Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> When using SSL, the remote domain name is transferred over the wire in plain text. Anyone able to sniff the traffic can know exactly what domains you're looking at, even when you're using HTTPS.

Without SNI you can only have one domain name per IP so that security consideration is not really an issue.



Well, what about wildcard certificates?

* Without SNI you know - guy A spoke to guy B, who is say facebook.

* With SNI you know - guy A spoke to guy B, who is facebook, and asked for myfavouriteuniquepics.facebook.com.

SNI may reveal some information.


One certificate per IP.

Whether the from SNI or the cert itself, there could be a lot of info to be learned about what the user was trying to access.


Well, you can use UCC/SAN certificates to support multiple domains under one IP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: