On 10/23/2017 10:21 AM, Viktor Dukhovni wrote: >> On Oct 23, 2017, at 1:00 PM, Christian Huitema <[email protected]> wrote: >> >> As Viktor says, the easy way for STS is to avoid the "multiplexed >> server" scenario. In fact, that's a pretty natural use of MX records. >> The MX record for "some-personal-server.com" would point to >> "mta.example.net", the SNI would be "mta.example.net", and the IP >> address in the IP header would be that of "mta.example.net". The SNI >> does not introduce a privacy leak in that scenario. > In practice it would add a leak, because, for example, Microsoft has > a wildcard cert for *.mail.protection.outlook.com, and each hosted > domain has: > > example.com. IN MX 0 example-com.mail.protection.outlook.com > > So while there is just one default certificate serving each of the > millions of hosted domains, the SNI would leak the exact name of > each domain.
Maybe add a discussion of this specific privacy issue in the draft? It looks like the leak could be avoided by writing the records differently. Do we understand why Microsoft and maybe others do that? Is there some kind of tension between management and privacy? -- Christian Huitema _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
