Hello, welcome to the Tuesday, July 17, 2018 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

First of all, thanks to everybody who came to our panel today. We got actually, as usual, I have to say,

a lot more questions than we were able to answer.

So for all of those who were not able to attend, we will answer some of these questions in upcoming diaries.

One issue that actually always sort of comes up in this context is also privacy.

And we have a new internet draft

that tries to protect the privacy of HTTP.

Now, why would you need to protect the privacy of HTTP, which is an encrypted protocol?

Well, the problem with HTTP right now is that the host name that you're connecting to

is still exposed in the clear due to a feature called server name indication. Server name

indication tries to solve the problem where you have multiple HTTP websites that are hosted

on one IP address.

In this case, the server has to know which key to use and which certificate to send back to the request.

This is why the server name is exposed in the clear.

Pretty much all current web servers and browsers support this feature, given that

you typically do have multiple websites hosted on the same IP address. This used to be a problem

with HTTP, and it used to be that you needed a specific IP address and port combination

for each HTTP host, but thanks

to server name indication, this went away at the cost of less privacy. Now, this latest

internet draft does leverage DNS in order to bootstrap encryption. The encryption key would

be published via DNS. Another interesting

...