this post was submitted on 03 Oct 2023
612 points (98.9% liked)

Firefox

17599 readers
844 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
612
Say (an encrypted) hello to a more private internet. (blog.mozilla.org)
submitted 11 months ago by buh@lemmy.world to c/firefox@lemmy.ml
62 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] pazukaza@lemmy.ml 1 points 11 months ago (1 children)

Wouldn't it be better if reverse proxies simply had a "default key" meant to encrypt the SNI after an unencrypted "hello" is received?

Including DNS in this seems weird.

[โ€“] p1mrx@sh.itjust.works 1 points 11 months ago

What would stop a MITM attacker from replacing the key? The server can't sign the key if it doesn't know which domain the client is trusting.