My thought is that with SNI (Server Name Identification), the domain is transmit... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jcampbell1 on Oct 23, 2019 | parent | context | favorite | on: Comcast Is Lobbying Against DNS Encryption

My thought is that with SNI (Server Name Identification), the domain is transmitted in plaintext as is. Encrypted SNI is a long way off unless everyone starts letting a 3rd party like Cloudflare manage everything.

To cut Comcast out of the loop requires the OS/Browsers to switch away from Comcast's DNS, and a huge amount of the web terminating at generic Cloudflare IPs with Encrypted SNI.

nullc on Oct 24, 2019 [–]

Even with esni the payload size is clear, so it isn't too difficult to identify the site being accessed from a small list.

And ESNI's limited privacy depends on people centeralizing their services on a small number of cloud providers that get to see everything.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact