Hacker News new | ask | show | jobs
by ajnin 780 days ago
I don't see why you're opposing HTTPS everywhere and SNI, HTTP already had the Host header so it is not a new information leak.

It's pretty much mandatory if you intend to serve multiple domains with different certificates from the same host/proxy, which seems like a very very common use case, and there is no alternative to this right now.
1 comments
1oooqooq 779 days ago
I don't see how you think NSI doesn't nullify https everywhere.

"we need MitM for performance". listen to yourself. if some optimization breaks security, you do not optimize.

link
d-z-m 774 days ago
> I don't see how you think NSI doesn't nullify https everywhere.

It doesn't. SNI doesn't leak the URL being accessed, or anything that isn't encoded in the hostame.

link