> On May 10, 2017, at 2:47 PM, Hubert Kario <hka...@redhat.com> wrote:
>
> But in general, I wonder if we didn't approach the SNI from the wrong side -
> as I said, we may not need to encrypt it, we just make sure that client and
> server agree on the virtual host the connection is going to.
They can do that with a name in the clear. If the name is to be hidden
from passive observers, then you do need encryption so that only the
client and server, and not the passive observers, can recover the name.
Encryption means key agreement, and requires delaying SNI by a round-trip,
or having published DH shares in DNS, which of course also needs privacy
protection for SNI encryption to matter.
I do believe this was discussed at some length previously.
--
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
