New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recommend greasing PSK? #606
Comments
I just checked with NSS and we overwrite the outer values for PSK (identities and binders) with random data. That seems fairly simple to do and it makes the handshake choice harder to distinguish. Note that we do not hide the length, which might be an issue for identity, but we're already exposed to the length leakage, so fixed-length identities are best in any case. |
So that's a vote for "grease"? |
Yeah, I'm happy with it. |
👍 |
In Watson Ladd's review, he asks:
Should we use RFC 2119 language for the server as well? Right now we
only say what the client must do when the server violates the rules.
We do recommend greasing ECH. My sense is that this is on the bubble
and we could leave it as-is, but I could be persuaded otherwise.
@davidben @dennisjackson @martinthomson
The text was updated successfully, but these errors were encountered: