On 3/13/24 14:51, Watson Ladd wrote:
The reason the public_name exists is so that the connections can all have the same SNI field. Since we can't do what ESNI did, there must be something there and it should all be the same.
Could you elaborate a bit on this? Sorry I'm unfamiliar with some design decisions, but why connections all need to have the same SNI field instead of just excluding it altogether, i.e. what ESNI did?
I'm not sure what problem you want us to solve here. In the case of server offering a single domain, an attacker can determine that connections to that domain go to the server and cheaply block based on IP. As a result the threat model is one of distinguishing between connections to two different inner names.
An IP can be cheaply recycled as well, for instance restarting a VPS on a cloud provider. Furthermore, IP based blocking may even be discouraged at a higher level, for the exact reason that IPs can change pretty easily. As an operator, I might be able to migrate my hosting to a new server provider (and hence IP) trivially, but informing my users of a domain change is much harder.
While this is true, if there is a configuration mismatch (and hence ECH cannot work), why is the decision made for the server to transparently "downgrade" it to non-ECH, instead of sending some kind of alert that signifies the client to retry without ECH?DNS does not propagate atomically with webserver configuration changes. It's thus necessary to deal with mismatches.
Regards, Raghu Saxena
OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls