Reply to post: Re: I'm confused

IETF plants privacy test inside DNS

Warm Braw Silver badge

Re: I'm confused

If you are using HTTPS ... this doesn't need to reveal the name of the site you are visiting

Unless the host uses Server Name Indication, I gather. A blog site might well use a wildcard SSL certificate to cover its subdomains, multi-tenanted HTTPS is likely to use SNI with unrelated domain names.

As it's apparently sent in clear text at an early stage in the handshake, I suspect there may be a MITM attack that would cause the browser to emit an SNI even if one were not required by the server.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022