Gunter Van de Velde has entered the following ballot position for draft-ietf-tls-svcb-ech-07: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Gunter Van de Velde, RTG AD, comments for draft-ietf-tls-svcb-ech-07 # The line numbers used are rendered from IETF idnits tool: https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-tls-svcb-ech-07.txt # General Review # ============== 100 In wire format, the value of the parameter is an ECHConfigList 101 (Section 4 of [ECH]), including the redundant length prefix. In 102 presentation format, the value is the ECHConfigList in Base 64 103 Encoding (Section 4 of [RFC4648]). Base 64 is used here to simplify 104 integration with TLS server software. To enable simpler parsing, 105 this SvcParam MUST NOT contain escape sequences. 106 107 ech="AEj+DQBEAQAgACAdd+scUi0IYFsXnUIU7ko2Nd9+F8M26pAGZVpz/KrWPgAEAAEAAWQ 108 VZWNoLXNpdGVzLmV4YW1wbGUubmV0AAA=" GV> I used some tooling to decode this Base64 blob. It seems to decode into hex as follows: 0x0048fe0d004401002000201d77eb1c522d08605b179d4214ee4a3635df7e17c336ea9006655a73fcaad63e00040001000164156563682d73697465732e6578616d706c652e6e65740000 and that decodes as: Bytes | Meaning 0048fe0d | Length of the ECHConfigList (72 bytes total) 00440100 | Start of ECHConfig (first part is version 0x0044, meaning draft-13 version of ECH) 2000201d77eb1c522d08605b179d4214ee4a3635df7e17c336ea9006655a73fcaad63e0 | Key configuration and public keys for encryption (big blob) 0040 | Length of public_name 0001 | Cipher suite count (one suite) 0001 | Cipher suite ID (indicates a specific cipher, e.g., TLS_AES_128_GCM_SHA256) 64 | Length of public_name string (100 bytes) 6563682d73697465732e6578616d706c652e6e6574 | "ech-sites.example.net" (this is the public name, in ASCII) 0000 | Padding/termination Is the above is correct? maybe it is worthwhile to add this decoding example from informational perspective within the draft if this decoding activity adds value? G/ _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
