On Tue, Aug 18, 2020, at 07:09, Christopher Wood wrote: > HPKE recently removed the Hash() interface from the KDF, which means we > need to either (a) change how the config_digest (formerly > record_digest) is computed, or (b) constrain ECH to HKDF-based HPKE > ciphersuites. This PR takes approach (b): > > https://github.com/tlswg/draft-ietf-tls-esni/pull/271 > > Please have a look and provide feedback.
Was there discussion about just defining a set of hash function identifiers and adding those to the config? Or maybe just running the HPKE KDF with a fixed input. Unless I've missed something critical, you don't need any sort of preimage resistance for this, it's only for identification purposes. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
