Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
draft-ietf-tls-svcb-ech-07

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-svcb-ech@ietf.org, paul.wouters@aiven.io, rfc-editor@rfc-editor.org, sean@sn3rd.com, tls-chairs@ietf.org, tls@ietf.org
Subject: Protocol Action: 'Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings' to Proposed Standard (draft-ietf-tls-svcb-ech-06.txt)

The IESG has approved the following document:
- 'Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings'
  (draft-ietf-tls-svcb-ech-06.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Paul Wouters and Deb Cooley.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/

Ballot Text

Technical Summary

   To use TLS Encrypted ClientHello (ECH) the client needs to learn the
   ECH configuration for a server before it attempts a connection to the
   server.  This specification provides a mechanism for conveying the
   ECH configuration information via DNS, using a SVCB or HTTPS record.

Working Group Summary

Please note that the text in this I-D was initially developed in the DNSOP WG,
went through IETF LC, and IESG review. The result of the IESG review was to take
the text in this I-D out of RFC 9460 (was draft-ietf-dnsop-svcb-http) and run the
new I-D through the TLS WG. The text in this I-D is essentially the same text
taken from -11 of draft-ietf-dnsop-svcb-http. In some respects, you could claim
that this I-D has consensus from multiple WGs.
See also: https://mailarchive.ietf.org/arch/msg/tls/Vct8iUc4IgSHENX2r9IGOQFLkyk/

Document Quality

This specification is implemented today by Chrome, Firefox, and Safari [1],
and is deployed on all Cloudflare free tier domains [2].

[1] https://chromestatus.com/feature/6196703843581952
[2] https://blog.cloudflare.com/announcing-encrypted-client-hello

Personnel

   The Document Shepherd for this document is Sean Turner. The Responsible
   Area Director is Paul Wouters.

Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings draft-ietf-tls-svcb-ech-07

Approval announcement Draft of message to be sent after approval:

Announcement

Ballot Text

RFC Editor Note

Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
draft-ietf-tls-svcb-ech-07

Approval announcement
Draft of message to be sent after approval: