At 00:48 08/09/2018 Saturday, Erica Portnoy wrote:
>Hello all,
>
>Just read through the discussion, hope I've misunderstood something here! Here
>goes:
I think you must have
as all this discussion relates to traffic from acme-client to acme-server
thus both https
and obviously 1 known api/name
> I think you must have
> as all this discussion relates to traffic from acme-client to acme-server
> thus both https
> and obviously 1 known api/name
> > you seem to be discussing traffic to an acme-customer's webserver Yes, because the acme client and the client's web server are often the same
At 16:03 10/09/2018 Monday, Erica Portnoy wrote:
>> I think you must have
>> as all this discussion relates to traffic from acme-client to acme-server
>> thus both https
>> and obviously 1 known api/name
>>
>> you seem to be discussing traffic to an acme-customer's webserver
>
>Yes, because
[as an individual]
On 9/7/18 6:48 PM, Erica Portnoy wrote:
If someone's in a position to watch traffic going *from* a server
trying to authenticate, they can certainly watch traffic going *to*
that server, and note the various domain names being hosted on that
server (since no encrypted sni