On Fri, 28 Aug 2020, Petite Abeille wrote: > Perhaps of interest, courtesy of Mark Nottingham: > > The Internet is for End Users > https://www.mnot.net/blog/2020/08/28/for_the_users > https://tools.ietf.org/html/rfc8890 Thank you for this link. I note that the blog posts references an "encrypted client hello proposal", at https://tools.ietf.org/html/draft-ietf-tls-esni-07 I thought I had posted to this list my long-standing opinion that TLS/SSL effectively forces a choice between confidentiality and anonymity: if you want encrypted communications you need to reveal to an eavesdropper the identity of any endpoint that wants to be authenticated to another endpoint. This has been part of an unease I've had with SSL since it was introduced 25 years ago, though until recently it was mainly that the overhead of PKI was too high for small-time servers. The overhead is
---
Previous in thread (1 of 3): 🗣️ Petite Abeille (petite.abeille (a) gmail.com)
Next in thread (3 of 3): 🗣️ mbays (a) sdf.org (mbays (a) sdf.org)