> On May 10, 2017, at 1:28 PM, Hubert Kario <hka...@redhat.com> wrote:
>
> Couldn't we "encrypt" the SNI by hashing the host name with a salt, sending
> the salt and the resulting hash, making the server calculate the same hash
> with each of the virtual host names it supports and comparing with the client
> provided value?
>
> (apologies if that was already proposed and rejected)
There in many cases way too many virtual host names for the server to test.
On the other hand, the attacker with fast hashing silicon can perform the
same computation very quickly. The virtual hosts supported by the remote
server are likely not much a secret in most cases.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
