Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If your ISP is large enough it is only sent to ISP's name server which probably has everything you need cached, and if it isn't it might blend in with other queries. And your ISP can sniff SNI or guess target domains from target IPs already.


Which is also being worked on via esni (now ECH for encrypted client hello) - https://crbug.com/boringssl/275




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: