Hacker News new | ask | show | jobs
by TurningCanadian 1277 days ago
There's still TLS Server Name Indication leaking the hostname.
1 comments
manigandham 1277 days ago
SNI can be encrypted in an extension of TLS 1.3 called ESNI (encrypted server name indication). With both EDNS and ESNI, there's sufficient privacy coverage.

The next standard is ECH (encrypted client-hello) which secures the entire handshake: https://blog.cloudflare.com/encrypted-client-hello/

link
gsich 1277 days ago
Is it still in draft state?
link
manigandham 1277 days ago
Yes: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-15
link