On 4 Mar 2019, at 19:24, Kazuho Oku wrote:
2019年3月3日(日) 5:57 Eric Rescorla :
On Fri, Mar 1, 2019 at 11:03 PM Mike Bishop
wrote:
Totally agree that we want to avoid the extra DNS round-trip as
often as possible. However, I see the options in the opposite light
– if all you need is #1
tificates. That'd have
2 RT penalty (or 1 RT when TCP fast open is used), but that might be
tolerable if the probability is low.
>
> -Ekr
>
>>
>>
>> From: TLS On Behalf Of Eric Rescorla
>> Sent: Friday, March 1, 2019 7:19 PM
>> To: Nick Sullivan
>> Cc:
&g
2019年3月2日(土) 1:57 Christopher Wood :
>
> On Wed, Feb 27, 2019 at 11:34 PM Kazuho Oku wrote:
> >
> > Hi Chris,
> >
> > Thank you for writing down the PRs describing possible designs that we
> > might adopt. I think it helps a lot in understanding the details and
> > making accurate comparisons.
> >
in seeing that.
-Ekr
>
> *From:* TLS *On Behalf Of * Eric Rescorla
> *Sent:* Friday, March 1, 2019 7:19 PM
> *To:* Nick Sullivan
> *Cc:*
> *Subject:* Re: [TLS] Two Multi-CDN proposals
>
>
>
>
>
> On Fri, Mar 1, 2019 at 6:39 PM Nick Sullivan 40cloudflare..
d . I have an idea where we can get some data on that.
From: TLS On Behalf Of Eric Rescorla
Sent: Friday, March 1, 2019 7:19 PM
To: Nick Sullivan
Cc:
Subject: Re: [TLS] Two Multi-CDN proposals
On Fri, Mar 1, 2019 at 6:39 PM Nick Sullivan
mailto:40cloudflare@dmarc.ietf.org>>
On Fri, Mar 1, 2019 at 6:39 PM Nick Sullivan wrote:
>
>
> On Fri, Mar 1, 2019 at 6:27 PM Christopher Wood <
> christopherwoo...@gmail.com> wrote:
>
>> On Fri, Mar 1, 2019 at 3:19 PM Mike Bishop wrote:
>> >
>> > Stephen, there are a couple complicating factors here where I think we
>> all have va
On Fri, Mar 1, 2019 at 6:27 PM Christopher Wood
wrote:
> On Fri, Mar 1, 2019 at 3:19 PM Mike Bishop wrote:
> >
> > Stephen, there are a couple complicating factors here where I think we
> all have varying knowledge gaps.
> >
> > There are two major ways of pointing to a CDN: Direct A/ recor
On Fri, Mar 1, 2019 at 3:19 PM Mike Bishop wrote:
>
> Stephen, there are a couple complicating factors here where I think we all
> have varying knowledge gaps.
>
> There are two major ways of pointing to a CDN: Direct A/ records and
> CNAMEs. The easiest way to handle key update complexiti
e
A/ records.)
However, the more common deployment scenario for multi-CDN would be a single
record (per version, eventually) from each CDN; each client would receive only
one.
-Original Message-
From: Stephen Farrell
Sent: Friday, March 1, 2019 3:53 PM
To: Mike Bishop ; Eric Rescorla
Cc:
other aspects
of the structure of ESNIKeys (but not all). There were a bunch of
mails though, so it's likely easy to miss that;-)
Cheers,
S.
>
>
>
> -Original Message- From: TLS On Behalf
> Of Stephen Farrell Sent: Thursday, February 28, 2019 2:50 AM To:
: TLS On Behalf Of Stephen Farrell
Sent: Thursday, February 28, 2019 2:50 AM
To: Eric Rescorla
Cc:
Subject: Re: [TLS] Two Multi-CDN proposals
Hiya,
On 28/02/2019 02:40, Eric Rescorla wrote:
> On Wed, Feb 27, 2019 at 5:56 PM Stephen Farrell
> mailto:stephen.farr...@cs.tcd.ie>&
On Wed, Feb 27, 2019 at 11:34 PM Kazuho Oku wrote:
>
> Hi Chris,
>
> Thank you for writing down the PRs describing possible designs that we
> might adopt. I think it helps a lot in understanding the details and
> making accurate comparisons.
