💾 Archived View for rawtext.club › ~sloum › geminilist › 006368.gmi captured on 2023-11-14 at 09:25:38. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Alex // nytpu alex at nytpu.com
Thu Apr 15 19:38:43 BST 2021
- - - - - - - - - - - - - - - - - - -
On 2021-04-15 08:07PM, almaember wrote:
Please excuse my lack of knowledge about SNI, but can't clients send
the IP address as a host too?RFC-6066 mandates the use of fully qualified domain names, but says:
...Currently, the only server names supported are DNS hostnames;
however, this does not imply any dependency of TLS on DNS, and other
name types may be added in the future...
It also says:
Literal IPv4 and IPv6 addresses are not permitted in "HostName".https://tools.ietf.org/html/rfc6066#section-3
TLS 1.3 simply says that it's mandatory to implement SNI as specified inRFC6066 §3, so unfortunately no updates therehttps://tools.ietf.org/html/rfc8446#section-9.2
However, right before sending this, I realized that there's a key point that Ididn't realize until reading the spec just now: the HostName field can be 0characters. TLS 1.3 (and Gemini over TLS 1.2) mandates that the SNI extension/exists/ in the ClientHello, but the hostname field itself can be empty,indicating to use some "default" at the operators discresion. If anyone has agitlab account, this might be a good thing to open an issue to clarify.
~nytpu
-- Alex // nytpualex at nytpu.comGPG Key: https://www.nytpu.com/files/pubkey.ascKey fingerprint: 43A5 890C EE85 EA1F 8C88 9492 ECCD C07B 337B 8F5Bhttps://useplaintext.email/-------------- next part --------------A non-text attachment was scrubbed...Name: signature.ascType: application/pgp-signatureSize: 833 bytesDesc: not availableURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210415/64017df4/attachment-0001.sig>