On Fri, Oct 11, 2019 at 5:37 AM Martin Thomson <m...@lowentropy.net> wrote:
> On Fri, Oct 11, 2019, at 07:57, Ben Schwartz wrote: > > The obvious solution is for the TLS client (i.e. the CDN) to support > > direct entry of ESNI public keys alongside the IP address. Users who > > want to be able to rotate their ESNI keys more easily should use a > > backend identified by a domain name that is distinct from the > > user-facing origin hostname. > > I was about to say the same thing. No need to get fancy. > Isn't that more complicated than sending the SNI in the second client message, though? thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
