Closed DavidSchinazi closed 5 years ago
Agreed. At a minimum this should reference a set of A and AAAA records rather than "the record" (as many records across the A and AAAA rrsets is very common).
I think @DavidSchinazi's proposed text is fine.
@DavidSchinazi sgtm, do you plan to open a PR? I made https://github.com/ghedo/draft-ietf-tls-esni/commit/c9570cf4a00925bead63d46ecd6744288209146e but I think your wording is better.
Created #157
The document currently states:
I think this is too restrictive. If I have 100000 names and 100 IPs and for all queries I randomly return four out of my 100 IPs chosen randomly, I still provide the same anonymity set but I violate the SHOULD. How about:
Content providers operating in Split Mode SHOULD ensure that the A and AAAA records for ESNI-enabled server names do not allow identifying the server name from the IP address. This can for example be achieved by always returning the same records for all ESNI-enabled names, or by having the function that picks addresses from a pool not depend on the server name. This yields an anonymity set...