On Sat, Dec 5, 2015 at 7:06 PM, Tom Ritter <t...@ritter.vg> wrote: > On 5 December 2015 at 12:32, Eric Rescorla <e...@rtfm.com> wrote: > > Subject: SNI Encryption Part XLVIII > > A small concern that probably is "No, that can't happen", but I would > want to be sure that a normal (non-encrypted SNI) ClientHello would be > unable to be wrapped in a new ClientHello to a gateway by a MITM > (without being detected.) >
That would certainly be consistent with the proposed design. Why is that bad? Also, I'm a little confused about what the client is supposed to put > in the outer SNI (for the gateway). Is this blank? Some constant? Whatever SNI you would use to talk to the gateway ordinarily. Otherwise you would have a distinguisher. > Does > this change at all in the simple deployment situation when there is no > gateway involved, and everything sits on the same server? > No. -Ekr > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
