* I'd like to propose a solution to the ESNI + Multi-CDN problem (which has
been discussed a lot on this list already). My suggestion is that we define
the ESNI DNS record format as optionally including "stapled" A/AAAA records.
As in a multiple response? That might be interesting, but it allows an
adversary to just strip those responses, right?
> This kind of address stapling would only be required of CDN operators who
> want to support multi-CDN deployments.
Or anyone who maintains DNS records for a site that wants multi-CDN. Many of
our customers, for example, maintain their own DNS. It’d say its common
because they want switch quickly (very short TTL). Yes, this usually is okay
because the initial redirection is done via CNAME, but it is worth calling out
that explicitly.
/r$
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
