| Deutsch English Français Italiano |
|
<vioqhn$mcr7$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lawrence D'Oliveiro <ldo@nz.invalid> Newsgroups: comp.misc Subject: Re: [LINK] Calling time on DNSSEC? Date: Wed, 4 Dec 2024 05:49:44 -0000 (UTC) Organization: A noiseless patient Spider Lines: 12 Message-ID: <vioqhn$mcr7$1@dont-email.me> References: <67464f37@news.ausics.net> <vi68n4$k3r$1@tncsrv09.home.tnetconsulting.net> <wwva5dlul1r.fsf@LkoBDZeT.terraraq.uk> <vi8tkg$8ha$1@tncsrv09.home.tnetconsulting.net> <wwva5dj91v4.fsf@LkoBDZeT.terraraq.uk> <vim7jd$3t1l3$1@dont-email.me> <viobpa$s79$2@tncsrv09.home.tnetconsulting.net> <viod8c$fp5p$1@dont-email.me> <vion3k$fau$1@tncsrv09.home.tnetconsulting.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Wed, 04 Dec 2024 06:49:44 +0100 (CET) Injection-Info: dont-email.me; posting-host="49d5f9553a2964b815f257dd85f9d35a"; logging-data="734055"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19w41UoMXX4MQNsDmKsbkS4" User-Agent: Pan/0.161 (Chasiv Yar; ) Cancel-Lock: sha1:PX72l8lTnbRW6J6tEXvzLu4sOeQ= Bytes: 1702 On Tue, 3 Dec 2024 22:51:00 -0600, Grant Taylor wrote: > On 12/3/24 20:02, Lawrence D'Oliveiro wrote: > >> That requires a separate protocol on top of TLS. > > My understanding is that ESNI is part of TLS. It can’t be. TLS cannot start encryption on HTTP until it gets a cert that identifies the server. That cert depends on the domain name. Which comes from the “Host:” header line from the client. Which is why that cannot be sent encrypted.