On Wed, Oct 9, 2019 at 5:47 AM Rob Sayre <say...@gmail.com> wrote: > > > On Wed, Oct 9, 2019 at 7:31 PM Salz, Rich <rs...@akamai.com> wrote: > >> >> - A link from CDN to Origin is just a particularly easy-to-deploy use >> case, since client certificates are already in wide use and IPv6 tends to >> work flawlessly. >> >> >> >> It does? Gee, cool. >> >> I was being sarcastic, not angry. I shouldn’t have done so. >> >> >> >> But now I am not sure what you are asking for. Asking about CDN to >> Origin using ESNI or ESNI with a client cert? >> > > I'm wondering what the backhaul traffic from CDN to Origin looks like, > even if a user-agent request to the CDN used ESNI. I noticed that many CDNs > provide client certificates. > > In TLS handshakes that use a client certificate, it seems like the SNI > might be able to be sent with the second message from the client (alongside > the client certificate). >
How would that work? The SNI is used by the server to determine what certificate to send. That's why it's sent in CH. -Ekr > thanks, > Rob > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
