From 76741468b5f2defc5212506c2d27805e727742d1 Mon Sep 17 00:00:00 2001 From: Christopher Wood Date: Mon, 9 Oct 2023 17:04:39 -0400 Subject: [PATCH] Cite draft-ietf-tls-svcb-ech for ECH in DNS --- draft-ietf-tls-esni.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/draft-ietf-tls-esni.md b/draft-ietf-tls-esni.md index d70b5b6b..2a5504a7 100644 --- a/draft-ietf-tls-esni.md +++ b/draft-ietf-tls-esni.md @@ -167,8 +167,11 @@ A client-facing server enables ECH by publishing an ECH configuration, which is an encryption public key and associated metadata. The server must publish this for all the domains it serves via Shared or Split Mode. This document defines the ECH configuration's format, but delegates DNS publication details -to {{!HTTPS-RR=I-D.ietf-dnsop-svcb-https}}. Other delivery mechanisms are also -possible. For example, the client may have the ECH configuration preconfigured. +to {{!HTTPS-RR=I-D.ietf-dnsop-svcb-https}}. See +{{!ECH-IN-DNS=I-D.ietf-tls-svcb-ech}} for specifics about how ECH +configurations are advertised in HTTPS records. Other delivery mechanisms are +also possible. For example, the client may have the ECH configuration +preconfigured. When a client wants to establish a TLS session with some backend server, it constructs a private ClientHello, referred to as the ClientHelloInner.