On Thu, Oct 10, 2019 at 1:52 PM Christian Huitema <huit...@huitema.net> wrote:
> If the Origin is identified by IP address, an observer on path between CDN > and Origin just has to look at the IP address to find out whatever > information was in the SNI. > I don't think that is true for subdomains, and I also don't think it is true if a client certificate is required (that would need to be checked before routing traffic to an application). Is there a sensible argument for leaving this traffic in the clear? thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
