Sujet : Re: [LINK] Calling time on DNSSEC?
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.miscDate : 03. Dec 2024, 07:14:06
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vim7jd$3t1l3$1@dont-email.me>
References : 1 2 3 4 5
User-Agent : Pan/0.161 (Chasiv Yar; )
On Thu, 28 Nov 2024 08:52:31 +0000, Richard Kettlewell wrote:
DNS + TLS does solve it, sufficiently well. (Using TLS to include
Internet PKI.)
Nobody uses PKI. TLS has a hole in it, in that the SNI, “Server Name
Indication” (the “Host:” line in the HTTP request header) has to be sent
unencrypted. This allows eavesdroppers, like authoritarian Government
regimes, to determine when you are trying to access a prohibited service,
and block it before the encrypted connection can be set up.
[LINK] Calling time on DNSSEC?
Re: [LINK] Calling time on DNSSEC?