Hi Christian, Thanks for including text on the known uses of SNI. Hopefully if there are other known uses, they will be contributed for evaluation of this problem space.
In section 2.2, enterprises can still use proxy based or active interception solutions to enable inspection of traffic on their network. I suspect that will be the method of choice over the endpoint for some time to come. I also don't think it would be universally accepted that enterprise interception, where they have agreements from users to monitor (employment agreements - common in US and EU, with Germany being an exception here as apparently they have a law for users to have an expectation of privacy when doing personal business from the work place), should be classified as an 'attack'. I think rephrasing for that use case would be helpful for the neutrality of the document. Section 3.8.1 - TLSv1.3 already encrypts the ALPN response via EncryptedExtensions. Is this argument for TLSv1.2? The response is where the answer on the negotiated protocol is provided and it's already hidden, so I'm not clear on why this is here except if it is for earlier versions. This draft just says hide the ALPN, are you concerned about the request too with the list of possible protocols? Thanks, Kathleen On Wed, May 23, 2018 at 10:49 AM, Sean Turner <s...@sn3rd.com> wrote: > > >> On May 23, 2018, at 10:38, Ben Schwartz <bemasc=40google....@dmarc.ietf.org> >> wrote: >> >> Thanks for this document, Christian. > > +1 for keeping this going. > > spt > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- Best regards, Kathleen _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
