On Thu, Jul 19, 2018 at 08:51:13AM +0100, Alec Muffett wrote:
Ergo: nowadays some clever people at Mozilla, Apple, Cloudflare, etc, have worked out a way that the envelopes still get addressed in cleartext (123 West Street, Boston) but the SNI (Alice.COM, Bob.ORG, PP.COM) is encrypted.
Encrypted SNI means that ISPs cannot editorialise traffic to PP.COM, that Alice no longer has to "front" for Bob and suffer both complexity and moral complicity, and that overall the messages which are passed back and forth to/from all of the above are a LOT less fingerprintable. You might say, "almost anonymous", and that "anonymity loves company". :-)
So to be clear, with encrypted SNI you could get the same benefits of domain fronting by simply renting hosting where one IP is used for multiple different services, in exactly the same way that domain fronting is done today?
Or am I missing something?