Hey Ed, On 11/16/24 1:08 AM, evasi...@yandex.ru wrote:
Actually, it is not a problem for them, not at all. As I stated in the message that you did not copy in the quote: they would filter out any Hello that has nested InnerHello. It is pretty automatic solution. As soon as implemented on DPI, this feature would not need any configuration or manual intervention. Only people that upgraded their browser would be punished (not the whole population) - they would have to look how to downgrade the browser or disable feature.
Well yes, any new TLS extension can be directly blocked by DPI if they want. I think practically the best way around such stuff would be to use existing TLS stuff which is too mainstream, e.g. an HTTPS proxy.
- Raghu
OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
