Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://flyovercountry.social/users/encthenet/statuses/113344299153632857">John-Mark Gurney (encthenet@flyovercountry.social)'s status on Monday, 21-Oct-2024 16:52:15 JST</a><a href="https://flyovercountry.social/@encthenet" title="encthenet@flyovercountry.social"><img src="https://gnusocial.jp/avatar/74726-48-20221216183404.webp" width="48" height="48" alt="John-Mark Gurney" style="position: absolute; left: 0; top: 0;">John-Mark Gurney</a></section><article><p>Just a reminder, the IETF still has not figured out (published an RFC) on how to keep the servers that people visit private from their VPN or ISP provider.  ESNI was scrapped in favor of ECH, but ECH is still in draft: <a href="https://datatracker.ietf.org/doc/draft-ietf-tls-esni/22/" rel="nofollow noreferrer">https://datatracker.ietf.org/doc/draft-ietf-tls-esni/22/</a> .</p><p>This has been a known issue for decades, and even after the IETF pledged to take privacy and security seriously over a decade ago, this seriously privacy hole is still wide open.</p><p>(I hope ECH is beeter than ESNI in protecting privacy, will look.)</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3858054#notice-7543893">In conversation</a><time datetime="2024-10-21T16:52:15+09:00" title="Monday, 21-Oct-2024 16:52:15 JST">about a month ago</time> <span>from <span><a href="https://flyovercountry.social/@encthenet/113344299153632857" rel="external" title="Sent from flyovercountry.social via ActivityPub">flyovercountry.social</a></span></span><a href="https://flyovercountry.social/@encthenet/113344299153632857">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: static.ietf.org</div><h5><a href="https://datatracker.ietf.org/doc/draft-ietf-tls-esni/22/">TLS Encrypted Client Hello</a></h5><div> from <span>Christopher A. Wood</span></div></header><div>This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni).</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
John-Mark Gurney (encthenet@flyovercountry.social)'s status on Monday, 21-Oct-2024 16:52:15 JST John-Mark Gurney
Just a reminder, the IETF still has not figured out (published an RFC) on how to keep the servers that people visit private from their VPN or ISP provider. ESNI was scrapped in favor of ECH, but ECH is still in draft: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/22/ .
This has been a known issue for decades, and even after the IETF pledged to take privacy and security seriously over a decade ago, this seriously privacy hole is still wide open.
(I hope ECH is beeter than ESNI in protecting privacy, will look.)
In conversationabout a month ago from flyovercountry.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: static.ietf.org
  TLS Encrypted Client Hello
  from Christopher A. Wood
  This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni).

Public

Embed Notice

HTML Code

Corresponding Notice