On Tuesday, July 23, 2024 1:56:50 PM PDT Ben Schwartz wrote: > It seems like there's some confusion here. ECH is an extension to TLS that > is still under development (and now nearly final). Use of ECH is optional > in TLS 1.3. Any entity that can control the TLS version in use also has > the ability to disable ECH, so allowing TLS 1.3 does not require an > administrator to permit ECH. > > --Ben Schwartz
If a client who tries TLS 1.3 with ECH can be detected by an enterprise ("next generation") firewall using the spoofed-SYNACK trick so common for HTTPS, and made to fail, and would then have some reason to retry TLS 1.3 without ECH, rather than just giving up or moving straight to TLS 1.2, this is the first i'm hearing of it. is this advice-to-implementors specified somewhere? i'd like to see it referenced in: https://datatracker.ietf.org/doc/draft-campling-ech-deployment-considerations/ ...and i suggest simply referencing that advice in the draft under discussion. -- P Vixie _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org