Hi folks, After substantial deliberation on the public name and reference identity topic, I think we're zeroing in on two possible changes that effectively prohibit use of IPv4 addresses in ECHConfig.public_name. Here's a quick summary of the proposals:
- https://github.com/tlswg/draft-ietf-tls-esni/pull/436: Encourage TLS to check and filter ECHConfigs based on whether ECHConfig.public_name is an IPv4 address, and defer validation and use of ECHConfig.public_name to the application. - https://github.com/tlswg/draft-ietf-tls-esni/pull/447: Punt ECHConfig.public_name IPv4 address filtering to the application. It would be helpful if folks weighed in on which option they prefer, taking into account changes asked of the TLS stack, its effect on the application and client-facing server connections, and future spec changes. Thanks, Chris _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
