On Tue, Dec 18, 2018 at 01:58:53AM +0000, Stephen Farrell wrote: > On 17/12/2018 23:33, Nico Williams wrote: > > Maybe we do both, the current ESNI proposal and this as an alternative > > for when ESNI keyshare orchestration is difficult, and in that case you > > don't get to do split mode. > > Interesting that the above overlaps a bit with the PR davidben > just posted. That seems promising. > > That said, I'd bet we're all generally unkeen on "do both" but > maybe the above-mentioned PR avoids that by casting the HRR-mode > as way to better handle a likely operational failure mode.
I have no dog in this hunt, but ISTM that anything we can do to simplify deployment will help a great deal. The ESNI keyshare orchestration strikes me as a big impediment to deployment, but I understand too that adding a round trip to every initial handshake is a bit much. A combination of options, or some new thing -- it's all the same to me, as long as it gets us ESNI. Oh, and not just ESNI. I also want the PSK identity payloads for non-resumption handshakes encrypted. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
