Hiya, On 29/07/2019 16:07, Ben Schwartz wrote: > > I mean "so that esni_retry_requested can work".
Ah, gotcha. Fair point. Using public_name ought make this much more likely to work if it's needed. Ta, S. > This is the ESNI fallback > mechanism, where the server delivers a fresh ESNIKeys in-band, and the > client closes the socket and tries again. The client will only accept the > new ESNIKeys if the server's provided certificate validates for > public_name, but if the server has multiple public names, it will not in > general know which certificate to serve unless the client sets sni = > public_name. > > Admittedly, having multiple public names in separate certificates may not > be a common case, but as long as we view it as in-scope, we have to require > sni = public_name for general-purpose clients. Special-purpose clients > that have additional out-of-band information (like knowing that the server > only has one public name) are of course able to do whatever they want; > they're no longer tightly bound by the standard.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
