On Sat, 21 Jul 2018, 00:01 Peter Todd, pete@petertodd.org wrote:
So to be clear, with encrypted SNI you could get the same benefits of domain fronting by simply renting hosting where one IP is used for multiple different services, in exactly the same way that domain fronting is done today?
Yes. You could hide amongst the herd with zero magical bullshit being required, on the proviso that ESNI becomes approximately normal, first.
Hence the importance of getting behind it and pushing it as a standard part of eventual TLS1.3 migrations, rather than have it arrive AFTER the initial major 1.3 migrations and thereby requiring further effort to make it normal.
Otherwise it's like someone bringing out the ketchup after you have already finished eating your hot dog.
-a