Hiya, Sorry if I'm missing a bit of context...
On 02/06/2020 18:28, Christian Huitema wrote: > clients prevent server identification by sending > an empty record_digest field in the ClientEncryptedCH, and That seems to me to be an unnecessary breach of the do-not-stick-out requirement. In my code it was quite easy to attempt trial decryption (if so configured). I don't think there's an expectation of a use-case where the number of keys in use would be so high as to cause a problem. So I'd prefer the client in that case to just send random data of the usual length. That said, ECH is sticking out a lot already so this is not a huge deal;-) Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
