[squid-users] Mozilla Devise Solution To Encrypting SNI

Eliezer Croitoru eliezer at ngtech.co.il
Wed Jul 18 16:30:25 UTC 2018


Hey Joseph,

It's nice to want security and I do think that security is important.
However there are other sides to security as well.
The standard user doesn't know what he can consider secure or not.
Some users think that if there is HTTPS(Let's encrypt) in the url it makes the connection secure and safe.
The reality is that HTTPS and TLS doesn't make the web more secure and SNI is not to blame.
In organizations which are required to inspect traffic, SNI encryption would be nice for some END to END security but..
It might leave the global security level of the organization in a very weird situation.
So even if specific companies will drive some level of "eSNI" for the "END USER" safety they are doing two things and maybe more:
- leaving the client vulnerable to their security level
- leaving many important organizations without any way of securing their data
...

Due to all the above I believe that any work on eSNI will require the developers to take into account specific organization's needs.
If banks will be required to develop their own browser or security stack due to the world being afraid, panic, tight and "secure" it's possible
that you I and many others will be required to pay for it from our pocket.

For example cloudflare and the others that are mentioned as a side note to the this article have interest to "secure" their clients...
Other companies around the globe do not share the same interests and their definition of securing their clients.

I think that China takes security in a specific level and they have enough CPU, RAM, Power and other resources which allows them
to ignore apple or cloudflare or any other company that wants to "secure everybody on the planet".

If you believe Google systems are safe and un-breakable then I would just say that they do enough phishing that many 
Chinese security experts know about and due to this decided to block them.
Is it good? You can decide who you can trust or not...

All The Bests,
Eliezer

* This email is sort of my personal opinion but I know that couple security experts share this or similar stand about this subject.

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of joseph
Sent: Wednesday, July 18, 2018 6:13 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Mozilla Devise Solution To Encrypting SNI

Encrypted SNI completely kills SSL Bump and all will follow that new SNI Encryption is there a hoop that start reworking adding this option to squid

https://appuals.com/apple-cloudflare-fastly-and-mozilla-devise-solution-to-encrypting-sni/




-----
**************************
***** Crash to the future  ****
**************************
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list