kazuho
commented
5 years ago I've added clarification re what Zx is.
Aside from that, I am not sure how much we can simplify the design. It's essentially adding a third expansion to what we already have in ESNI, which are:
key = HKDF-Expand-Label(Zx, "esni key", Hash(ESNIContents), key_length)
iv = HKDF-Expand-Label(Zx, "esni iv", Hash(ESNIContents), iv_length)To me it seems that change anything other than the label would be a complication.
The definition of the HMAC key derivation is unclear. We need to make it much simpler. Also, we want to incorporate the ICID.