In article <alpine.lrh.2.20.1702141415360.31...@bofh.nohats.ca> you write: >This seems like a bandaid to TLS that I think just needs >fixing in the TLS protocol.
For once I agree with Paul. If you're going to change the client anyway, why is this better than a modified handshake that sets up the encrypted channel before sending the SNI? I realize this is not a great time to open up TLS, with the dust from TLS 1.3 just settling, but there's never a good time for some stuff. You should assume that bad guys have access to passive DNS databases, so it's not hard to reverse the indirection that SNI records provide. If you used TXT records the reversal would be slightly harder, since you'd have to pick them out from all the other cruft that's encoded in _prefix TXT records. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
