On Wednesday, 10 May 2017 21:28:48 CEST Ilari Liusvaara wrote: > On Wed, May 10, 2017 at 07:28:51PM +0200, Hubert Kario wrote: > > Yes, encrypted SNI was discussed and ultimately rejected. > > > > But do we really have to send the literal value? Don't we need to just > > make > > sure that the client and server agree on the host that the client wants to > > connect? > > > > Couldn't we "encrypt" the SNI by hashing the host name with a salt, > > sending > > the salt and the resulting hash, making the server calculate the same hash > > with each of the virtual host names it supports and comparing with the > > client provided value? > > What makes encrypting SNI nasty is replay attacks.
What if we specify that the salt is the client key share? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
