I am not in favor of shrinking this to a single byte, as it significantly limits future flexibility.
As far as I can tell, the argument here is to limit the entropy available for tracking, but recall that in this case the attacker controls the DNS and they can (for instance) provide a unique IPv6 address, so this doesn't see, like a good tradeoff. -Ekr On Tue, Feb 16, 2021 at 5:44 AM Christopher Wood <c...@heapingbits.net> wrote: > On the heels of this change, here's another PR that I'd folks to weigh in > on: > > https://github.com/tlswg/draft-ietf-tls-esni/pull/381 > > Thanks, > Chris > > On Mon, Feb 8, 2021, at 2:29 PM, Christopher Wood wrote: > > We previously had a server-selected label for the ECHConfig, but that > > has since been replaced with a client-computed identifier. There are a > > couple of problems with this change in practice (see [1]), so the > > following PR proposes reverting back to the old behavior: > > > > https://github.com/tlswg/draft-ietf-tls-esni/pull/376 > > > > There is a separate issue [2] regarding the length of this identifier, > > but we can address that separately. > > > > Please have a look at the PR and provide feedback. We'd like to merge > > this soon. > > > > Thanks, > > Chris > > > > [1] https://github.com/tlswg/draft-ietf-tls-esni/issues/375 > > [2] https://github.com/tlswg/draft-ietf-tls-esni/issues/379 > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
