Cool, thanks for clarifying, all. On Wed, Mar 25, 2015 at 5:25 PM, Salz, Rich <[email protected]> wrote: > >> This seems like a big deal, no? That is, since SNI is one of the few things >> not >> protected in the TLS handshake, it does seem spoofable. If there's not >> something I'm missing, it seems like the proposal should just drop DVSNI >> altogether. > > The SNI is protected (part of the message final MAC's) but it is not > encrypted. >
-- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
