[ech] almost ready to make ECH PR - what else'd help reviewers?
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Nov 21 21:06:25 UTC 2023
Hiya,
At the recent IETF meeting the TLS WG decided to ask IANA to do
an early codepoint allocation of the TLS codepoints needed for
ECH. That's good news as it means there should be no need for any
"flag day" due to the current deployments (whether experimental
or other). The TLS WG also still plan to move the draft spec to
last call soon, so we might have an RFC in the first few months
of next year.
In other news, browsers are now shipping with ECH turned on by
default rather than behind a flag as was previously the case.
(FF still needs DoH to have been used, but chrome and friends
seemingly don't.)
I realise that the OpenSSL policy is to not merge things like
this until the RFC issues, (which is fine) but this PR will,
unfortunately be fairly mega-huge, so I expect it'll take quite
a while to get sufficient review and make the improvements that
I fully expect reviewers will suggest.
Given all that, my plan is to create that ECH PR in a week or
so, with the expectation that it'll also take some months to
process. But just before doing that, I reckoned it'd be worth
doing a bit of a rehearsal to see if there's anything else that
I can do to make review easier.
So, I've made a branch that's pretty much what I'd put in the
PR, with all the dev commits squashed down into 7 chunky but
not too large ones. The diff of that vs. the master branch is
at [1].
So, my question: what else could I do to make this easier for
reviewers?
Thanks,
S.
PS: Apologies for the size of this, we may be able to make it
somewhat smaller during processing of the PR (e.g. there's some
tracing code that can be dropped as we go), but I'm afraid that
it can't really get that much smaller, sorry;-(
[1]
https://github.com/openssl/openssl/compare/master...sftcd:openssl:pre-pre3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231121/03ecf788/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20231121/03ecf788/attachment.sig>
More information about the ech
mailing list