​Dmitry Belyavsky <[email protected]> writes: >Fake SNI is delivered out-of-band for the handshake
But then won't the DPI check the out-of-band source as well? If you've got a MITM sitting there then they can do the same lookups and whatnot that the client does, unless you're relying on the client being off-path, which seems a bit of a leap. You'd need to implement it via some sort of subliminal signalling mechanism that the DPI can't detect. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
