Sujet : Re: [LINK] Calling time on DNSSEC?
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.miscDate : 04. Dec 2024, 06:49:44
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vioqhn$mcr7$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9
User-Agent : Pan/0.161 (Chasiv Yar; )
On Tue, 3 Dec 2024 22:51:00 -0600, Grant Taylor wrote:
On 12/3/24 20:02, Lawrence D'Oliveiro wrote:
>
That requires a separate protocol on top of TLS.
My understanding is that ESNI is part of TLS.
It can’t be. TLS cannot start encryption on HTTP until it gets a cert that
identifies the server. That cert depends on the domain name. Which comes
from the “Host:” header line from the client. Which is why that cannot be
sent encrypted.
[LINK] Calling time on DNSSEC?
Re: [LINK] Calling time on DNSSEC?