[squid-users] Is this the next step of SSL encryption? Fwd: Encrypted SNI
Alex Crow
acrow at integrafin.co.uk
Fri Oct 19 19:28:46 UTC 2018
>> ... until the browser starts using DNS over HTTPS (with a pinned
>> certificate of the "resolving" HTTPS server)?
>> Alex.
>
> It is relatively easy to block DNS over HTTPS and I think there will
> be demand for that.
> And I predict that Squid will have a feature to selectively block
> connections with ESNI to force clients to use the plain text SNI.
>
> Marcus
>
I can still see the endpoint security companies will be raking it in.
Any of those fallbacks could be disabled by the browsers.
We're going to have to make sure that the endpoint solution is able to
see all content before it is rendered or interpreted in the browser too.
The problem is that the whole SSL/TLS trust management system is
fundamentally broken and I can't see that changing soon. PGP's model was
great in theory (web of trust) but most people simply don't care who
sends them what and can't be bothered to complicate their lives any
more. And why should they? If their bank site works, Farcebook works and
Hotmail works, why worry? We've built an entire social structure on two
basic principles - "if I've done nothing wrong..." and "who'd be
interested in my data?".
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.
"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
More information about the squid-users
mailing list