Hey Joseph, It's nice to want security and I do think that security is important. However there are other sides to security as well. The standard user doesn't know what he can consider secure or not. Some users think that if there is HTTPS(Let's encrypt) in the url it makes the connection secure and safe. The reality is that HTTPS and TLS doesn't make the web more secure and SNI is not to blame. In organizations which are required to inspect traffic, SNI encryption would be nice for some END to END security but.. It might leave the global security level of the organization in a very weird situation. So even if specific companies will drive some level of "eSNI" for the "END USER" safety they are doing two things and maybe more: - leaving the client vulnerable to their security level - leaving many important organizations without any way of securing their data ... Due to all the above I believe that any work on eSNI will require the developers to take into account specific organization's needs. If banks will be required to develop their own browser or security stack due to the world being afraid, panic, tight and "secure" it's possible that you I and many others will be required to pay for it from our pocket. For example cloudflare and the others that are mentioned as a side note to the this article have interest to "secure" their clients... Other companies around the globe do not share the same interests and their definition of securing their clients. I think that China takes security in a specific level and they have enough CPU, RAM, Power and other resources which allows them to ignore apple or cloudflare or any other company that wants to "secure everybody on the planet". If you believe Google systems are safe and un-breakable then I would just say that they do enough phishing that many Chinese security experts know about and due to this decided to block them. Is it good? You can decide who you can trust or not... All The Bests, Eliezer * This email is sort of my personal opinion but I know that couple security experts share this or similar stand about this subject. ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of joseph Sent: Wednesday, July 18, 2018 6:13 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Mozilla Devise Solution To Encrypting SNI Encrypted SNI completely kills SSL Bump and all will follow that new SNI Encryption is there a hoop that start reworking adding this option to squid https://appuals.com/apple-cloudflare-fastly-and-mozilla-devise-solution-to-encrypting-sni/ ----- ************************** ***** Crash to the future **** ************************** -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
