On Wednesday, 10 May 2017 21:04:53 CEST Viktor Dukhovni wrote: > > On May 10, 2017, at 2:47 PM, Hubert Kario <hka...@redhat.com> wrote: > > > > But in general, I wonder if we didn't approach the SNI from the wrong side > > - as I said, we may not need to encrypt it, we just make sure that client > > and server agree on the virtual host the connection is going to. > > They can do that with a name in the clear. If the name is to be hidden > from passive observers, then you do need encryption so that only the > client and server, and not the passive observers, can recover the name.
You are going in the exact direction I'm saying we should not go, for the same reason you said: > I do believe this was discussed at some length previously. There are multiple schemes that allow the peers to make sure that both of them mean X without outright saying "X". Salting and hashing is one, including it in key exchange, (SRP style) is another. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
