I agree with Hannes that a pre-existing relay infrastructure can be used to tunnel TLS in place of SNIF relay. The CA proxy is still needed to maintain the cert.
As per Eric Rescorla's arguments, i can also envision a possibility to upgrade an established SNIF control socket to MASQUE over H2, or to use MASQUE over QUIC as an alternative. However I still don't see any added value in doing so, opposed to multiple added complications, as I don't see a practical case with a large number of concurrent SNIF service connections. If anybody has a different opinion please chime in. On March 5, 2022 3:15:27 PM EST, Michael Richardson <[email protected]> wrote: > >Hannes Tschofenig <[email protected]> wrote: > > Based on what you wrote below I was actually wondering if the use of > > TLS or DTLS at the application layer wouldn’t even be a better > >It took me a few moments to realize you meant ATLAS. >There is also, now, oblivious HTTP/TLS. > >-- >Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > >
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
