Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Note timing side channels #559

Merged
merged 2 commits into from
Oct 12, 2023
Merged

Note timing side channels #559

merged 2 commits into from
Oct 12, 2023

Conversation

chris-wood
Copy link
Collaborator

Closes #400

There may be other ways to spell this, or other places to put it, so please feel free to leave suggestions or propose alternative PRs if desired.

cc @dennisjackson, @davidben, @cjpatton

true server name, can influence how client-facing servers process this message.
In particular, timing side channels can reveal information about the contents
of ClientHelloInner. Implementations should take such side channels into
consideration when reasoning about the privacy properties that ECH provides.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I don't have a suggestion and am not requesting a change. Just amused.)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heh, yeah. I mostly just copied boilerplate language we use in Privacy Pass. 🤷

draft-ietf-tls-esni.md Outdated Show resolved Hide resolved
draft-ietf-tls-esni.md Outdated Show resolved Hide resolved
@chris-wood chris-wood merged commit 1a4087f into master Oct 12, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Hard to imagine ECH handling in constant time - ponder and document?
4 participants