>
> My comments inline.
>
> 2019年2月27日(水) 8:19 Christoph
Hiya,
On 28/02/2019 14:18, Eric Rescorla wrote:
> My understanding is that this is problematic for DNS reasons, namely that
> you are supposed to concatenate the records, and that we definitely need a
> way to go above 255 bytes. But I'm no DNS expert and if there's a way to
> have both of these,
On Thu, Feb 28, 2019 at 5:51 AM Stephen Farrell
wrote:
>
> Hiya,
>
> On 28/02/2019 13:12, Eric Rescorla wrote:
> >> That's what leads me to think that we'd be better off
> >> to have multi-valued answers when a browser looks up
> >> the RRset at _esni.www.example.com with each separate
> >> value
Hiya,
On 28/02/2019 13:12, Eric Rescorla wrote:
>> That's what leads me to think that we'd be better off
>> to have multi-valued answers when a browser looks up
>> the RRset at _esni.www.example.com with each separate
>> value matching one ESNI public share (or one CDN,
>> though I'd argue for on
On Thu, Feb 28, 2019 at 2:50 AM Stephen Farrell
wrote:
>
> Hiya,
>
> On 28/02/2019 02:40, Eric Rescorla wrote:
> > On Wed, Feb 27, 2019 at 5:56 PM Stephen Farrell <
> stephen.farr...@cs.tcd.ie>
> > wrote:
> >
> >>
> >> Hiya,
> >>
> >> On 28/02/2019 01:41, Eric Rescorla wrote:
> >>> I think you're
Hiya,
On 28/02/2019 02:40, Eric Rescorla wrote:
> On Wed, Feb 27, 2019 at 5:56 PM Stephen Farrell
> wrote:
>
>>
>> Hiya,
>>
>> On 28/02/2019 01:41, Eric Rescorla wrote:
>>> I think you're misunderstanding the scenario here: we have two CDNs A and
>>> B, and some switching service in front, so t
Hi Chris,
Thank you for writing down the PRs describing possible designs that we
might adopt. I think it helps a lot in understanding the details and
making accurate comparisons.
My comments inline.
2019年2月27日(水) 8:19 Christopher Wood :
>
> Hi folks,
>
> Below are two PRs that seek to address th
On Wed, Feb 27, 2019 at 5:56 PM Stephen Farrell
wrote:
>
> Hiya,
>
> On 28/02/2019 01:41, Eric Rescorla wrote:
> > I think you're misunderstanding the scenario here: we have two CDNs A and
> > B, and some switching service in front, so that when you lookup
> example.com,
> > you get a CNAME to A
Hiya,
On 28/02/2019 01:41, Eric Rescorla wrote:
> I think you're misunderstanding the scenario here: we have two CDNs A and
> B, and some switching service in front, so that when you lookup example.com,
> you get a CNAME to A or B, and then you get the ESNIKeySet
(ESNIKeySet is a type you've ju
On Wed, Feb 27, 2019 at 5:24 PM Stephen Farrell
wrote:
>
> Hiya,
>
> First, I think both are wrong:-)
>
> If there are really different ESNI private value holders,
> then each of those should provide separate ESNIKeys RR value
> instances
Yes, this is the idea
and the set of all of those shou
Hiya,
First, I think both are wrong:-)
If there are really different ESNI private value holders,
then each of those should provide separate ESNIKeys RR value
instances and the set of all of those should be in the RRset
returned when the ESNIKeys are queried.
Requiring different private value ho
On Wed, Feb 27, 2019 at 4:36 PM Mike Bishop wrote:
>
> Despite the additional complexity of #137, I think it's probably the better
> approach (and I would be fine with the simplification, if that makes it more
> palatable). Particularly when multi-CDN is used, there's a lot of logic
> involved
Despite the additional complexity of #137, I think it's probably the better
approach (and I would be fine with the simplification, if that makes it more
palatable). Particularly when multi-CDN is used, there's a lot of logic
involved in generating the "right" A/ record in response to a requ
24 matches
Mail list logo
