[cesarb]

Wouldn't that be a bit of a privacy leak? If 0rrt works, it was a request for a static asset.

Of course, TLS is not only for privacy reasons, but also for integrity reasons (preventing injection of malicious Javascript and similar attacks). For that purpose, 0rtt for static assets works fine.

[minitech]

> Wouldn't that be a bit of a privacy leak? If 0rrt works, it was a request for a static asset.

Response size and timing probably already leak this.

[nfoz]

This honestly really bothers me.

We're encrypting everything, we have "Let's Encrypt", we have browsers telling users that their connections are "secure".

Meanwhile your DNS lookups are public (which leaks what site you're accessing) and size+timing analysis leaks which static assets you've retrieved. Which gives away for example what article you're reading on what news site. Which the site itself is telling google, facebook and other malicious third-parties anyway...

How is anyone supposed to understand digital privacy? Everything sucks, and I'm not even sure what could be done to make it suck less.

[adrianN]

I think for the average user, the authentication part is a lot more important than the encryption part unless they're entering passwords. I want to be relatively sure that the site I'm visiting hasn't been replaced by something serving malware. I don't care as much about people knowing which articles I read.

[zaarn]

For DNS lookups we're having people testing out DNS-over-HTTPS which would solve this entirely, lookups would be opaque to anyone but the DNS server involved.

For timing and size you can usually do something about it as a site owner (HTTP/2 for example will multiplex connections so it makes timing and size comparisons much harder)

[thisacctforreal]

Even without encrypted DNS lookups, HTTPS leaks the FQDN (i.e. exact subdomain) of what you are connecting to through Server Name Indication.

SNI was added to allow servers to know which SSL certificate to send to the browser, previously you would need to have one IP address per SSL certificate.