On 12 November 2013 08:12, Ted Hardie <[email protected]> wrote: > The DNS query tells you which resource was the target even if the HTTP flow > was protected by TLS.
In practice, since server name indication is sent in the clear, even this doesn't help. Unless you are running a browser from 2001, you are sending SNI. That said, SNI may be pushed into an encrypted payload in TLS 1.3. The challenge there is that servers often use SNI to select what credentials to offer. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
