Re: [quicwg/base-drafts] The method of identifying "the same server" (#3155)

MikkelFJ <> Thu, 31 October 2019 08:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB273120876 for <>; Thu, 31 Oct 2019 01:31:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.382
X-Spam-Status: No, score=-6.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZZUcgUu-eW8I for <>; Thu, 31 Oct 2019 01:31:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 42E58120048 for <>; Thu, 31 Oct 2019 01:31:26 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D13CCA0C4E for <>; Thu, 31 Oct 2019 01:31:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572510684; bh=yPqljnwc/UhOMuSNsmCIZZa9SZ3fAOMJATfUAcD3v9g=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=LYBZKqPPkoz/bA4gFWlNP+85FTIOiHgs3JAispBymJE+9q5IV4yaDm4gKZbbFI3cp q9a84MUghX3pRCSNgda+0eE4iv7MnmeRYxFzBAw3+9Jw2miSUvYzUFE+l8pIpG1n+Q ljjwHbXW9rT2A4Pb61nWx+Sm4TrJWiqKZg61pP+o=
Date: Thu, 31 Oct 2019 01:31:24 -0700
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3155/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] The method of identifying "the same server" (#3155)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dba9bdcc35b2_65263fd3278cd96413644a3"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 08:31:28 -0000

As I wrote in
I think there is an aspect of certificate privacy where you can reconnect with a different server certificate after you obtain a secret salt. Making "same server" too narrow would prevent the privacy benefits of such an approach.`

Publishing a link between such certificates would kind of defeat the point, so there is a chicken/egg problem here. However, if the client has out of band knowledge of another domain that works, it should be allowed to use it.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: