-
pep.
Noob question here, (probably going to start a holy war), why is everybody playing with direct TLS again, is "corporate firewalls" the only reason it was brought back from legacy land, (what I gather from 368)? Please enlighten me :x
-
Ge0rG
pep.: less round trips
-
pep.
Also why did we even switch to starttls by default in the first place
-
daniel
pep.: certs
-
daniel
In multi domain environments you need a way to signal the domain
-
daniel
That role is now played by sni
-
daniel
And also I think people collectively thought starttls was cool
-
MattJ
I think people also thought SNI was cool
-
MattJ
I'm glad it's finally receiving a lot of attention that it's also unencrypted and doesn't offer much
-
Ge0rG
MattJ: the agencies still try to sabotage encrypted SNI
-
jonasw
somebody needs to tell the encrypted SNI folks that it won’t play well with use-cases like XMPP
-
jonasw
before that draft advances further
-
jonasw
I’d appreciate if that was somebody who has more experience with IETF processes than me though
-
Ge0rG
jonasw: why wouldn't it play well?
-
jonasw
the public keys for SNI encryption are in DNS, under _esni.$domain TXT
-
Ge0rG
Sigh.
-
jonasw
so if you host both HTTP and XMPP on $domain, both services need to have the same private key
-
flow
jonasw, guess that is what you wanted to tell the authors?
-
jonasw
flow, yes
-
pep.
Ge0rG, tell me a thing the agencies are not trying to sabotage :)
-
Ge0rG
pep.: your mom!
-
pep.
who knows
-
Ge0rG
pep.: your mom!
-
pep.
You sure
-
Ge0rG
🤔
-
SamWhited
Oh hey, jonasw's sed echo bot is front page of HN all of a sudden: https://news.ycombinator.com/item?id=17601761