Hiya,
On 04/11/2025 14:52, Nick Sullivan wrote:
Dear TLSWG, Dennis and I have submitted this draft for consideration based on the discussion from the last IETF on ECH updates:
I'm happy to see this work proceed.
Authenticated ECH Config Distribution and Rotation https://datatracker.ietf.org/doc/html/draft-sullivan-tls-signed-ech-updates-00 There will be a discussion slot at tomorrow's meeting. Comments welcome, though the content is in its early stages and we have some minor updates we haven't published yet.
I had a fairly quick scan, a couple of comments: - I'm not sure if the RPK thing would be that easy to implement in e.g. clients like curl - I guess it could be handled in the same ways that cookies are, but that's always seemed awkward. - I'm also not that keen on the not_after field - adding another thing that needs to be synchronised isn't desirable. - WRT the X.509 variant, I don't recall that we've ever gotten a new critical extension into widespread use so that might be worth thinking more about - I'd really hope we end up with one mechanism only and no variants. Again though, I think we should work on this. Cheers, S.
Nick _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
