[ech] would a callback for ECH retry-configs be useful?

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Apr 17 01:07:54 UTC 2023


I've been adding code for testing badly encoded ECH stuff
to my branch, esp. for EncodedClientHelloInner which is the
new thing that could cause server bugs. That's in [1] and
seems like a reasonable start to doing that well. And that
approach (for testing) also seems to work ok for badly
constructed values for the ECH acceptance signal in SH.random
or within HRRs.

One problem I've not solved (within the test harness) is
how to do similarly for the retry-config values returned
by a server when the wrong ECH public value is used by a
client (or if a client GREASEs). Right now, a server (that
has some ECH private values loaded) will return the ECHConfig
corresponding to the most recently loaded ECH private value,
which I think is reasonable.

However, for testing, it might be useful to enable a server
to trigger a callback, so that it could return a borked
retry-config value, to check that doesn't result in badness
for a client.

My question is: would it be useful for real servers to be
able to choose the retry-config value to return via a new
callback? I guess that might be useful for servers that
use multiple CDNs, but I'm not at all sure, since I don't
get near such servers... hence asking:-)

Secondary question: if useful, then what params might such
a callback need?

Opinions welcome!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230417/84ad41e5/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230417/84ad41e5/attachment.sig>

More information about the ech mailing list