Hiya,
On 06/03/2025 14:47, Martin Thomson wrote:
On the broader topic, Marwan and I have a draft that looks at a different angle on this problem. That has a bunch of complicated stuff in there, but those pieces aren't necessarily core to the idea. I'm also aware of ongoing conversations about this that might lead to iterative improvements on these ideas. It would be really nice if we could have some time to talk through some of the rationale behind these different ideas and see if we can tease out the real constraints. Here's the draft that Marwan and I put together:https:// datatracker.ietf.org/doc/draft-thomson-tls-ech-pnmasq/
I agree that that's complicated:-) If we end up needing something that complex, (and I'm not saying I'm convinced we do), then we should also consider a new TLS extension code point and a new SvcParamKey, as that might a) be simpler, and/or b) easier to deploy in parallel with ECH as-is. And in that case, I suspect it'd also make sense to see how things play out with ECH for a year or so after we start to see significant numbers of independent server deployments of ECH, before doing all that. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
