On 05/11/2019 13:38, Tomasz Torcz wrote:
On Tue, Nov 05, 2019 at 02:09:31PM +0100, Marius Schwarz wrote:DoH is IMHO a waste of resources and as Browsers implement it, useless at best, but mostly a centralization of control of users under a false protection umbrella. Any modern Browser will do this sequence: User enters URL Browser checks for domainnames Browser sends DNS request ( over which path doesn't matter ) Opens connection to the target host If ( HTTPS ) { sends the domainname, he has found in the URL as SNI in plain! in his TLS requestThis is not true, SNI is encrypted: https://eff.org/pl/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
I don't think one CDN deploying a non-standard extension can reasonably be described as meaning that SNI is now encrypted. Yes it is encrypted if you're using a special test version of one specific browser and you access a site run by one of a handful of providers that support that on the server side. Tom -- Tom Hughes (tom@xxxxxxxxxx) http://compton.nu/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
