On Tuesday, July 23, 2024 1:56:50 PM PDT Ben Schwartz wrote:
> It seems like there's some confusion here. ECH is an extension to TLS that
> is still under development (and now nearly final). Use of ECH is optional
> in TLS 1.3. Any entity that can control the TLS version in use also has
> the ability to disable ECH, so allowing TLS 1.3 does not require an
> administrator to permit ECH.
>
> --Ben Schwartz
If a client who tries TLS 1.3 with ECH can be detected by an enterprise ("next
generation") firewall using the spoofed-SYNACK trick so common for HTTPS, and
made to fail, and would then have some reason to retry TLS 1.3 without ECH,
rather than just giving up or moving straight to TLS 1.2, this is the first
i'm hearing of it. is this advice-to-implementors specified somewhere? i'd
like to see it referenced in:
https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/
...and i suggest simply referencing that advice in the draft under discussion.
--
P Vixie
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
