642

Say (an encrypted) hello to a more private internet.(blog.mozilla.org)

posted
by
Avatar
buh@lemmy.world
in
Avatar
firefox@lemmy.ml
64 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
pazukaza@lemmy.ml
1 point

Wouldn’t it be better if reverse proxies simply had a “default key” meant to encrypt the SNI after an unencrypted “hello” is received?

Including DNS in this seems weird.

permalink
report
parent
reply
Avatar
p1mrx@sh.itjust.works
1 point

What would stop a MITM attacker from replacing the key? The server can’t sign the key if it doesn’t know which domain the client is trusting.

permalink
report
parent
reply

Firefox

!firefox@lemmy.ml

Create post

A place to discuss the news and latest developments on the open-source browser Firefox

Community stats

  • 1.4K

    Monthly active users

  • 928

    Posts

  • 17K

    Comments

Community moderators