Deutsch English Français Italiano |
<viobpa$s79$2@tncsrv09.home.tnetconsulting.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.198.18.1.11!not-for-mail From: Grant Taylor <gtaylor@tnetconsulting.net> Newsgroups: comp.misc Subject: Re: [LINK] Calling time on DNSSEC? Date: Tue, 3 Dec 2024 19:37:46 -0600 Organization: TNet Consulting Message-ID: <viobpa$s79$2@tncsrv09.home.tnetconsulting.net> References: <67464f37@news.ausics.net> <vi68n4$k3r$1@tncsrv09.home.tnetconsulting.net> <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk> <vi8tkg$8ha$1@tncsrv09.home.tnetconsulting.net> <wwva5dj91v4.fsf@LkoBDZeT.terraraq.uk> <vim7jd$3t1l3$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Wed, 4 Dec 2024 01:37:46 -0000 (UTC) Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="198.18.1.11"; logging-data="28905"; mail-complaints-to="newsmaster@tnetconsulting.net" User-Agent: Mozilla Thunderbird Content-Language: en-US In-Reply-To: <vim7jd$3t1l3$1@dont-email.me> Bytes: 2253 Lines: 36 On 12/3/24 00:14, Lawrence D'Oliveiro wrote: > Nobody uses PKI. Um.... I think I'm one of many, Many, MANY people that will have to disagree with you on hat one. > TLS has a hole in it, in that the SNI, “Server Name Indication” > (the “Host:” line in the HTTP request header) has to be sent > unencrypted. Two flags on the play: 1) Encrypted SNI is a thing. 2) "the "Host:" line in the HTTP request header" is *NOT* the SNI. The Host: header is part of the HTTP request that's inside of the TLS connection. The SNI hello message does include something similar, but it's not the Host: header. And there's also ESNI to protect it. > This allows eavesdroppers, like authoritarian Government regimes, > to determine when you are trying to access a prohibited service, > and block it before the encrypted connection can be set up. Those are examples of the very things that ESNI is designed to defend against. Link - What is encrypted SNI? | How ESNI works | Cloudflare - https://www.cloudflare.com/learning/ssl/what-is-encrypted-sni/ ECH also looks promising. -- Grant. . . .