Identify use cases that previously relied on seeing SNI

echdeploy / draft-ech-deployment-considerations

IETF draft describing TLS ECH deployment considerations

Other

4 stars 1 forks source link

Identify use cases that previously relied on seeing SNI #33

Open taddhar opened 1 year ago

taddhar commented 1 year ago

Identify use cases that previously relied on seeing SNI, being clear what you can’t do any more (with SNI) and finding new ways to do them (if they should continue)

taddhar commented 1 year ago

I think we are already identifying use cases that previously relied on seeing SNI What the question is geared to is interesting but it leads us to find solutions which is not where this document should go. Need help to find a compromise here.

taddhar commented 1 year ago

IETF 115 side meeting:

"Questions raised regarding the reliability of SNI data anyway – does malware presents false information anyway, especially when an endpoint has been compromised. Why not rely on DNS instead? Discussion about BYOD, not having access to devices to get better data than SNI etc."

taddhar commented 1 year ago

"Identify use cases that previously relied on seeing SNI, being clear what you can’t do any more (with SNI) and finding new ways to do them (if they should continue)"

taddhar commented 1 year ago

This one relates to the SNI unreliability