Recommend greasing PSK? #606
Comments
|
I just checked with NSS and we overwrite the outer values for PSK (identities and binders) with random data. That seems fairly simple to do and it makes the handshake choice harder to distinguish. Note that we do not hide the length, which might be an issue for identity, but we're already exposed to the length leakage, so fixed-length identities are best in any case. |
|
So that's a vote for "grease"? |
|
Yeah, I'm happy with it. |
|
👍 |
ekr
added a commit
to ekr/draft-ietf-tls-esni
that referenced
this issue
Mar 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Watson Ladd's review, he asks:
Should we use RFC 2119 language for the server as well? Right now we
only say what the client must do when the server violates the rules.
We do recommend greasing ECH. My sense is that this is on the bubble
and we could leave it as-is, but I could be persuaded otherwise.
@davidben @dennisjackson @martinthomson
The text was updated successfully, but these errors were encountered: