Search squid archive

Re: Is this the next step of SSL encryption? Fwd: Encrypted SNI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



... until the browser starts using DNS over HTTPS (with a pinned
certificate of the "resolving" HTTPS server)?
  Alex.
It is relatively easy to block DNS over HTTPS and I think there will be demand for that. And I predict that Squid will have a feature to selectively block connections with ESNI to force clients to use the plain text SNI. 

Marcus
I can still see the endpoint security companies will be raking it in. Any of those fallbacks could be disabled by the browsers.
We're going to have to make sure that the endpoint solution is able to see all content before it is rendered or interpreted in the browser too.
The problem is that the whole SSL/TLS trust management system is fundamentally broken and I can't see that changing soon. PGP's model was great in theory (web of trust) but most people simply don't care who sends them what and can't be bothered to complicate their lives any more. And why should they? If their bank site works, Farcebook works and Hotmail works, why worry? We've built an entire social structure on two basic principles - "if I've done nothing wrong..." and "who'd be interested in my data?". 



--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux