On Sat, Dec 05, 2015 at 02:15:07PM -0500, Watson Ladd wrote:
> I've got another question: how does the client know that the gateway
> is supposed to be the gateway? As it stands it seems an attacker can
> MITM the Gateway, and recover all SNIs.
That's a whole lot different than passively reading all the SNIs,
if not this or similar, then we're sending the SNI in the clear...
That said, ekr's post includes:
Important note: this whole discussion punts the question of how
a client knows that it can do any of this stuff. My assumption
here is that the client learns it from the Hidden server in some
unprotected connection or via some side channel (e.g., DNS).
DNS seems to make sense, because in any case the client will already
be asking for the IP address of the same said server via DNS. It
may as well ask for the 0-RTT key. If DNS is in the clear for the
IP address, then encrypting SNI is often (absent TOR and the like)
pointless, if DNS is protected then the key lookup is also protected.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
