|
|
|
|
|
|
by seccess
2800 days ago
|
|
|
Thanks for the links. Sounds like the main reason it hasn't been addressed is DNS, if the client is just going to make a DNS request before their TLS session, the host is effectively leaked anyway. Sadly DNSSEC wouldn't address this as it only provides integrity and not confidentiality. |
|
|
A Firefox Nightly can be configured to do D-PRIVE (specifically DNS-over-HTTPS to Cloudflare) and do eSNI, and thus connect to a default configured Cloudflare site without any indication to other parties about which one...
Some other cloud providers or CDNs have made interested noises, if those noises weren't just for the public record they might begin doing the exact same thing in short order, especially if the Firefox tests go well.