On Thu, Oct 10, 2019 at 8:12 PM Rob Sayre <say...@gmail.com> wrote: > On Fri, Oct 11, 2019 at 5:37 AM Martin Thomson <m...@lowentropy.net> wrote: > >> On Fri, Oct 11, 2019, at 07:57, Ben Schwartz wrote: >> > The obvious solution is for the TLS client (i.e. the CDN) to support >> > direct entry of ESNI public keys alongside the IP address. Users who >> > want to be able to rotate their ESNI keys more easily should use a >> > backend identified by a domain name that is distinct from the >> > user-facing origin hostname. >> >> I was about to say the same thing. No need to get fancy. >> > > Isn't that more complicated than sending the SNI in the second client > message, though? >
Well, both of these are more complicated than Host header. What's wrong with that? -Ekr > thanks, > Rob > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
