allowing one origin to "speak for" multiple others

[sftcd]

Part of @martinthomson's review

Quoting from the mail:

The current design involves publishing information for a multitude of

Well, s/involves/allows/ is maybe more accurate but that's a nit-pick...

ECHConfigList values and multiple target names (and ports). It is not obvious that it is safe to have one origin speak for multiple others in this way or what conditions might be necessary to have that happen safely. If there is a validation process involved, that might work. The process in S6 is too loose for me to be confident in that being sufficient.

That's fair. What's defined now supports (hourly) ECH key rotation for the set of test servers I have on different ports of the same VM. In that case, there's a different http server implementation listening on each port, which I guess would be an extremely unlikely production configuration, but OTOH, it seems right to be able to support that odd case. And I think if we can support that odd case, then we'll also be ok for more likely production cases.

[richsalz]

The text says that the ZF must validate the keys by trying to connect to every instance listed in the endpoints. Does that need to be made more explicit? What's missing from that validation?