On Fri, Aug 28, 2015 at 12:13:03PM -0400, Dave Garrett wrote:
> The idea I had the other day is that we can technically do SNI encryption
> with the current TLS 1.3 draft, as-is. All that needs to really be done
> is stick it in a 0-RTT EncryptedExtensions, preferably only when the server
> specifies that it is allowed via adding a flag to server config. This
> would require the actual server share the 0-RTT DH key across the virtual
> servers it's picking via SNI, so early data probably should be off in this
> instance for many use-cases.
So the client would now need to cache some session data by transport
address, and other data by name and port. That's rather complex.
And how often will the same client visit multiple servers at the
same transport address?
I don't really see this as viable or worth the effort.
> I don't think encrypted SNI to servers without any prior information is
> really that viable, and that's been said before by others on this list.
I don't think SNI hiding is viable without encryption at the
transport or network layers. And there's still a metadata leak
via DNS which may prove difficult to address.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
