On Thu, Oct 10, 2019 at 8:12 PM Rob Sayre <[email protected]> wrote: > On Fri, Oct 11, 2019 at 5:37 AM Martin Thomson <[email protected]> wrote: > >> On Fri, Oct 11, 2019, at 07:57, Ben Schwartz wrote: >> > The obvious solution is for the TLS client (i.e. the CDN) to support >> > direct entry of ESNI public keys alongside the IP address. Users who >> > want to be able to rotate their ESNI keys more easily should use a >> > backend identified by a domain name that is distinct from the >> > user-facing origin hostname. >> >> I was about to say the same thing. No need to get fancy. >> > > Isn't that more complicated than sending the SNI in the second client > message, though? >
Well, both of these are more complicated than Host header. What's wrong with that? -Ekr > thanks, > Rob > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
