• pazukaza
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Wouldn’t it be better if reverse proxies simply had a “default key” meant to encrypt the SNI after an unencrypted “hello” is received?

    Including DNS in this seems weird.

    • p1mrx@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      What would stop a MITM attacker from replacing the key? The server can’t sign the key if it doesn’t know which domain the client is trusting.