Ben Schwartz wrote: > > Like a lot of people here, I'm very interested in ways to reduce the > leakage of users' destinations in the ClientHello's cleartext SNI. It > seems like the past and current proposals to fix the leak are pretty > difficult, involving a lot of careful cryptography and changes to clients > and servers.
It is formally provable that there is no solution to the problem that you're describing. While you can come up with all kinds of fancy and complicated schemes that are sufficient to provide you the illusion that you're looking for, the best you can come up with, will *be* an illusion. But some of those illusions will cause lots of pain for implementors and make the whole thing fragile and cause interop problems. The situation is pretty similar for the hiding of the ContentType in TLSv1.3 records. It is formally provable that this can not provide value, but it make implementations harder and reliably break some existing stuff. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls