This seems like a reasonable suggestion to me, so long as the value is
purely a "hint", as you seem to be proposing. I would suggest structuring
it as an ECHConfig extension. This would avoid the need for multiple
points of integration between TLS and DNS, support the use of HRR hints in
other EC
Hiya,
On 26/03/2021 13:44, Ben Schwartz wrote:
This seems like a reasonable suggestion to me, so long as the value is
purely a "hint", as you seem to be proposing. I would suggest structuring
it as an ECHConfig extension. This would avoid the need for multiple
points of integration between TL
I really like this idea, but I don't see it as a solution to ECH's HRR
woes. NIck's idea boils down to providing a recipe for how to construct the
CHOuter, but AFAICT, there's nothing in the TLS or HTTPS-RR specs that
requires the client to follow this recipe. We would still need a way of
reconcili
This is more complicated than I would have liked, but I also don't see how
to simplify it. As of now, I think it's the best we can do.
-Ekr
On Thu, Mar 25, 2021 at 5:05 PM Christopher Patton wrote:
> Hi all,
>
> One of the open issues for ECH is how it interacts with HelloRetryRequest
> (HRR).
On Fri, Mar 26, 2021 at 9:30 AM Christopher Patton wrote:
> I really like this idea, but I don't see it as a solution to ECH's HRR
> woes. NIck's idea boils down to providing a recipe for how to construct the
> CHOuter, but AFAICT, there's nothing in the TLS or HTTPS-RR specs that
> requires the
(Switching the subject line because the key share hints idea seems
orthogonal to the ECH HRR issue.)
I agree with Stephen that, if we do the key share hint idea, it should be
separate from the ECHConfigList. In addition to a mismatch in describing
client-facing vs. backend servers, there are also
Hi folks,
This is a combined response to Martin Duke and to Mark Allman.
Before I respond in detail I'd like to level set a bit.
First, DTLS does not provide a generic reliable bulk data transmission
capability. Rather, it provides an unreliable channel (a la UDP).
That channel is set up with a
On Fri, Mar 26, 2021 at 3:08 PM Eric Rescorla wrote:
> Hi folks,
>
> This is a combined response to Martin Duke and to Mark Allman.
>
> Before I respond in detail I'd like to level set a bit.
>
> First, DTLS does not provide a generic reliable bulk data transmission
> capability. Rather, it provi
