Hi, On Mon, Sep 30, 2019 at 04:29:38PM +0200, Daniel Stenberg via curl-library wrote: > On Mon, 30 Sep 2019, Niall O'Reilly wrote: > > > > And the TXT one is just in the draft that will soon go away, right? > > > > IIUC, it's in service in Cloudflare's pilot implementation, so I think > > "will soon go away" is true only for a value of "soon" which depends (a) > > on the IETF process reaching a stage where IANA assign an official ESNI > > code point instead of TYPE65439, and (b) Cloudflare complete a migration > > process. > > > > Draft 3 (binary blob with signature 0xFF02) seems more likely to me to > > go away soon, as I'm not aware of any deployment at scale.
Draft 3 is most likely not going to be implemented by Cloudflare. It does not make sense to implement something that is not supported by major clients (Firefox and Chrome). > > This all may depend on how the IETF process for SVCB and HTTPSSVC converge. > > ... and also what the other "big players" do. Firefox has an ESNI > implementation that I figure they like having in sync with for example > Cloudflare. I figure there's a risk the first version will remain lingering > around for a while until there seems to be a consensus on the new draft's > method *and* some efforts done to upgrade Cloudflare, Firefox and the likes. > > So yeah, maybe continue with the TXT format supported for now but with the > knowledge that we can probably rip that code out again at a later point. > > (It seems Chrome has not yet implemented ESNI: > https://bugs.chromium.org/p/chromium/issues/detail?id=908132) Chrome uses boringssl and will use whatever draft version is implemented in boringssl. At the moment there is an in-progress patch for draft 4: https://boringssl-review.googlesource.com/c/boringssl/+/37704 I have updated the current state of art here accordingly: https://github.com/cloudflare/tls-tris/issues/138#issuecomment-479521149 TXT support will not remain forever. As soon as Cloudflare moves to a newer ESNI draft version, support for the previous draft is most likely dropped (the same happened with how TLS 1.3 was deployed for example). -- Kind regards, Peter Wu https://lekensteyn.nl ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
