> > The idea I had the other day is that we can technically do SNI
> > encryption with the current TLS 1.3 draft, as-is.
Yeah, some of us talked about this in Dallas, etc., when the "semi-static EDH
key" really started to take hold. I showed slides at the interim before IETF
90 in Toronto, that seemed to convince everyone that it doesn't really get you
the privacy you think you get. (I couldn't find them in the meeting materials;
if anyone wants the PDF let me know.) There's still the DNS leakage, to which
dkg reasonably points out that we should not succumb to the deadly embrace of
each component waiting for the other.
> And how often will the same client visit multiple servers at the same
> transport address?
Anyone who visits sites hosted by a CDN. And, I suspect, many large portals.
> I don't really see this as viable or worth the effort.
Agree.
/r$
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
