John R Levine wrote: > > http://www.bieberfever.com/ ("The Official Juston Bieber Fan Club") is > > hosted by Akamai on 23.38.103.18. > > According to DNSDB (IMO the best passive DNS service), there are 605 > > other sites *also* hosted on 23.38.103.18. > > > No doubt pervasive monitors (and others) will use passive DNS systems > > to build a map of SNI DNS RRs, but I'd much much rather have the men > > in black thinking that I'm visiting www.precisiondoor.net, > > www.theman.in, or www.worldsleadingcruiselines.com than knowing my > > dirty little secret love of the Bieb... > > I really don't get this. The bad guys we're worried about have to be > sophisticated enough to do a packet capture and pick the SNI bits out of TLS > handshakes. How plausible is it that those bad guys would say, oh, using a > script to find the cert hashes that will reveal the specific site is too > hard so never mind?
Isn't the server's certificate encrypted in TLS 1.3? And even in previous versions of TLS, at least in the CDN world it's somewhat common to put unrelated domains on the same SAN certificate. -- Robert Edmonds _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
