> So is it possible to transfer the accept_confirmation in some plain text > extensions > like Key Share, or other dedicated extension? >
Just a historical note here: the acceptance signal was designed this way so that the client has an explicit signal of whether the server used the inner ClientHello (CH) or the outer CH. Further, we decided that the signal shouldn't be an extension due to the risk of middleboxes doing something weird with it. We call this "sticking out". See https://github.com/tlswg/draft-ietf-tls-esni/issues/274 for the initial(?) discussion. This idea was derived from my attempt to implement encrypted TLS SNI Proxy. > The SNI > does not only expose privacy information, many ISP use it to block certain > web site. > Even though the current draft of ECH works to protect the ClientHello, it > can only > protect the sites that deployed the ECH. > Your suggestion reminds me of Option (2) in that issue. See Nick's point here: https://github.com/tlswg/draft-ietf-tls-esni/issues/274#issuecomment-677851703 However, see David's comment here: https://github.com/tlswg/draft-ietf-tls-esni/issues/274#issuecomment-677893312 Chris P.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
