curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Managing application data fetched from DNS (eg for ESNI)

From: Peter Wu via curl-library <>
Date: Fri, 11 Oct 2019 13:58:04 +0200


On Mon, Sep 30, 2019 at 04:29:38PM +0200, Daniel Stenberg via curl-library wrote:
> On Mon, 30 Sep 2019, Niall O'Reilly wrote:
> > > And the TXT one is just in the draft that will soon go away, right?
> >
> > IIUC, it's in service in Cloudflare's pilot implementation, so I think
> > "will soon go away" is true only for a value of "soon" which depends (a)
> > on the IETF process reaching a stage where IANA assign an official ESNI
> > code point instead of TYPE65439, and (b) Cloudflare complete a migration
> > process.
> >
> > Draft 3 (binary blob with signature 0xFF02) seems more likely to me to
> > go away soon, as I'm not aware of any deployment at scale.

Draft 3 is most likely not going to be implemented by Cloudflare. It
does not make sense to implement something that is not supported by
major clients (Firefox and Chrome).

> > This all may depend on how the IETF process for SVCB and HTTPSSVC converge.
> ... and also what the other "big players" do. Firefox has an ESNI
> implementation that I figure they like having in sync with for example
> Cloudflare. I figure there's a risk the first version will remain lingering
> around for a while until there seems to be a consensus on the new draft's
> method *and* some efforts done to upgrade Cloudflare, Firefox and the likes.
> So yeah, maybe continue with the TXT format supported for now but with the
> knowledge that we can probably rip that code out again at a later point.
> (It seems Chrome has not yet implemented ESNI:

Chrome uses boringssl and will use whatever draft version is implemented
in boringssl. At the moment there is an in-progress patch for draft 4:

I have updated the current state of art here accordingly:

TXT support will not remain forever. As soon as Cloudflare moves to a
newer ESNI draft version, support for the previous draft is most likely
dropped (the same happened with how TLS 1.3 was deployed for example).

Kind regards,
Peter Wu
Received on 2019-10-11