You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To prevent cut-and-paste attacks, you need to bind ESNI to the CH. That means we’d need 1.2 clients to send a key share in the CH to use when deriving encryption keying material, and that’s not currently done.
Indeed. I guess someone could argue about wildcard certificates or when multiple names are present but the names are usually related so I agree there’s no significant benefit from encrypting the SNI.
ESNI seems to rely on TLS 1.3 KeyShareEntry which makes it incompatible with TLS 1.2.
That's unfortunate with that "The protocol designed in this document is quite straightforward."
The gist of ESNI comes down to "encrypted_server_name extension, which contains the true extension encrypted under the provider’s public key."
That seems pretty generic and backwards compatible.
The text was updated successfully, but these errors were encountered: