Encrypted SNI (ESNI) Version Published On DNS Records doesen't match standard

I am working on and trying to understand how cloudflare ESNI System works so I have been querying _esni TXT records on sites hosted by cloudflare. While trying to parse them I ran into a problem. The version advertised on domains is 0xff01 but there is right after the 4 checksum octets there is a 16 bit value that is not apart of 0xff01 version of ESNI standard described in draft-ietf-tls-esni-02 or draft-ietf-tls-esni-01.
Am I doing something wrong or is there a explanation for those bits? Here is a exzample key published “/wGa+xftACQAHQAgCn70jbGX9n2fB39r42FNMHXMPwO3CulQBdEl+toDuloAAhMBAQQAAAAAXaeE0AAAAABdr23QAAA=”

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.