Jacob Appelbaum wrote: > > I hope that we'll hide the SNI data by default and I understand that a > discussion about encrypted SNI is currently scheduled for some point > in the future.
Hiding SNI data is completely silly security-wise, and any TLSv1.2 backwards-compatible ClientHello must include a plaintext visible SNI. So your client will have to know a-priori, out-of-band or be configured to TLSv1.3-only in order to avoid using a TLSv1.2-compatible ClientHello with cleartext SNI. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
