On 12/2/15, Salz, Rich <rs...@akamai.com> wrote: >> it seems blindingly obvious to me that we want it > > Few things, particularly in the security arena, are blindingly obvious. If > it actually provides no true protection, then it's just as bad as the > security theater in US airports.
It provides protection. Specifically it provides confidentially. It doesn't solve the fact that the DNS is a privacy violating nightmare. It doesn't change the fact that the NSA breaks the rules. > >> If we can avoid adding them in TLS > > We're not adding anything as SNI is already in plaintext. (Precision > counts:). And we have already added numerous important privacy protections > to TLS 1.3. Leaving SNI in the clear ensures that attackers will be able to selectively block access by name with ngrep and some basic TCP RST injection. No cryptographic attacks are required and it will be done by simply looking for an objectionable string. The economics of that attack are very low. Forcing an attacker to become a global active or passive adversary and to perform competent traffic analysis is a much higher economic cost. All the best, Jacob _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls