Closed davidben closed 12 months ago
I concur with @davidben here, and I think we just need a new registry.
+1 to a new registry, I'd be even happier if we ditched the concept entirely and left extensibility to only be exercised via the TLS extension code-point; if we're not willing to do that then I'd be moderately happy if we removed the mandatory ECHConfig idea - deploying one of those is really going to be like a new TLS extension code-point so there's no benefit I think
note: I expect I'm probably in the rough there but no harm trying:-)
I'm not sure how I only noticed this now, but
ECHConfigContents
reuses the TLSExtension
structure...That would suggest ECH uses the same
ExtensionType
enum as TLS extensions. I.e. we share a codepoint space and registry. But then we don't do anything with the "TLS 1.3" column. We also introduce our own rule here:But if it's meant to be a separate enum, we haven't defined the name of the enum or a registry or anything, it's unclear how anyone could allocate them. We'd probably also need our own struct definition to inject the new enum in there.