💾 Archived View for bbs.geminispace.org › u › mike › 2575 captured on 2023-07-22 at 17:54:59. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "Has there ever been a discussion regarding use of DoH or..."
Yeah, I believe Mozilla (and maybe Cloudflare?) had made a push to encrypt the SNI field a few years ago and then it turned into ECH (Encrypted Client Hello). However, I just did a search on that it doesn't seem like there's been much progress in the last few years.
It does seem like a cool thing to integrate into Gemini servers and clients, but I doubt many of them are using their own implementation of the TLS handshake. As of yet there isn't even a standard to follow, though there is a draft:
— https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni
2023-06-29 · 3 weeks ago
Yeah, I was just reading about ECH. It seems to involve a separate, pre-TLS-handshake handshake using keys fetched from DNS records. The whole use-TLS-to-encrypt-HTTP-to-encrypt-DNS-to-encrypt-pre-TLS-to-encrypt-TLS thing is a little mind-melting to me 😅
It's definitely not simple :)
2023-06-30 · 3 weeks ago
Has there ever been a discussion regarding use of DoH or DoT for name resolution in Gemini clients? I was just thinking that the emphasis in Geminispace on single or few-tenant capsules partially neuters the confidentiality of TLS given plaintext DNS… but I guess even with encrypted DNS queries a similar issue crops up with IP addresses.