​Dmitry Belyavsky <beld...@gmail.com> writes: >Fake SNI is delivered out-of-band for the handshake
But then won't the DPI check the out-of-band source as well? If you've got a MITM sitting there then they can do the same lookups and whatnot that the client does, unless you're relying on the client being off-path, which seems a bit of a leap. You'd need to implement it via some sort of subliminal signalling mechanism that the DPI can't detect. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
