641

Say (an encrypted) hello to a more private internet. (blog.mozilla.org)

submitted 2 years ago by buh@lemmy.world to c/firefox@lemmy.ml

64 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] pazukaza@lemmy.ml 1 points 2 years ago

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[-] p1mrx@sh.itjust.works 1 points 2 years ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.

this post was submitted on 03 Oct 2023

641 points (98.9% liked)

Firefox

20449 readers

26 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

golden_zealot@lemmy.ml