Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a new ECH config extension registry #557

Merged
merged 3 commits into from
Oct 12, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 50 additions & 8 deletions draft-ietf-tls-esni.md
Original file line number Diff line number Diff line change
Expand Up @@ -220,11 +220,16 @@ The ECH configuration is defined by the following `ECHConfig` structure.
HpkeSymmetricCipherSuite cipher_suites<4..2^16-4>;
} HpkeKeyConfig;

struct {
ECHConfigExtensionType type;
opaque data<0..2^16-1>;
} ECHConfigExtension;

struct {
HpkeKeyConfig key_config;
uint8 maximum_name_length;
opaque public_name<1..255>;
Extension extensions<0..2^16-1>;
ECHConfigExtension extensions<0..2^16-1>;
} ECHConfigContents;

struct {
Expand Down Expand Up @@ -284,9 +289,11 @@ an IPv4 address.
public_name.

extensions
: A list of extensions that the client must take into consideration when
generating a ClientHello message. These are described below
({{config-extensions}}).
: A list of ECHConfigExtension values that the client must take into
consideration when generating a ClientHello message. Each ECHConfigExtension
has a 2-octet type and opaque data value, where the data value is encoded
with a 2-octet integer representing the length of the data, in network byte
order. ECHConfigExtension values are described below ({{config-extensions}}).

[[OPEN ISSUE: determine if clients should enforce a 63-octet label limit for
public_name]]
Expand Down Expand Up @@ -347,10 +354,13 @@ ECH configuration extensions are used to provide room for additional
functionality as needed. See {{config-extensions-guidance}} for guidance on
which types of extensions are appropriate for this structure.

The format is as defined in {{RFC8446, Section 4.2}}.
The same interpretation rules apply: extensions MAY appear in any order, but
there MUST NOT be more than one extension of the same type in the extensions
block. An extension can be tagged as mandatory by using an extension type
The format is as defined in {{ech-configuration}} and mirrors
{{Section 4.2 of RFC8446}}. However, ECH configuration extension types are
maintained by IANA as described in {{config-extensions-iana}}.
ECH configuration extensions follow the same interpretation rules as TLS
extensions: extensions MAY appear in any order, but there MUST NOT be more
than one extension of the same type in the extensions block. Unlike TLS
extensions, an extension can be tagged as mandatory by using an extension type
codepoint with the high order bit set to 1.

Clients MUST parse the extension list and check for unsupported mandatory
Expand Down Expand Up @@ -1697,6 +1707,38 @@ IANA is requested to create an entry, ech_required(121) in the existing registry
for Alerts (defined in {{!RFC8446}}), with the "DTLS-OK" column set to
"Y".

## ECH Configuration Extension Registry {#config-extensions-iana}

IANA is requested to create a new "ECHConfig Extension" registry in a new
"TLS Encrypted Client Hello (ECH) Configuration Extensions" page. New
registrations need to list the following attributes:

Value:
: The two-byte identifier for the ECHConfigExtension, i.e., the
ECHConfigExtensionType

Extension Name:
: Name of the ECHConfigExtension

Recommended:
: A "Y" or "N" value indicating if the extension is TLS WG recommends that the
extension be supported. This column is assigned a value of "N" unless
explicitly requested. Adding a value with a value of "Y" requires Standards
Action {{RFC8126}}.

Reference:
: The specification where the ECHConfigExtension is defined

Notes:
: Any notes associated with the entry
{: spacing="compact"}

New entries in this registry are subject to the Specification Required
registration policy ({{!RFC8126, Section 4.6}}).

The registration policy for for the "ECHConfig Extension Type" registry
is Specification Required {{!RFC8126}}.
chris-wood marked this conversation as resolved.
Show resolved Hide resolved

# ECHConfig Extension Guidance {#config-extensions-guidance}

Any future information or hints that influence ClientHelloOuter SHOULD be
Expand Down