• dan@upvote.au
    link
    fedilink
    English
    arrow-up
    1
    ·
    28 days ago

    get around local laws

    That’s not a legitimate use; it’s an illegal use just like piracy is.

    especially since SNI exists to de-mask TLS packets

    ECH will finally fix this. https://blog.cloudflare.com/encrypted-client-hello/

    SNI is still better than what we used to have. Before SNI, every site that used TLS or SSL had to have a dedicated IP address.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      28 days ago

      That’s not a legitimate use; it’s an illegal use just like piracy is.

      My understanding of the law (and yes, I read it) is that it’s not illegal. The law in my state is for service providers to authenticate the ID of any state resident, it’s not a requirement on the resident themselves. The service provider isn’t aware what state I’m a resident of, and state law doesn’t apply outside the state, so I don’t know what law would be violated here.

      SNI is still better than what we used to have.

      I absolutely agree, and I actually use SNI to route packets for my homelab. Without SNI, I would have to route after handling certificates, which would be annoying because I want TLS to work within my home network, and I mess w/ DNS records to point to my local IPs when inside my network. I could have everything routed through a central hub (so one dedicated machine that handles all TLS), but that’s a single point of failure, and I’m not too happy about that. Or I guess I’d have multiple IPs, and route based on which IP is being hit.

      I’ll have to check out ECH. Hopefully I can eat my cake and have it too.