On Thu, Oct 10, 2019 at 1:52 PM Christian Huitema <[email protected]> wrote:
> If the Origin is identified by IP address, an observer on path between CDN > and Origin just has to look at the IP address to find out whatever > information was in the SNI. > I don't think that is true for subdomains, and I also don't think it is true if a client certificate is required (that would need to be checked before routing traffic to an application). Is there a sensible argument for leaving this traffic in the clear? thanks, Rob
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
