Deutsch   English   Français   Italiano  
<viobpa$s79$2@tncsrv09.home.tnetconsulting.net>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.198.18.1.11!not-for-mail
From: Grant Taylor <gtaylor@tnetconsulting.net>
Newsgroups: comp.misc
Subject: Re: [LINK] Calling time on DNSSEC?
Date: Tue, 3 Dec 2024 19:37:46 -0600
Organization: TNet Consulting
Message-ID: <viobpa$s79$2@tncsrv09.home.tnetconsulting.net>
References: <67464f37@news.ausics.net>
 <vi68n4$k3r$1@tncsrv09.home.tnetconsulting.net>
 <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk>
 <vi8tkg$8ha$1@tncsrv09.home.tnetconsulting.net>
 <wwva5dj91v4.fsf@LkoBDZeT.terraraq.uk> <vim7jd$3t1l3$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 4 Dec 2024 01:37:46 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="198.18.1.11";
	logging-data="28905"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
Content-Language: en-US
In-Reply-To: <vim7jd$3t1l3$1@dont-email.me>
Bytes: 2253
Lines: 36

On 12/3/24 00:14, Lawrence D'Oliveiro wrote:
> Nobody uses PKI.

Um....  I think I'm one of many, Many, MANY people that will have to 
disagree with you on hat one.

> TLS has a hole in it, in that the SNI, “Server Name Indication” 
> (the “Host:” line in the HTTP request header) has to be sent 
> unencrypted.

Two flags on the play:

1)  Encrypted SNI is a thing.

2)  "the "Host:" line in the HTTP request header" is *NOT* the SNI.  The 
Host: header is part of the HTTP request that's inside of the TLS 
connection.

The SNI hello message does include something similar, but it's not the 
Host: header.  And there's also ESNI to protect it.

> This allows eavesdroppers, like authoritarian Government regimes, 
> to determine when you are trying to access a prohibited service, 
> and block it before the encrypted connection can be set up.

Those are examples of the very things that ESNI is designed to defend 
against.

Link - What is encrypted SNI? | How ESNI works | Cloudflare
  - https://www.cloudflare.com/learning/ssl/what-is-encrypted-sni/

ECH also looks promising.



-- 
Grant. . . .