Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Last Call Review of draft-ietf-tls-esni-23
review-ietf-tls-esni-23-secdir-lc-montville-2025-03-05-00

Versions:

Request	Review of	draft-ietf-tls-esni
	Requested revision	No specific revision (document currently at 25)
	Type	IETF Last Call Review
	Team	Security Area Directorate (secdir)
	Deadline	2025-03-13
	Requested	2025-02-20
	Authors	Eric Rescorla , Kazuho Oku , Nick Sullivan , Christopher A. Wood
	I-D last updated	2025-10-29 (Latest revision 2025-06-14)
	Completed reviews	Dnsdir IETF Last Call review of -23 by R. (Miek) Gieben (diff) Artart IETF Last Call review of -23 by Carsten Bormann (diff) Secdir IETF Last Call review of -23 by Adam W. Montville (diff) Tsvart IETF Last Call review of -23 by Tommy Pauly (diff) Genart IETF Last Call review of -23 by Stewart Bryant (diff) Opsdir IETF Last Call review of -24 by Giuseppe Fioccola (diff) Dnsdir Telechat review of -24 by R. (Miek) Gieben (diff) Intdir Telechat review of -24 by Tommy Pauly (diff)
Assignment	Reviewer	Adam W. Montville
	State	Completed
	Request	IETF Last Call review on draft-ietf-tls-esni by Security Area Directorate Assigned
	Posted at	https://mailarchive.ietf.org/arch/msg/secdir/2TEnosxC8EM1wWJjLDlAEvAch2Q
	Reviewed revision	23 (document currently at 25)
	Result	Ready
	Completed	2025-03-05

review-ietf-tls-esni-23-secdir-lc-montville-2025-03-05-00

Based on my review of this draft I would classify it as "ready" for
publication, with some minor caveats that don’t fundamentally undermine its
readiness.The draft defines a clear, well-specified mechanism for encrypting
the ClientHello. It leverages established cryptographic primitives and
preserves existing TLS 1.3 security properties. The threat model is thoroughly
addressed with a formal analysis documented in a reference.

If it is possible (possibly not in this drat) to offer more detailed
operational guidance on key rotation, that would be helpful. There are some
points in the document that might allude to implementation-specific
configuration choices. Implementations would ideally expose these choices to
operators so they can make the best possible choices for their needs.

Last Call Review of draft-ietf-tls-esni-23 review-ietf-tls-esni-23-secdir-lc-montville-2025-03-05-00

Last Call Review of draft-ietf-tls-esni-23
review-ietf-tls-esni-23-secdir-lc-montville-2025-03-05-00