We have SNI because it's needed to support virtual hosting, which we really only... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		commandlinefan on Sept 29, 2020 \| parent \| context \| favorite \| on: Identifying Airtel middleboxes that censor HTTPS t... We have SNI because it's needed to support virtual hosting, which we really only need because IPv4 addresses are scarce. If we could ever get to IPv6, SNI could be retired completely.

occamrazor on Sept 29, 2020 | [–]

True, but then IP based blocking would be highly effective.

mindslight on Sept 29, 2020 | [–]

Sure, but the security vulnerability of unencrypted SNI is still present with IP based vhosts - the destination IP precisely identifies the site.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact