Hiya,
Quite a while back, I asked about adoption of [1] which defines a PEM file format for ECH stuff. IIRC the reactions varied from "maybe later" to "goto ISE." As of now, that format is used by code in the OpenSSL ECH "feature branch" [2], lighttpd [3], apache httpd [4] and a patch for freenginx [5]. (I was partly responsible for [2,3,4] but in each case maintainers have merged PRs for this; [5] was independently done by the maintainer of that package). Of those, IIUC, only the lighttpd code has been part of a release, but is marked as experimental. All going well, the others will release versions that use this format in the coming months, so if changes were useful then now is a fine time to make those. So I figure it's no harm to ask again if adopting [1] is something the WG would like to consider. I don't mind if the answer is "goto ISE" but if so would love to be able to say to the ISE that the TLS WG had a look and are ok with taking that route. Even better would be to get adoption/review from the WG that could feed into implementations before those are released. (That does of course assume the WG process this relatively quickly before those releases happen:-) This could well be suited for a 5 minute slot at the upcoming TLS session in Montreal, or given that [1] is pretty straightforward, maybe the chairs could get it processed on the list before then. Thanks, S. [1] https://datatracker.ietf.org/doc/draft-farrell-tls-pemesni/ [2] https://github.com/openssl/openssl/tree/feature/ech [3] https://redmine.lighttpd.net/projects/lighttpd/wiki/TLS_ECH[4] https://github.com/apache/httpd/commit/0c9cd095ce9081fd225f0da7787419e80de7c701
[5] https://freenginx.org/pipermail/nginx-devel/2025-September/000771.html
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
