On Fri, Oct 11, 2019, at 07:57, Ben Schwartz wrote: > The obvious solution is for the TLS client (i.e. the CDN) to support > direct entry of ESNI public keys alongside the IP address. Users who > want to be able to rotate their ESNI keys more easily should use a > backend identified by a domain name that is distinct from the > user-facing origin hostname.
I was about to say the same thing. No need to get fancy. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
