640
submitted 1 year ago by buh@lemmy.world to c/firefox@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] pazukaza@lemmy.ml 1 points 1 year ago

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[-] p1mrx@sh.itjust.works 1 points 1 year ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.

this post was submitted on 03 Oct 2023
640 points (100.0% liked)

Firefox

17937 readers
39 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS