Diff: rfc9934xml2.original.xml

	rfc9934xml2.original.xml	rfc9934.xml

	<?xml version="1.0" encoding="US-ASCII"?>	<?xml version='1.0' encoding='UTF-8'?>
	<!-- this is version 5 of this xml2rfc template -->
	<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
	<!ENTITY rfc2119 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.2119.xml">
	<!ENTITY rfc4648 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.4648.xml">
	<!ENTITY rfc7468 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.7468.xml">
	<!ENTITY rfc8174 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.8174.xml">
	<!ENTITY rfc8446 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.8446.xml">
	<!ENTITY rfc8446 SYSTEM "https://xml.resource.org/public/rfc/bibxml/reference.RF
	C.9460.xml">
	<!ENTITY I-D.ietf-tls-esni SYSTEM "http://xml.resource.org/public/rfc/bibxml3/re
	ference.I-D.ietf-tls-esni">
	<!ENTITY I-D.ietf-tls-svcb-ech SYSTEM "http://xml.resource.org/public/rfc/bibxml
	3/reference.I-D.ietf-tls-svcb-ech">


		<!DOCTYPE rfc [
		<!ENTITY nbsp " ">
		<!ENTITY zwsp "">
		<!ENTITY nbhy "‑">
		<!ENTITY wj "⁠">
	]>	]>

	<?rfc toc="yes"?>
	<?rfc symrefs="yes"?>	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-fa
	<?rfc compact="yes"?>	rrell-tls-pemesni-13" number="9934" ipr="trust200902" obsoletes="" updates="" su
	<?rfc subcompact="yes"?>	bmissionType="IETF" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="tru
	<?rfc strict="no"?>	e" version="3" consensus="true">
	<?rfc rfcedstyle="yes"?>
	<?rfc comments="yes"?>
	<?rfc inline="yes"?>
	<rfc category="std" docName="draft-farrell-tls-pemesni-13" ipr="trust200902" >
	<front>	<front>

	<title abbrev="PEM file format for ECH">PEM file format for ECH</title>	<!-- [rfced] Please note that we have expanded the abbreviations in the title of
		the document. Please let us know any concerns.

		Original:
		PEM file format for ECH

		Current:
		Privacy-Enhanced Mail (PEM) File Format for Encrypted ClientHello (ECH)
		-->

		<title abbrev="PEM File Format for ECH">Privacy-Enhanced Mail (PEM) File For
		mat for Encrypted ClientHello (ECH)</title>
		<seriesInfo name="RFC" value="9934"/>

	<author fullname="Stephen Farrell" initials="S." surname="Farrell">	<author fullname="Stephen Farrell" initials="S." surname="Farrell">
	<organization>Trinity College Dublin</organization>	<organization>Trinity College Dublin</organization>


	<address>	<address>
	<postal>	<postal>

	<street/>

	<city>Dublin</city>	<city>Dublin</city>


	<region/>

	<code>2</code>	<code>2</code>


	<country>Ireland</country>	<country>Ireland</country>
	</postal>	</postal>


	<phone>+353-1-896-2354</phone>	<phone>+353-1-896-2354</phone>


	<email>stephen.farrell@cs.tcd.ie</email>	<email>stephen.farrell@cs.tcd.ie</email>
	</address>	</address>
	</author>	</author>

		<date month="February" year="2026"/>


	<date year="2026"/>	<!-- [rfced] FYI - The submitted XML had the area set to "Security Area". Is
		this correct? -->

	<area>Security Area</area>	<area>Security Area</area>


	<workgroup>Internet Engineering Task Force (IETF)</workgroup>

	<keyword>TLS</keyword>	<keyword>TLS</keyword>


	<keyword>ESNI</keyword>	<keyword>ESNI</keyword>

	<abstract>	<abstract>

		<t>
	<t>
	Encrypted ClientHello (ECH) key pairs need to be configured into TLS	Encrypted ClientHello (ECH) key pairs need to be configured into TLS
	servers, which can be built using different TLS libraries.	servers, which can be built using different TLS libraries.

