Closed ekr closed 4 months ago
On 25/02/2024 21:44, Eric Rescorla wrote:
Suppose that I connect to a server with public name
example.com
and it gives me an ECHConfig with public nameexample.org
. Is this OK?
If the same server certificate covers both, then I'd say that's ok. But I'd have to add an extra check I think, if we figure a library ought enforce any related checks, so I'd likely be fine with other constraints or with no constraint (at the library level).
S.
@martinthomson @davidben?
I can't see an attack that might arise from changing the public name. It creates some interesting cross-provider interactions.
OK, so I'm just going to close this with no change.
Suppose that I connect to a server with public name
example.com
and it gives me an ECHConfig with public nameexample.org
. Is this OK?