On Tue, Jul 3, 2018 at 11:20 AM, Ben Schwartz < bemasc=40google....@dmarc.ietf.org> wrote:
> > One concern I've heard many times is that we can't add non-A/AAAA queries > to a browser's critical path because there are middleboxes and buggy > recursives that will just drop them, leading to a DNS timeout delay on > every new socket. However, for encrypted SNI I think we can ignore this by > focusing on clients with DPRIVE or DOH enabled, which should avoid these > kinds of problems. > > yes, and of course encrypting sni is a lot more valuable when the dns query is also encrypted.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
