Hi all, I'm working on an implementation [1] of encrypted client hello (ECH) [2] and so far discussion [3] on another list hasn't turned up any uses of such custom client hello extensions (handled via e.g. ``SSL_CTX_add_custom_ext()``) that have sensitive values that'd benefit from being in the encrypted "inner" client hello. That means that it seems ok to handle all custom extensions by sending them in the outer client hello and (in compressed form) in the inner client hello as well. The result is we should get interop, and need no changes to APIs, but that ECH won't provide any new benefit for such custom extension values. (And that's what's implemented by [1].) That all seems ok so far, but if there were any deployments that sent sensitive values (e.g. PII) in such custom client hello extension then it may be that more work is warranted. (Not that sending PII in a client hello extension would be a good idea, but who knows what's been done?) If you know of any such uses of custom extensions, I'd be interested in finding out more about 'em. If there are no such uses, then we're probably in an ok place already. (It's fine to reply on or off list, whichever's best.) Thanks, Stephen.[1] https://github.com/sftcd/openssl/blob/ECH-draft-13c/doc/designs/ech-api.md
[2] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ [3] https://mta.openssl.org/pipermail/ech/2023-March/000013.html
Attachment:
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
