I don't think a MUST would be totally inappropriate but it's possible to get into a state where you have a mismatch due to DNS latency or partial rollback, so this MUST will be violated in practice in some cases (though as you indicate, that's not good). ECH has a way to recover from these conditions,
-Ekr On Wed, Oct 23, 2024 at 9:45 AM Barry Leiba via Datatracker < nore...@ietf.org> wrote: > Reviewer: Barry Leiba > Review result: Ready with Nits > > Just two small comments on this straightforward document: > > — Section 3 — > > Figure 1: ECH SvcParam with a public_name of "ech-sites.example.com" > > The example actually encodes example.net, not example.com > [This was a test to see if we check these things, right? :-) ] > > — Section 4 — > > These servers SHOULD support a protocol version that is compatible > with ECH. > > Why is this not a MUST? What might be a reason to publish an ECH record > for a > server that doesn’t support ECH? > > > -- > last-call mailing list -- last-c...@ietf.org > To unsubscribe send an email to last-call-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
