home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.misc      General topics about computers not cover      21,759 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 20,360 of 21,759   
   Lawrence D'Oliveiro to Richard Kettlewell   
   Re: [LINK] Calling time on DNSSEC?   
   03 Dec 24 06:14:06   
   
   From: ldo@nz.invalid   
      
   On Thu, 28 Nov 2024 08:52:31 +0000, Richard Kettlewell wrote:   
      
   > DNS + TLS does solve it, sufficiently well. (Using TLS to include   
   > Internet PKI.)   
      
   Nobody uses PKI. TLS has a hole in it, in that the SNI, “Server Name   
   Indication” (the “Host:” line in the HTTP request header) has to be sent   
   unencrypted. This allows eavesdroppers, like authoritarian Government   
   regimes, to determine when you are trying to access a prohibited service,   
   and block it before the encrypted connection can be set up.   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca