On Tue, Feb 16, 2021, at 1:02 PM, Eric Rescorla wrote: > I am not in favor of shrinking this to a single byte, as it > significantly limits future flexibility. > > As far as I can tell, the argument here is to limit the entropy > available for tracking, but recall that in this case the attacker > controls the DNS and they can (for instance) provide a unique IPv6 > address, so this doesn't see, like a good tradeoff.
That's true, but I'd personally prefer one tracking vector to two. This structure also better aligns with other proposed use cases for HPKE configurations. I also don't see an immediate need for flexibility in this value given that there are extensions in ECHConfigContents already. That said, my primary goal here is consistency. I'd be happy with whatever outcome provided that it's usable in other contexts where we need HPKE configurations, Oblivious DoH being one of them. Best, Chris > > -Ekr > > > On Tue, Feb 16, 2021 at 5:44 AM Christopher Wood <[email protected]> wrote: > > On the heels of this change, here's another PR that I'd folks to weigh in > > on: > > > > https://github.com/tlswg/draft-ietf-tls-esni/pull/381 > > > > Thanks, > > Chris > > > > On Mon, Feb 8, 2021, at 2:29 PM, Christopher Wood wrote: > > > We previously had a server-selected label for the ECHConfig, but that > > > has since been replaced with a client-computed identifier. There are a > > > couple of problems with this change in practice (see [1]), so the > > > following PR proposes reverting back to the old behavior: > > > > > > https://github.com/tlswg/draft-ietf-tls-esni/pull/376 > > > > > > There is a separate issue [2] regarding the length of this identifier, > > > but we can address that separately. > > > > > > Please have a look at the PR and provide feedback. We'd like to merge > > > this soon. > > > > > > Thanks, > > > Chris > > > > > > [1] https://github.com/tlswg/draft-ietf-tls-esni/issues/375 > > > [2] https://github.com/tlswg/draft-ietf-tls-esni/issues/379 > > > > > > _______________________________________________ > > > TLS mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/tls > > > > > > > _______________________________________________ > > TLS mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
