Christopher Patton

After a bit of fiddling, I don't think the current workaround is working for durable objects at all. Has anyone gotten this to work with durable objects?

@zebp pushed a change to the workaround branch that fixed my DO issue 👍

It's not my call, but I want to throw my support behind doing away with the `*Deterministic(seed []byte)` idiom and passing an `io.Reader` (typically `crypto/rand.Reader`) to randomized algorithms. While I...

That may be true, but I doubt it will be true for all KEMs that get standardized going forward. I think it's better to be general.

I like the proposed change to `Scheme`. I'd say there's no need for the new `SchemeWithSeed` -- it suffices to just pass a `seededReader` as the `io.Reader`, as you suggest.

@chris-wood, @armfazh can we close this?

This will be fixed in draft 11 by https://github.com/tlswg/draft-ietf-tls-esni/pull/420.

Hi @cuonglm, I'm not sure I'm familiar with your deployment scenario. Can you provide a bit more detail? For context, I'm not familiar with the go-vhost. To configure a client...

Setting aside ECH for a second: What do you mean by "TLS request"? Do you mean the ClientHello? Is this the sequence of events (passive proxy): 1. Client sends ClientHello...

If ECH is used in the handshake, then a passive proxy won't have access to the inner SNI. This is because the inner ClientHello is encrypted the server's HPKE public...