On Wed, Jul 15, 2020 at 2:25 AM Martin Thomson <[email protected]> wrote: ....
> you need to configure discovery methods and your TLS stacks with the same > information (though your TLS configuration can be more conservative in > terms of advertising a subset of what can be discovered, so that > deployments can be staged). If there are multiple ways to reach your server (multiple applicable scopes), you have to be even more conservative: you can only advertise the _intersection_ of supported protocols from all possible scopes. The ClientHello doesn't tell the server which scope the client has. Basically, I think this draft should probably either name the scope or be specific to SVCB, to avoid cases where the scope is ambiguous. Naming the scope, and providing a scope identifier meaning "IP and port number", would often be sufficient for secure QUIC upgrade without SVCB, at the cost of some conceptual complexity.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
