What I think I am more worried about right now is jumping in to designing a technological solution before we know and understand what is going to break and is a solution going to actually solve the perceived problem(s) or make them worse. Technological changes do not always make things better.
Open Questions: 1) Is encrypted SNI the best solution to address the perceived problem(s)? 2) Do we fully understand the problems we are trying to solve and understand the best way of solving them? 3) Will this make things better or worse for the majority of use-cases? 4) Does it incur so much collateral damage that it hurts the average user? 5) If we make it client opt-in (which seems like a fundamental requirement), does this single out the client for extra scrutiny by a well funded threat actor or nation state? Just some food for thought Bret Sent from my TI-99/4A PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