	This document specifies a file format to use,	This document specifies a standard file format for this purpose,
	similar to how RFC 7468 defines other PEM file formats.	similar to how RFC 7468 defines other Privacy-Enhanced Mail (PEM) fi
	</t>	le formats.
		</t>
	</abstract>	</abstract>
	</front>	</front>


	<middle>	<middle>

	<section title="Introduction">	<section numbered="true" toc="default">
		<name>Introduction</name>
	<t>Encrypted ClientHello (ECH)	<t>Encrypted ClientHello (ECH)
	<xref target="I-D.ietf-tls-esni"/> for TLS1.3 <xref target="RFC8446"	<xref target="RFC9849" format="default"/> for TLS1.3 <xref target="R
	/>	FC8446" format="default"/>
	defines a confidentiality mechanism for server names and other Clien tHello	defines a confidentiality mechanism for server names and other Clien tHello
	content in TLS.	content in TLS.
	That requires publication of an ECHConfigList data structure in an H TTPS or SVCB RR	That requires publication of an ECHConfigList data structure in an H TTPS or SVCB RR

	<xref target="RFC9460"/> in the DNS.	<xref target="RFC9460" format="default"/> in the DNS.
	An ECHConfigList can contain one or more ECHConfig values.	An ECHConfigList can contain one or more ECHConfig values.
	An ECHConfig structure contains the public component of a key pair	An ECHConfig structure contains the public component of a key pair
	that will typically be periodically (re-)generated by some key manag er	that will typically be periodically (re-)generated by some key manag er
	for a TLS server.	for a TLS server.
	TLS servers then need to be configured to use these key pairs,	TLS servers then need to be configured to use these key pairs,
	and given that various TLS servers can be built with different	and given that various TLS servers can be built with different
	TLS libraries, there is a benefit in having a standard format for	TLS libraries, there is a benefit in having a standard format for

	ECH key pairs and configs, just as was done with <xref target="RFC74	ECH key pairs and configs, just as was done with <xref target="RFC74
	68"/>.	68" format="default"/>.
		</t>
		</section>
		<section numbered="true" toc="default">
		<name>Terminology</name>
		<t>
		The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
		"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>
		",
		"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
		"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
		"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
		be
		interpreted as described in BCP 14 <xref target="RFC2119"/> <xref
		target="RFC8174"/> when, and only when, they appear in all capitals, as
		shown here.
	</t>	</t>

		</section>
	</section>	<section numbered="true" toc="default">
		<name>ECHConfig File</name>
	<section title="Terminology">	<t>A PEM ECH file contains zero or one private key and one encoded ECHConf
	<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",	igList.</t>
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and	<t>The public and private keys <bcp14>MUST</bcp14> both
	"OPTIONAL" in this document are to be interpreted as described in BCP	be PEM encoded <xref target="RFC7468" format="default"/>.
	14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
	when, they appear in all capitals, as shown here.</t>
	</section>

	<section title="ECHConfig file">

	<t>A PEM ECH file contains zero or one private key and one encoded ECH
	ConfigList.</t>

	<t>The public and private keys MUST both
	be PEM encoded <xref target="RFC7468"/>.
	The file contains the concatenation of the PEM encoding	The file contains the concatenation of the PEM encoding
	of the private key (if present) followed by the PEM encoding of th e public key(s) as	of the private key (if present) followed by the PEM encoding of th e public key(s) as
	an ECHConfigList.	an ECHConfigList.

