641
Say (an encrypted) hello to a more private internet. (blog.mozilla.org)
submitted 2 years ago by buh@lemmy.world to c/firefox@lemmy.ml
64 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] pazukaza@lemmy.ml 1 points 2 years ago

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[-] p1mrx@sh.itjust.works 1 points 2 years ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.

this post was submitted on 03 Oct 2023
641 points (98.9% liked)

Firefox

20202 readers
233 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml