I don't think a MUST would be totally inappropriate but it's possible to get into a state where you have a mismatch due to DNS latency or partial rollback, so this MUST will be violated in practice in some cases (though as you indicate, that's not good). ECH has a way to recover from these conditions,
-Ekr
On Wed, Oct 23, 2024 at 9:45 AM Barry Leiba via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Barry Leiba
Review result: Ready with Nits
Just two small comments on this straightforward document:
— Section 3 —
Figure 1: ECH SvcParam with a public_name of "ech-sites.example.com"
The example actually encodes example.net, not example.com
[This was a test to see if we check these things, right? :-) ]
— Section 4 —
These servers SHOULD support a protocol version that is compatible
with ECH.
Why is this not a MUST? What might be a reason to publish an ECH record for a
server that doesn’t support ECH?
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
