On Wed, Oct 9, 2019 at 5:47 AM Rob Sayre <[email protected]> wrote: > > > On Wed, Oct 9, 2019 at 7:31 PM Salz, Rich <[email protected]> wrote: > >> >> - A link from CDN to Origin is just a particularly easy-to-deploy use >> case, since client certificates are already in wide use and IPv6 tends to >> work flawlessly. >> >> >> >> It does? Gee, cool. >> >> I was being sarcastic, not angry. I shouldn’t have done so. >> >> >> >> But now I am not sure what you are asking for. Asking about CDN to >> Origin using ESNI or ESNI with a client cert? >> > > I'm wondering what the backhaul traffic from CDN to Origin looks like, > even if a user-agent request to the CDN used ESNI. I noticed that many CDNs > provide client certificates. > > In TLS handshakes that use a client certificate, it seems like the SNI > might be able to be sent with the second message from the client (alongside > the client certificate). >
How would that work? The SNI is used by the server to determine what certificate to send. That's why it's sent in CH. -Ekr > thanks, > Rob > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
