Daniel Kahn Gillmor:
> On Fri 2019-11-22 05:13:13 +0000, Stephen Farrell wrote:
>> I'm not sure if this draft ought specify behaviour for
>> such clients, but I can try add text describing the various
>> cases I guess. (If that text were to stay in, then I'd
>> guess that it'll make this document too long to include
>> in the base ESNI/ECHO draft thus taking that option off
>> the table maybe.)
>
> The other option would be to make non-"zone factory" clients explicitly
> out of scope, and spend a couple sentences describing why. And then
> note how if you're going to play these games as a non-"zone factory"
> client you really need to think it through a lot more than this draft
> does.
That seems reasonable to me, since this is obviously useful in the zone
factory use case, while other strong use cases haven't really arisen
yet, from what I've seen. Such a use case could come along though.
> At the same time, for $COVER to publish this information potentially
> puts $COVER at more risk, right?
I think it is also important to note that for the obvious use case, I
don't think this adds risk to $COVER. If $COVER is megacdn.com where
$HIDDEN is hosted, then megacdn.com assumes no new risk since it is
already clear that megacdn.com is hosting $HIDDEN.
..hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
