Re: [TLS] SNI from CDN to Origin (was I-D Action: draft-ietf-tls-sni-encryption-08.txt)

On Sat, Oct 12, 2019 at 12:11 AM Salz, Rich wrote: > > >- How does a request of the form "username.example.com > >

Re: [TLS] SNI from CDN to Origin (was I-D Action: draft-ietf-tls-sni-encryption-08.txt)

some thoughts after catching up on this thread: * cdn -> origin ime generally resolves via DNS for the same reason you want anything else to resolve via DNS: a level of indirection is handy for management. Occasionally it bypasses DNS for the same reasons you want anything to bypass DNS: a level o

Re: [TLS] SNI from CDN to Origin (was I-D Action: draft-ietf-tls-sni-encryption-08.txt)

On Sat, Oct 12, 2019 at 9:10 PM Patrick McManus wrote: > > tldr; imo none of this works if the origin does not have a decent > anonymity set potential. If it does, just reuse esni for that hop rather > than minting something new. > Thank you for the thoughtful response. I think it might be helpf

[TLS] Weekly github digest (TLS Working Group Drafts)

Issues -- * tlswg/tls-subcerts (+0/-4/💬12) 2 issues received 12 new comments: - #28 PSS (11 by grittygrease, siyengar, wbl, cjpatton, martinthomson) https://github.com/tlswg/tls-subcerts/issues/28 - #33 Consider changing name from "Delegated Credentials" to "Delegated Authentication