Thanks for your comments.
On Wed, May 7, 2025 at 6:09 AM Mike Bishop via Datatracker <nore...@ietf.org> wrote: > Mike Bishop has entered the following ballot position for > draft-ietf-tls-esni-24: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I've previously reviewed this document and have very few additional > comments; > these comments can be incorporated or ignored at the authors' and > responsible > AD's discretion. > > 6.1.8: "has been forced to change" imputes external events that aren't > relevant > to the protocol. The server's configuration may have changed since the > client > received the retry configs; the client doesn't need to speculate on why. > I have submitted a PR for this: https://github.com/tlswg/draft-ietf-tls-esni/pull/654 > > 10.9 notes that there's no collision between ECH acceptance (in 1.3) and > downgrade protection (in <1.3) because of the version scoping. It's worth > noting, however, that this forecloses using the same approach to guard > against > downgrades to 1.3 from future TLS versions. > That's correct, but should not be an issue. This approach was used in TLS 1.2 because the signature does not cover the entire transcript but only pieces of it, so we needed to put the downgrade signal in a location which was protected, namely the Randoms. TLS 1.3 signs the whole transcript up to that point and so covers the version negotiation under the signature. -Ekr
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
