
Cloudflare, Mozilla, Fastly, and Apple Working on Encrypted SNI - prdonahue
https://twitter.com/grittygrease/status/1018566026320019457
======
mark212
Just in case you’re as confused as I was, the project is to encrypt the Server
Name Indication. Here’s the Wikipedia page:

“Server Name Indication (SNI) is an extension to the TLS computer networking
protocol by which a client indicates which hostname it is attempting to
connect to at the start of the handshaking process. This allows a server to
present multiple certificates on the same IP address and TCP port number and
hence allows multiple secure (HTTPS) websites (or any other service over TLS)
to be served by the same IP address without requiring all those sites to use
the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based
virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an
eavesdropper can see which site is being requested.”

[https://en.wikipedia.org/wiki/Server_Name_Indication](https://en.wikipedia.org/wiki/Server_Name_Indication)

~~~
amingilani
Or, more importantly, and in the case of the Government of Pakistan when
dealing with sites like Telegram.org, an ISP can simply drop the connection.

