[145121] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Wed Sep 28 07:42:30 2011
Date: Wed, 28 Sep 2011 06:42:14 -0500
From: Brett Frankenberger <rbf+nanog@panix.com>
To: Owen DeLong <owen@delong.com>
In-Reply-To: <67EF0A3B-714E-4856-9E85-8D1B1E9AC150@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Sep 27, 2011 at 04:09:03PM -0700, Owen DeLong wrote:
>
> > Yes, it is realistic to expect every mom-and-pop posting a personal
> > web site to utilize a provider that implements SNI, and the sooner
> > they do it.
>
> No, it isn't because it requires you to send the domain portion of the URL
> in clear text and it may be that you don't necessarily want to disclose even
> that much information about your browsing to the public.
That's what happens without SNI. Without SNI, the IP address of the
server is sent in the clear; anyone who captures that traffic knows the
IP address, and, without SNI, anyone who want s to translate the IP
address to a domain name need only connect to the server and see what
certificate is presented.
-- Brett
