640
Say (an encrypted) hello to a more private internet.
(blog.mozilla.org)
A place to discuss the news and latest developments on the open-source browser Firefox
Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?
Including DNS in this seems weird.
What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.