	When a private key is present, the ECHConfigList MUST contain an E	When a private key is present, the ECHConfigList <bcp14>MUST</bcp1
	CHConfig that matches the private key.	4> contain an ECHConfig that matches the private key.
	The private key MUST be encoded as a PKCS#8 PrivateKey <xref targe	The private key <bcp14>MUST</bcp14> be encoded as a PKCS#8 Private
	t="RFC7468"/>.	Key <xref target="RFC7468" format="default"/>.
	The public	The public

	key(s) MUST be the base64 encoded (see Section 4 of <xref target=" RFC4648"/>) form of an ECHConfigList value that	key(s) <bcp14>MUST</bcp14> be the base64-encoded form (see <xref t arget="RFC4648" section="4"/>) of an ECHConfigList value that
	can be published in the DNS using an HTTPS RR as described in	can be published in the DNS using an HTTPS RR as described in

	<xref target="I-D.ietf-tls-svcb-ech"/>.	<xref target="RFC9848" format="default"/>.
	The string "ECHCONFIG" MUST be used in the PEM	The string "ECHCONFIG" <bcp14>MUST</bcp14> be used in the PEM
	file delimiter for the public key.</t>	file delimiter for the public key.</t>

		<t>Any content after the PEM encoded ECHConfigList <bcp14>SHOULD</bcp14> b
	<t>Any content after the PEM encoded ECHConfigList SHOULD be ignor	e ignored.</t>
	ed.</t>	<t><xref target="sample" format="default"/> shows an example ECHConfig PEM
		File</t>
	<t><xref target="sample"/> shows an example ECHConfig PEM File</t>	<figure anchor="sample">
		<name>Example ECHConfig PEM File</name>
	<figure anchor="sample" title="Example ECHConfig PEM file" >	<artwork name="" type="" align="left" alt=""><![CDATA[
	<artwork><![CDATA[
	-----BEGIN PRIVATE KEY-----	-----BEGIN PRIVATE KEY-----
	MC4CAQAwBQYDK2VuBCIEICjd4yGRdsoP9gU7YT7My8DHx1Tjme8GYDXrOMCi8v1V	MC4CAQAwBQYDK2VuBCIEICjd4yGRdsoP9gU7YT7My8DHx1Tjme8GYDXrOMCi8v1V
	-----END PRIVATE KEY-----	-----END PRIVATE KEY-----
	-----BEGIN ECHCONFIG-----	-----BEGIN ECHCONFIG-----
	AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA	AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA
	AQALZXhhbXBsZS5jb20AAA==	AQALZXhhbXBsZS5jb20AAA==

	]]></artwork>	-----END ECHCONFIG-----]]></artwork>
	</figure>	</figure>
		<t>
	<t>
	If the above ECHConfigList were published in the DNS for	If the above ECHConfigList were published in the DNS for
	foo.example.com, then one could access that as shown	foo.example.com, then one could access that as shown

	in <xref target="dig"/>.	in <xref target="dig" format="default"/>.
	</t>	</t>
		<figure anchor="dig">
	<figure anchor="dig" title="Use of dig to get the ECHConfigList from	<name>Use of Dig to Get the ECHConfigList from DNS</name>
	DNS" >	<artwork name="" type="" align="left" alt=""><![CDATA[
	<artwork><![CDATA[
	$ dig +short HTTPS foo.example.com	$ dig +short HTTPS foo.example.com
	1 . ech=AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQR	1 . ech=AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQR

	wAEAAEAAQALZXhhbXBsZS5jb20AAA==	wAEAAEAAQALZXhhbXBsZS5jb20AAA==]]></artwork>
	]]></artwork>	</figure>
	</figure>	<t>

	<t>
	TLS servers using this file format might configure	TLS servers using this file format might configure
	multiple file names as part of their overall configuration,	multiple file names as part of their overall configuration,
	if, for example, only the ECHConfigList values	if, for example, only the ECHConfigList values
	from a subset of those files are to be used as the value for	from a subset of those files are to be used as the value for
	retry_configs in the ECH fallback scenario.	retry_configs in the ECH fallback scenario.

