On Wed, Feb 17, 2021, at 08:31, Christopher Wood wrote: > That's true, but I'd personally prefer one tracking vector to two. This > structure also better aligns with other proposed use cases for HPKE > configurations. I also don't see an immediate need for flexibility in > this value given that there are extensions in ECHConfigContents already.
I don't see the tracking angle as relevant here. The only things that might matter is size, collision probability (for greasing), and consistency. Size doesn't matter, because it's a handful of bytes at most; collisions matter little because the cost is a resource the server is prepared to spend anyway; consistency with something that can also change isn't worth much. The primary argument I would have in support of this is YAGNI. The number of active keys should be much smaller than 256, and there's a slot for extensions should that need arise. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
