I am implementing the ECH draft, and there is something a little unclear.
Suppose a backend server "backend.example.com" implementing the application protocol "example" (i.e., not H3). Before connecting, the client looks up the corresponding SVCB record, and finds an ECH parameter stating that the public server is "facing.example.com". How exactly is the client going to find the ALPN used to connect to "facing.example.com"? What about the port number?
Yes, the client could do a DNS lookup to find details about "facing.example.com", but should that request be for the SVCB record corresponding to the "example" service, or for the HTTPS record corresponding to H3?
Obviously, the practical answer is "connect to `facing.example.com` port number to 443 setting the outer ALPN to H3." But is that the right answer?
-- Christian Huitema _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
