Hiya, I've started coding up the GREASE stuff from draft -04.
Aren't we missing some answering octets in EncryptedExtensions
to make it harder to tell if the CH had a real or GREASEd ESNI?
Maybe something like:
enum {
esni_accept(0),
esni_retry_request(1),
esni_grease(2),
} ServerESNIResponseType;
struct {
ServerESNIResponseType response_type;
select (response_type) {
case esni_accept: uint8 nonce[16];
case esni_retry_request: ESNIKeys retry_keys<1..2^16-1>;
case esni_grease: uint8 grease[16];
}
} ServerEncryptedSNI;
Cheers,
S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
