๐พ Archived View for gem.benscraft.info โบ mailing-list โบ messages โบ 238 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
โฌ ๏ธ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- Alex // nytpu <alex at nytpu.com>
@ Thu, 15 Apr 2021 12:38 -0600
Reply to almaember <almaember at disroot.org>
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
On 2021-04-15 08:07PM, almaember wrote:
Please excuse my lack of knowledge about SNI, but can't clients send
the IP address as a host too?
RFC-6066 mandates the use of fully qualified domain names, but says:
...Currently, the only server names supported are DNS hostnames;
however, this does not imply any dependency of TLS on DNS, and other
name types may be added in the future...
It also says:
Literal IPv4 and IPv6 addresses are not permitted in "HostName".
https://tools.ietf.org/html/rfc6066#section-3
TLS 1.3 simply says that it's mandatory to implement SNI as specified in
RFC6066 ยง3, so unfortunately no updates there
https://tools.ietf.org/html/rfc8446#section-9.2
However, right before sending this, I realized that there's a key point that I
didn't realize until reading the spec just now: the HostName field can be 0
characters. TLS 1.3 (and Gemini over TLS 1.2) mandates that the SNI extension
/exists/ in the ClientHello, but the hostname field itself can be empty,
indicating to use some "default" at the operators discresion. If anyone has a
gitlab account, this might be a good thing to open an issue to clarify.
~nytpu
--
Alex // nytpu
alex@nytpu.com
GPG Key: https://www.nytpu.com/files/pubkey.asc
Key fingerprint: 43A5 890C EE85 EA1F 8C88 9492 ECCD C07B 337B 8F5B
https://useplaintext.email/
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