free to just do it, or wait for me to figure it out tomorrow;-)

Cheers, S.

cbartle891 commented 3 years ago

For me, for a protocol element, "optional" means "not included" whereas here we're talking about "optionally ignoring the proposed value."

I agree.

chris-wood commented 3 years ago

It's not possible to omit the config ID (it's a byte). It's only possible to not use it. Optional seems like a fine word to capture that. We could also say that it's unused or ignored? For example:

If `config_id` is ignored as specified by an application profile or otherwise 
externally configured, `config_id` SHOULD be set to a randomly generated byte
in the first ClientHelloOuter and, in the event of HRR, MUST be left unchanged
for the second ClientHelloOuter.

Or something, with similar updates to the text and section titles. Would that work?

sftcd commented 3 years ago

On 06/08/2021 13:45, Christopher Wood wrote:

It's not possible to omit the config ID (it's a byte). It's only possible to not use it. Optional seems like a fine word to capture that.

Interesting, (but unimportant:-) my take on those facts is the opposite.

We could also say that it's unused or ignored? For example:

If `config_id` is unused as specified by an application profile or otherwise externally configured, `config_id` SHOULD be set to a randomly generated byte in the first ClientHelloOuter and, in the event of HRR, MUST be left unchanged for the second ClientHelloOuter.

Or something, with similar updates to the text and section titles. Would that work?

For me: "ignored" is ok, "unused" is as odd as "optional."

Cheers, S.

chris-wood commented 3 years ago

@sftcd updated the proposal above to use "ignored". Does that work?

sftcd commented 3 years ago

On 06/08/2021 17:17, Christopher Wood wrote:

@sftcd updated the proposal above to use "ignored". Does that work?

Sure. Thanks, S

chris-wood commented 3 years ago

Great! Could you please update this PR to match?

sftcd commented 3 years ago

I think I've made those changes now.