From 363bce0301a1805217ef3e314ad7ff7eebe4f5bb Mon Sep 17 00:00:00 2001 From: Christopher Wood Date: Thu, 21 Sep 2023 10:38:28 -0400 Subject: [PATCH] Officially request the SVCB codepoint --- draft-ietf-tls-esni.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/draft-ietf-tls-esni.md b/draft-ietf-tls-esni.md index 20c61c1a..e5c6659d 100644 --- a/draft-ietf-tls-esni.md +++ b/draft-ietf-tls-esni.md @@ -167,8 +167,10 @@ A client-facing server enables ECH by publishing an ECH configuration, which is an encryption public key and associated metadata. The server must publish this for all the domains it serves via Shared or Split Mode. This document defines the ECH configuration's format, but delegates DNS publication details -to {{!HTTPS-RR=I-D.ietf-dnsop-svcb-https}}. Other delivery mechanisms are also -possible. For example, the client may have the ECH configuration preconfigured. +to {{!HTTPS-RR=I-D.ietf-dnsop-svcb-https}}; see {{svcb}} for information about +how the ECH configuration is encoded in the SVCB record. Other delivery +mechanisms are also possible. For example, the client may have the ECH +configuration preconfigured. When a client wants to establish a TLS session with some backend server, it constructs a private ClientHello, referred to as the ClientHelloInner. @@ -321,6 +323,11 @@ The `ECHConfigList` structure contains one or more `ECHConfig` structures in decreasing order of preference. This allows a server to support multiple versions of ECH and multiple sets of ECH parameters. +The standard deployment model for ECH uses DNS to advertise ECHConfigList +values. In particular, ECHConfigList are encoded as the value for the DNS +Service Binding parameter named "ech"; see {{svcb}} for information about +this parameter. + ## Configuration Identifiers {#config-ids} A client-facing server has a set of known ECHConfig values, with corresponding @@ -1697,6 +1704,19 @@ IANA is requested to create an entry, ech_required(121) in the existing registry for Alerts (defined in {{!RFC8446}}), with the "DTLS-OK" column set to "Y". +## Update of the Service Parameter Keys (SvcParamKeys) Registry {#svcb} + +IANA is requested to add the following entry to the Service Parameter Keys +registry: + +- Number: 5 +- Name: ech +- Meaning: TLS Encrypted Client Hello +- Format Reference: ECHConfigList, as defined in {{ech-configuration}} + of this document +- Change controller: IETF +- Reference: This document + # ECHConfig Extension Guidance {#config-extensions-guidance} Any future information or hints that influence ClientHelloOuter SHOULD be