bemasc
commented
1 year ago Why can't it just be the usual JSON file, at https://$PUBLIC_NAME/.well-known/origin-svcb?
Closed sftcd closed 3 months ago
bemasc
commented
1 year ago Why can't it just be the usual JSON file, at https://$PUBLIC_NAME/.well-known/origin-svcb?
sftcd
commented
1 year ago it could be the same JSON structure yep, though (I think) only the above values are needed from the split-mode frontend so I just minimised what I put in it for now. WRT the URL seems easier to include $PUBLIC_NAME.json as a filename so we can just use a standard file below the DocRoot
sftcd
commented
3 months ago This one also seems overtaken by events - ok to close?
richsalz
commented
3 months ago agree to close
In ECH split-mode there's another bit of work to do, to get the ECHConfigList to what we're calling $ORIGIN in the draft. What I've implemented for now is to use the a similar WK URI on the front-end (ECH-decryptor, presumably having the TLS private key for the public_name) with a slightly different bit of JSON. I'm using the URL "https::/$PUBLIC_NAME/.well-known/origin-svcb/$PUBLIC_NAME.json" with content like this:
[ { "regenfreq": 3600, "port": 443, "ech": "AID+DQA8AAAgACBwQ52p+VtICVLAi+4jQiGs5PxpPhwOSt3DzE3B5JjwXQAEAAEAAQANY292ZXIuZGVmby5pZQAA/g0APAAAIAAgcEOdqflbSAlSwIvuI0IhrOT8aT4cDkrdw8xNweSY8F0ABAABAAEADWNvdmVyLmRlZm8uaWUAAA==" } ]
I did consider using the retry_config instead but figured better to stick with WK URIs for this spec at least even if some other way to handle it could be figured out. (And in case the ECHConfigList passed as retry_config is the wrong one for some reason.)
Thoughts?
If the above made sense, happy to add text to the draft.