[ech] custom TLS client hello extensions

Stephen Farrell stephen.farrell at cs.tcd.ie
Fri Mar 3 15:32:10 UTC 2023


On 03/03/2023 09:45, Matt Caswell wrote:
> I think the main use case that I'm aware of for custom extensions is to 
> support signed_certificate_timestamp. There's no direct built-in support 
> for that but its straight forward to add it via a "serverinfo" file 
> which uses the custom extensions API.
> As previously mentioned we're using it internally for quic transport 
> parameters.

So, I don't think there's any sensitivity with that CH
extension, which again seems to argue for an initial
approach of just compressing all custom exts within the
inner CH.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE4D8E9F997A833DD.asc
Type: application/pgp-keys
Size: 1197 bytes
Desc: OpenPGP public key
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230303/61e4c915/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://mta.openssl.org/pipermail/ech/attachments/20230303/61e4c915/attachment.sig>

More information about the ech mailing list