this post was submitted on 03 Oct 2023
657 points (99.0% liked)

Firefox

18050 readers
1305 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
[email protected]
657
Say (an encrypted) hello to a more private internet. (blog.mozilla.org)
submitted 1 year ago by buh to c/[email protected]
62 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 1 year ago (1 children)

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[โ€“] [email protected] 1 points 1 year ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.