641
submitted 2 years ago by buh@lemmy.world to c/firefox@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] pazukaza@lemmy.ml 1 points 2 years ago

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[-] p1mrx@sh.itjust.works 1 points 2 years ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.

this post was submitted on 03 Oct 2023
641 points (98.9% liked)

Firefox

20449 readers
26 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.


Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner


Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.


founded 5 years ago
MODERATORS