On Mon, Oct 21, 2019 at 3:24 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > > On 21/10/2019 20:14, Rob Sayre wrote: > > I have seen MTUs under 1500 many times, but nothing under 1200. Is there > > data on this? (I honestly haven't seen any) > > My assumption is that maybe 90% of names are <60 octets. > That means padding_length of 260 is wasting roughly > 200 octets, almost all the time (hi there GREASE!).
Note that the current text in the editors' draft says that when applying GREASE, "The padded_length value SHOULD be 260 or a multiple of 16 less than 260.". We don't need GREASE to send 260 all the time, and the draft doesn't recommend it. Personally, I expect that 260 will be rare for real deployments, because most systems serve a fixed, known set of domains, and those that serve a large, dynamic set probably already impose a tighter length limit. One intriguing alternative would be to define some ESNI ciphersuites that encrypt a strong hash of the name. Then a server with a large but finite name database can choose one of these ciphersuites, pre-compute hashes for names when entering them into the DB, and quickly invert incoming hashes with a DB lookup. I wouldn't want to make this the only option because it can't support true wildcard servers, but I think it would cover most potential users while limiting the length to 32 octets or similar. > If that's 20% of what remains available in an MTU then > it's still wasted as it'll no longer be available for > whatever other things people wanna send with or add > to a CH. > > Prediction: if we stick with the current design, in > a few years, if ESNI gets widely deployed, we'll have > to revisit that aspect and come up with some more > efficient way to solve the problem, and that'll mean > ignoring the value 260 in then-deployed ESNIKeys;-( > > S. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