	</t>	</t>
		<t>
	<t>
	The ECHConfigList in a PEM file might contain more than one	The ECHConfigList in a PEM file might contain more than one
	ECHConfig if, for example, those ECHConfig values contain	ECHConfig if, for example, those ECHConfig values contain
	different extensions or different public_name	different extensions or different public_name

	values. Consistent with <xref target="I-D.ietf-tls-esni"/>,	values. Consistent with <xref target="RFC9849" format="default"/ >,
	the ECHConfig values within an ECHConfigList appear in	the ECHConfig values within an ECHConfigList appear in
	decreasing order of preference. If the	decreasing order of preference. If the
	ECHConfigList value is to be used as the retry_configs value,	ECHConfigList value is to be used as the retry_configs value,
	then that might contain different public keys. (Nonetheless,	then that might contain different public keys. (Nonetheless,

	when a private key is present, that MUST match the public key	when a private key is present, that <bcp14>MUST</bcp14> match th e public key
	from one of the ECHConfig values.)	from one of the ECHConfig values.)

	</t>	</t>
		</section>
	</section>	<section numbered="true" toc="default">
		<name>Security Considerations</name>
	<section title="Security Considerations">	<t>Storing cryptographic keys in files leaves them vulnerable should
	<t>Storing cryptographic keys in files leaves them vulnerable should
	anyone get read access to the filesystem on which they are stored.	anyone get read access to the filesystem on which they are stored.

	The same protection mechanisms that would be used for a server's PEM	The same protection mechanisms that would be used for a server's PEM
	encoded HTTPS certificate private key should be used for the PEM ECH	-encoded HTTPS certificate private key should be used for the PEM ECH
	configuration.	configuration.

	</t>	</t>
		<t>
	<t>	The security considerations of <xref target="RFC9848" format="de
	The security considerations of <xref target="I-D.ietf-tls-svcb-e	fault"/>
	ch"/>
	apply when retrieving an ECHConfigList from the DNS.	apply when retrieving an ECHConfigList from the DNS.

	</t>	</t>
		<t>
	<t>
	For clarity, only the ECHConfigList is to be published	For clarity, only the ECHConfigList is to be published

	in the DNS - the private key from an ECH PEM file MUST	in the DNS - the private key from an ECH PEM file <bcp14>MUST
	NOT be published in the DNS.	NOT</bcp14> be published in the DNS.
	</t>	</t>

	</section>

	<section title="Acknowledgements">
	<t>Thanks to Daniel McCarney, Jim Reid and Peter Yee for comments.</t>
	</section>	</section>


	<section title="IANA Considerations">	<section numbered="true" toc="default">
	<t>This document contains no IANA considerations.</t>	<name>IANA Considerations</name>
		<t>This document has no IANA actions.</t>
	</section>	</section>


	</middle>	</middle>


	<back>	<back>

	<references title="Normative References">	<references>
	<?rfc include='reference.RFC.2119'?>	<name>References</name>
	<?rfc include='reference.RFC.4648'?>	<references>
	<?rfc include='reference.RFC.7468'?>	<name>Normative References</name>
	<?rfc include='reference.RFC.8174'?>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
	<?rfc include='reference.RFC.8446'?>	119.xml"/>
	&I-D.ietf-tls-esni;	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4
		648.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
		468.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
		174.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
		446.xml"/>
		<!-- [I-D.ietf-tls-esni] -> [RFC9849]
		in AUTH48 as of 02/17/26
		-->
		<reference anchor="RFC9849" target="https://www.rfc-editor.org/info/rfc9
		849">
		<front>
		<title>TLS Encrypted Client Hello</title>
		<author initials="E." surname="Rescorla" fullname="Eric Rescorla">
		<organization>Independent</organization>
		</author>
		<author initials="K." surname="Oku" fullname="Kazuho Oku">
		<organization>Fastly</organization>
		</author>
		<author initials="N." surname="Sullivan" fullname="Nick Sullivan">
		<organization>Cryptography Consulting LLC</organization>
		</author>
		<author initials="C. A." surname="Wood" fullname="Christopher A. Woo
		d">
		<organization>Cloudflare</organization>
		</author>
		<date month='February' year='2026'/>
		</front>
		<seriesInfo name="RFC" value="9849"/>
		<seriesInfo name="DOI" value="10.17487/RFC9849"/>
		</reference>


