641
Say (an encrypted) hello to a more private internet.
(blog.mozilla.org)
A place to discuss the news and latest developments on the open-source browser Firefox.
1. Adhere to the instance rules
2. Be kind to one another
3. Communicate in a civil manner
If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.
Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?
Including DNS in this seems weird.
What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.