No; the problem's at the DNS layer
-
-
-
how so?
- Show replies
New conversation -
-
-
you would still leak IP packet header anyway
-
that’s a good point. But still an improvement over domain name, given multiple hosts per IP
- Show replies
New conversation -
-
-
don't think so, TLS happens too late in the game.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
There's possibly a way to amend DNS so it uses TLS... https://developers.google.com/speed/public-dns/docs/dns-over-https …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
IETF were looking at encrypting the SNI in TLS 1.3 Not sure what happened to that
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, absolutely. The trade-off is negotiation time. The choice in TLS 1.3 was to continue with unencrypted SNI, favouring speed.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You can use Onion routing to mitigate that (exit node doing the DNS request for you)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Don't think there's any way around SNI. I think TLS 1.3 had some way to prevent leaking the certs themselves but not so sure /cc
@igrigorikThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.