Hi Kathleen, On Wed, Jul 4, 2018 at 11:10 AM, Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote:
> I’m also fine with the work going forward, however it was only in March > that EKR assured people concerned that they don’t need to worry about SNI > being encrypted repeating similar statements previously made to the same > effect. Meantime, he was working on such a solution. This is not really correct. As of March, I had basically given up on how to do ESNI in TLS the near future and wasn't really working on it [0] and then in May, prompted by suggestions by Matthew Prince and Nick Sullivan, I realized that the proposal in this document could work. Moreover, I think I've been pretty clear that I wanted to do ESNI and it was just that we didn't know how. For instance, here's what I said in PATIENT: My evaluation of the current state of SNI encryption is that given the current technical state, it will not see particularly wide deployment, with the primary scenario being "at-risk" sites who are subject to censorship who either hide behind or co-tenant with sites which are not subject to censorship. That probably isn't going to be incredibly common right now. Of course, this is regrettable from the perspective of people designing these protocols, but I think that's the situation. As I said the other day, predictions are hard, especially about the future, and this turns out not to have been totally right (though I also don't think it's really accurate to characterize it as my saying that people don't need to worry). I'm sorry if people people are surprised now. That wasn't my intent, but as I said above, I was surprised too! -Ekr [0] Just to be completely clear, there was and is ongoing work on protecting SNI via HTTP connection coalescence (see Mike Bishop's presentation in London), but that's a different flavor of approach, and it's not like it's any secret it's happening. > Kathleen > > > > > Cheers, > > S. > > > > > >> > >> -Ekr > >> > >> > >> > >> _______________________________________________ > >> TLS mailing list > >> TLS@ietf.org > >> https://www.ietf.org/mailman/listinfo/tls > >> > > <0x5AB2FAF17B172BEA.asc> > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
