Yes but this still depends on identity. It's not unauthenticated. | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

EE84M3i 18 days ago | parent | context | favorite | on: TLS certificate lifetimes will officially reduce t...

Yes but this still depends on identity. It's not unauthenticated.

ekr____ 18 days ago [–]

The situation is actually somewhat more complicated than this.

ECH gets the key from the DNS, and there's no real authentication for this data (DNSSEC is rare and is not checked by the browser). See S 10.2 [0] for why this is reasonable.

[0] https://tlswg.org/draft-ietf-tls-esni/draft-ietf-tls-esni.ht...

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact