On 5 December 2015 at 12:32, Eric Rescorla <e...@rtfm.com> wrote: > Subject: SNI Encryption Part XLVIII
A small concern that probably is "No, that can't happen", but I would want to be sure that a normal (non-encrypted SNI) ClientHello would be unable to be wrapped in a new ClientHello to a gateway by a MITM (without being detected.) Also, I'm a little confused about what the client is supposed to put in the outer SNI (for the gateway). Is this blank? Some constant? Does this change at all in the simple deployment situation when there is no gateway involved, and everything sits on the same server? -tom _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
