Hiya,
On 23/08/2022 22:51, Brian Dickson wrote:
The differences in interpretation, and the client behavior under one of those interpretations, are the problem.
I've seen a different client-behaviour issue related to ports other than 443 and ECH, but I'm unsure if that's a problem with this spec or simply an implementation issue that'll be fixed in short order. Currently chromium and firefox disagree on whether ECH is setup correctly for one of my test pages [1]. Initially, I had misinterpreted what to publish in an HTTPS RR for [1] and neither browser liked that, but even after I fixed that, (thanks to one of the browser folk educating me), only one seems to work, and the other still thinks that ECH isn't properly setup for [1]. Surprisingly though, both work for another page [2], but I wonder if that may be because ECH is also enabled for the same name on the default port. [3] If people are going to take another look at this spec, it may be useful to also see if the text relating to ports other than 443 is sufficiently clear - I know I got what to publish wrong, and the fact that browsers haven't yet landed on the same interpretation of what's needed for ECH away from port 443, may indicate a bit more clarity would be beneficial. To be clear: I'd be fine with the RFC being issued and us figuring out any useful clarifications as experiments with ECH continue over the next while - my guess is there'll be more than just this aspect of ECH to document better. Cheers, S. PS: In case you're clicking the links below - both browsers require a recent(ish) build, use of DoH and turning on a flag before they attempt ECH so you'll only see the difference if you've all that setup on your client. PPS: Some of the relevant folk were vacating recently (me included) so it could be this just gets fixed in the very near future, but I figured if there's going to be a window when some editorial/clarity text improvements might be made it was worth raising, just in case. [1] https://draft-13.esni.defo.ie:8413/stats [2] https://my-own.net:8443/ech-check.php [3] https://my-own.net/ech-check.php
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
