Thanks for your detailed and thoughtful review. It's all trade-offs. In previous emails on this thread I acknowledged the co-dependant issue, by calling out dkg's excellement statement of it.
At the TLS interim earlier this week, Brian Sniffen (from Akamai) started a proposal that makes SNI-encryption something that can be deployed and tested on the Internet in TLS 1.3. So we'll see if it gets used and works. The earlier slides notwithstanding, it's something we (those of us at Akamai) would really like to see. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
