Try mistreating someone for 8 years straight, then complain that their work ethic is the problem.
And then if you try to explain the truth they say "if you need to reinforce it, it cannot stand on its own, therefore it's a lie".
#meme #memestr #nostrmemeI keep coming back to wondering if everyone's working very hard to trying to teach/convince me things that I have long known, while I'm waiting for something sensible. π
Actually, you're missing the key point. The goal is to bully me into giving up all the things I valued either in terms of knowledge/information or principle. There has been a coordinated campaign with harassment and abuse, essentially to push me to give up on choice I made based on my values and principles.
*That* is what I refuse to surrender. The curve was never an issue. It's all part of the deception of my enemies.
You're being deceived.
Don't force your argument. Stop lying. Stop deceiving. Stop making up false, malicious excuses to be assholes.
nostr:nprofile1qqsxpuhwm8qys9q4gc7e0xvjp8mp6apf2ukptkyhrsc6hzqjd93vjrcppemhxue69uhkummn9ekx7mp083ulrr what truth? Are you trying to force a specific malicious explanation again?
Remember that your npub exposes your public key.
(As a side-note: maybe not every connection. I haven't looked into when it is exactly invoked.)
Sure, but that means we agree on that the dns methods themselves aren't a problem. I wadn't sure about that.
Have you considered the OCSP queries? Given that we all want https on all servers, now suddenly we need to query for certificate validity in every connection. π
Firefox allows you to use CRLite but it has to be enabled.
Sure, so the passive attacker knows you connect to the DoH/DoT ip address and it leaks the fact that it is "dotprovider.secret", but not the query you send.
Indeed SNI was necessary at first for webservers that serve multiple domains. ESNI solves that.
I didn't see dnscrypt discussed while scanning the article. dnscrypt is built on plain UDP/TCP packets, very similar to original DNS, but with encryption. See spec at dnscrypt.info (Note also that there are "oblivious" querying methods that obscure the exact domain name you're querying from the nameserver. Offered by dnscrypt-proxy.)
Afaict from your post, the emphasis is predominantly on the (E)SNI issue.
Where did you get that huuugge drink?
Also, I don't understand what you're actually commenting on with ESNI and ECH .. is it the dns query or the subsequent webserver connection?
I missed your post at the time, but happy birthday ππ
Right, gotya! Anyways, GM!