	</references>	</references>
		<references>
		<name>Informative References</name>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9
		460.xml"/>
		<!-- [I-D.ietf-tls-svcb-ech] RFC-to-be 9848
		in AUTH48-DONE as of 02/17/2026
		-->
		<reference anchor="RFC9848" target="https://www.rfc-editor.org/info/rfc9848">
		<front>
		<title>
		Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
		</title>
		<author fullname="Benjamin M. Schwartz" initials="B. M." surname="Schwartz">
		<organization>Meta Platforms, Inc.</organization>
		</author>
		<author fullname="Mike Bishop" initials="M." surname="Bishop">
		<organization>Akamai Technologies</organization>
		</author>
		<author fullname="Erik Nygren" initials="E." surname="Nygren">
		<organization>Akamai Technologies</organization>
		</author>
		<date month="February" year="2026"/>
		</front>
		<seriesInfo name="RFC" value="9848"/>
		</reference>


	<references title="Informative References">	</references>
	<?rfc include='reference.RFC.9460'?>
	&I-D.ietf-tls-svcb-ech;
	</references>	</references>


	<!--	<section numbered="false" toc="default">
	<section title="Change Log ">	<name>Acknowledgements</name>
	<t>[[RFC editor: please remove this before publication.]]</t>	<t>Thanks to <contact fullname="Daniel McCarney"/>, <contact
		fullname="Jim Reid"/>, and <contact fullname="Peter Yee"/> for
	<t>From -00 to -01:	comments.</t>
	<list style="symbols">
	<t>Re-structured a bit after re-reading rfc8615</t>
	</list>
	</t>
	</section>	</section>

	-->

	<section title="Changes">

	<t>From -12 to -13:
	<list style="symbols">
	<t>Changes resulting from IESG review.</t>
	</list>
	</t>
	<t>From -11 to -12:
	<list style="symbols">
	<t>Changes resulting from IETF last call reviews.</t>
	</list>
	</t>
	<t>From -10 to -11:
	<list style="symbols">
	<t>Change to standards track as agreed with shepherd/AD.</t>
	</list>
	</t>
	<t>From -09 to -10:
	<list style="symbols">
	<t>Tweaks to fit being AD sponsored.</t>
	</list>
	</t>
	<t>From -08 to -09:
	<list style="symbols">
	<t>Minor clarification of encoding based on current
	OpenSSL ECH feature branch code.</t>
	</list>
	</t>
	<t>From -07 to -08:
	<list style="symbols">
	<t>Processed some github comments</t>
	</list>
	</t>
	<t>From -06 to -07:
	<list style="symbols">
	<t>Refresh due to expiry.</t>
	</list>
	</t>
	<t>From -05 to -06:
	<list style="symbols">
	<t>Refresh due to expiry.</t>
	</list>
	</t>
	<t>From -04 to -05:
	<list style="symbols">
	<t>Refresh due to expiry.</t>
	</list>
	</t>
	<t>From -03 to -04:
	<list style="symbols">
	<t>Refresh due to expiry.</t>
	</list>
	</t>
	<t>From -02 to -03:
	<list style="symbols">
	<t>Refresh due to expiry and not possible ISE destination</t>
	</list>
	</t>
	<t>From -01 to -02:
	<list style="symbols">
	<t>ECHO -> ECH</t>
	</list>
	</t>


	<t>From -00 to -01:	<!-- [rfced] Please review the "Inclusive Language" portion of the online
	<list style="symbols">	Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
	<t>ESNI -> ECHO</t>	and let us know if any changes are needed. Updates of this nature typically
	</list>	result in more precise language, which is helpful for readers.
	</t>


	</section>	Note that our script did not flag any words in particular, but this should
		still be reviewed as a best practice.
		-->

	</back>	</back>
	</rfc>	</rfc>

End of changes. 46 change blocks.
	229 lines changed or deleted	189 lines changed or added
This html diff was produced by rfcdiff 1.48.