Ericsson's very good bad quarter, Mozilla encrypts SNI, new TIP projects, and more

The public key (frequently rotated) which is used to encrypt the ESNI message in the TLS ClientHello is published in a DNS TXT record. More info in the RFC draft https://tools.ietf.org/html/draft-rescorla-tls-esni-00

It almost doesn't matter, because it seems to need DNS over HTTPS, the standard way for that will be to host it from the same server that already serves your HTTP traffic anyway (I swear there was an httpd module that already served DNS because it knew the configured IPs and VHost names), and the certificate for that will be secured by :shuffles paper: look, a three-headed monkey!

Seriously, I don't think this will fly. Short-lived keys don't work well with caching. Rotating and publishing keys automatically is surprisingly hard (Thunderbird update servers failed their Let'sEncrypt two or three times in a row, they only noticed after the in-production cert expired; dnssec-tools.org ran with expired certs for months). Standards like HPKP died (removed in Chrome) before born (adopted in Edge) because deploying them safely requires a bit of thinking.

There is a current trend to shift everything to DNS records because people believe it's miraculously safe there. However, this is probably only true because it serves a fairly narrow purpose. Once every net service you offer needs access to an automated interface to set DNS records, these servers will be just as vulnerable, if not more so, as web servers.

Interesting reading: https://blog.powerdns.com/2018/03/22/the-dns-camel-or-the-rise-in-dns-complexit/

They could just establish an authoritative DoH server and slurp all the traffic they want.

"Best way is to ban secure protocols"

Then do what the Chinese do: ban and gum up any unsanctioned encryption (read: anything they can't already decode).