Your method wouldn't work too well as multiple websites will be multiplexed behi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

GhettoMaestro on Oct 23, 2019 | parent | context | favorite | on: Comcast Is Lobbying Against DNS Encryption

Your method wouldn't work too well as multiple websites will be multiplexed behind a single IP address via a method known as "named-based virtual hosting". It exists even with TLS, as SNI (Server Name Indication) was added to serve this purpose. However, in the future, TLS will most likely mandate that SNI be encrypted and not visible to a passive attacker (it is currently in IETF draft status, as someone pointed out below).

anfilt on Oct 23, 2019 [–]

Its still just a draft last I checked. https://tools.ietf.org/html/draft-ietf-tls-esni-04

Where as tls 1.3 is a RFC. https://tools.ietf.org/html/rfc8446

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact