> > I'm wondering what the backhaul traffic from CDN to Origin looks like, > even if a user-agent request to the CDN used ESNI. I noticed that many CDNs > provide client certificates. >
Some origins do require client certificates, but not all. This is up to the customer. In TLS handshakes that use a client certificate, it seems like the SNI > might be able to be sent with the second message from the client (alongside > the client certificate). > As I alluded to in the footnote from my last reply, I'm not sure how much value this would have since the identity of the origin is typically evident from the destination IP. Kyle >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
