Hey Ted, On 11/13/2013 02:48 AM, Ted Lemon wrote: > On Nov 12, 2013, at 8:32 PM, Stephen Farrell > <[email protected]> wrote: >> The converse argument was just made on the TLS list yesterday to >> the effect that there's no point in TLS 1.3 (or a TLS 1.2 >> extension) encrypting SNI because its the same as the obviously >> cleartext DNS query in many cases. > > That's a terrible argument. Then every eavesdropping issue becomes > a chicken-and-egg problem, because nobody is willing to go first.
Well, I wouldn't say terrible, but it is unfortunate, yes. In this case, there's a (presumed but realistic) tension between the relative timing of DNS and TLS updates, the absence of each of which makes the occurrence of the other less likely. And that combination makes it less likely that we (the IETF) are motivated to try "fix" either. And all that is replicated up and down the stack - "why should I make application layer privacy better when its so bad at the RF layer with fingerprinting" is an argument that I have seen made in IETF discussion. But again, I'm for trying to do it all better, to the extent we can and I'm not for giving up. S. > > > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
