On Wed, Oct 23, 2019, at 2:12 PM, Stephen Farrell wrote: > > > On 23/10/2019 17:13, Ben Schwartz wrote: > > On the topic of radical suggestions, here's another one: > > https://github.com/tlswg/draft-ietf-tls-esni/pull/186 > > How about a variant like this (which is maybe close to your > most recent email, not quite sure): > > Names < N octets: pad those to N. > > Names >= N octets: hash those and pad to N. > > With N ~=64 I think that'd be ok, assuming we do some checking > that N covers a sufficient percentage of names in real use.
For this and other proposals, it seems there's different assumptions being made. I'd prefer to not make any change absent further analysis with clear guidance pointing towards a safe policy. Absent that, the safest approach (260B) seems prudent. > I think the WG could easily make the case that if some web > site really does need/want to hide in the crowd, they just > better not try do that with a gigantic DNS name. Why would such a site use ESNI at all? Best, Chris _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
