Hi, I see the issue of tracking and blocking via record_digest has come up a few times in the github repository, but I don't understand the resolution.
If someone wanted to observe or block traffic to "example.com", couldn't they retrieve the ESNI keys, calculate the record_digest themselves, and then use that to spot traffic to "example.com"? Is the idea that DNS providers will vary the shared keys? thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
