client to support SNI

Thorsten Glaser t.glaser at tarent.de
Sat Dec 7 23:45:29 AEDT 2019


On Sat, 7 Dec 2019, Jochen Bern wrote:

> (*) "SNI" is the established name for one *specific* solution of the
> general "client connects and *then* selects from several available but
> different backends" feature, namely, the one integrated into SSL *and*
> interacting with the verification of the server's/backends' X.509
> certificate. If anything, the patch proposals you referred to rather
> resemble the "Host:" header introduced into HTTP with protocol version
> 1.1, to implement name-based web servers in *pre*-SSL times ...

SNI is just a rather bad, privacy-violating, excuse to not use the
current version of the Internet Protocol, hiding behind useless crap
like NAT or vhosts. I am appalled that TLSv1.3 now requires it and
would rather see it utterly abolished.

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!


More information about the openssh-unix-dev mailing list