Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt

Brotli has a dictionary built into the algorithm. I believe that is indeed being used, as it's a part of Brotli. I think the earlier email was saying no external certificate-specific dictionary used. Brotli 1.03 and 1.05 each changed the standard dictionary—didn’t they? Perhaps I am misreading

Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-04.txt

>> WG - I’d like to echo Alessandro request for reviews. If this outstanding >> WG item is not resolved before IETF103 we will discuss the outstanding issue >> there, and barring any other major issues we are planning to WGLC the draft >> after IETF103. >> >> One question: There was some disc

Re: [TLS] DNS-based Encrypted SNI

Looks neat. 1) TFO DOS vector: is the idea servers will disable TFO under strain but not be able to disable ESNI? 2) “clients might opt to attempt captive portal detection to see if they are in the presence of a MITM proxy, and if so disable ESNI.” If I’m operating a great firewall, I can use

Re: [TLS] Asymmetric TLS

I suspect the right place to do this is not at the TLS layer. As Bill said: do it with two TLS sessions, and then provide authenticated, cacheable objects. The sub-resource-integrity system tried to achieve that, and seems to get pretty close. -Brian > On Apr 4,