This looks good to me, modulo Rich's points and one more minor thing. "Use of ECH yields an anonymity set of cardinality equal to the number of ECH-enabled server domains supported by a given client-facing server" ( https://www.ietf.org/id/draft-ietf-tls-svcb-ech-02.html#section-5.1-2). This is only true when certain conditions are meant. Suppose for example that the client-facing server maps one of the backend server domains to a unique IP address not used for any other backend server: this would reduce the anonymity set by 1.
I think we can address this simply by saying "... an anonymity set of cardinality no larger than the number of ..." Chris P. On Fri, Jun 21, 2024 at 9:27 AM Sean Turner <s...@sn3rd.com> wrote: > Gentle reminder this WGLC is still ongoing. > > spt > > > On Jun 12, 2024, at 14:10, Sean Turner <s...@sn3rd.com> wrote: > > > > This email starts the working group last call for "Bootstrapping TLS > Encrypted ClientHello with DNS Service Bindings” I-D, located here: > > > > https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/ > > > > The WG Last Call will end 26 June 2024 @ 2359 UTC. > > > > Please review the I-D and submit issues and pull requests via the GitHub > repository that can be found at: > > > > https://github.com/tlswg/draft-ietf-tls-svcb-ech > > > > Alternatively, you can also send your comments to tls@ietf.org. > > > > Thanks, > > spt > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
