As I expressed on a separate thread, I think tunneling TLS is a very interesting problem with many potential use cases, from SNI encryption to egress proxies to service discovery proxies (e.g. linkerd, Envoy).
SNI encryption is one of the use cases, but SNI encryption is pointless until we have encrypted DNS. That's not to say we shouldn't work on SNI encryption, but that SNI encryption isn't immediately valuable, whereas I think there are many other TLS tunneling use cases where the same proposed mechanism is immediately valuable as opposed to a future "when the DNS loophole is closed" scenario for SNI encryption. I am all for tunneling as a general WG item, but I think framing the discussion specifically in terms of SNI encryption is missing the forest for the trees. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls