Hi list, In the current ECH specification (draft-ietf-tls-esni-07), the server provides no indication of whether the inner or outer ClientHello (CH) was used. This means the client must do trial decryption to make this determination, which creates implementation complexity and potentially raises security concerns. I was hoping to get your thoughts on a couple alternatives, which strike different balances between implementation complexity and other design considerations for ECH. Follow along here:
https://github.com/tlswg/draft-ietf-tls-esni/issues/274 Thanks, Chris P.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
