On 3/8/2020 10:14 AM, Stephen Farrell wrote: > I'm questioning whether that's a good goal or not. In my > analysis of the various extensions, only SNI and ALPN seem > to offer immediate value.
Uh, No. First, we do have fingerprinting attacks that look at the pattern of extensions. If the extensions are encrypted in the ESNI, they cannot do that. And then, we have extensions that reveal a lot about the app, like for example the QUIC parameters extension. Those are just as sensitive as the ALPN. -- Christian Huitema
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
