Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Currently, if a server publishes a QUIC-only HTTPSSVC RRSet with ESNI, there is no way for a client to fall back to a non-QUIC connection, because doing so would reveal the SNI. This could increase the likelihood of partial outages for server admins who haven't considered the small fraction of users whose network path does not support QUIC.
Reviewers have reported concerns that this creates an undesirable level of fragility. We should consider whether there is an alternative design that would be less likely to result in accidental breakage.