Skip to content

Commit

Permalink
Update draft-ietf-tls-esni.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Dennis Jackson <[email protected]>
  • Loading branch information
@chris-wood @dennisjackson
chris-wood and dennisjackson authored Oct 13, 2023
1 parent 06c1f3a commit 6bacc75
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion draft-ietf-tls-esni.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1204,7 +1204,7 @@ client implementations to honor this action. Another approach may be to
intercept and decrypt client TLS connections. The feasibility of alternative
solutions is specific to individual deployments.

In environments where the network operator controls the endpoint devices, but
In environments where the network operator does not control the endpoint devices, or does controls the endpoint devices, but
is concerned about the security consequences of compromised devices, e.g., data
exfiltration, the SNI field is unsuitable for use as a control even in the
absence of ECH. This is because compromised devices can alter or spoof the
Expand Down

0 comments on commit 6bacc75

Please sign in to comment.