-
rehrar
Guys, I'm sorry, but due to the virus, Monero devs are asked to stay and work from home.
-
rehrar
selsta moneromooo xiphon
-
selsta
ok boss
-
rehrar
hyc, you were supposed to bring doughnuts next, so that will carry on when we come back sometime next year
-
rehrar
Snipa: this disaster occurred on your watch after pony stepped down. You will go down in history as responsible for the CoronaVirus
-
xiphon
rehrar: alright )
-
hyc
I will keep this box of donuts stashed here until we re-convene
-
Snipa
rehrar - Excellent, I've been working from home for a week. Always good to know what I'm getting blamed for. :P
-
asymptotically
my home is a work-free zone
-
fuwa
if you work you lose
-
xiphon
damn it.. just discovered web browsers when using SSL are sending requested server name in plain text in during the handshake. ClientHello packet -> Server Name Indication extension
-
moneromooo
Have to, so the server knows which key to use.
-
asymptotically
wasn't encrypting it supposed to be a part of tls 1.3? :'(
-
moneromooo
Hmm. I suppose the server could send back a list of vhosts along with the keys, and the client uses the one it likes...
-
» moneromooo recently spend more time that comfortable dealing with apache config
-
xiphon
yep, but i naively thought such and information has to be encrypted
-
xiphon
so passive adversary won't know which sites (domain names) a user is visiting over HTTPS
-
moneromooo
If your DNS doesn't leak it :)
-
asymptotically
tools.ietf.org/html/draft-ietf-tls-esni-06 <-- not sure what the status of this is. apprently firefox supports it already
-
xiphon
asymptotically: looks promising
-
moneromooo
Hmm. Proposed by Cloudflare. The very people who would still have access to that info for most of the web...
-
asymptotically
i guess it helps sites served by big hosts and cdns like buttflare most. maybe you didn't just transmit getmonero.org in cleartext but you're still connnecting to their ip address
-
dsc_
I believe QUIC fixes the problem xiphon talked about, where HTTP does not start until TLS session has been established (don't quote me on that)
-
asymptotically
also "they" don't need to look at the SNI info if you're just connecting to google/buttflare/bigcorp
-
hyc
this is just one of the main reasons not to do virtual HTTP servers
-
hyc
spectre/meltdown being another significant reason not to share your infrastructre with anyone else
-
asymptotically
if only i didn't have to sell a kidney or three to get some ipv4 addresses :(
-
dsc_
That's just routing though, I think hyc means "sharing memory" in the context of spectre/meltdown :p
-
hyc
the rest, cloudflare proxies intercepting your traffic - I mean seriously, who intentionally builds MITM doors into their protocols?