> Encryption means key agreement, and requires delaying SNI by a round-trip, > or having published DH shares in DNS, which of course also needs privacy > protection for SNI encryption to matter.
With TLS1.3 encryptedExtensions, secure "domain fronting" becomes possible. A am long overdue for a writeup on this. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
