On Tue, Nov 20, 2018 at 11:28 PM Paul Wouters <p...@nohats.ca> wrote:
> Although, if I am correct, the epectation is that all of this data > will be used without mandating DNSSEC validation, so all these > security parameters could be modified by any DNS party in transit > to try and break the protocol or privacy of the user. > Yes, because being able to modify the A/AAAA records is generally sufficient to determine the SNI. See: https://tools.ietf.org/html/draft-ietf-tls-esni-02#section-7.1 -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
