Hi, Rob,
> On Aug 24, 2022, at 08:25, Rob Sayre <[email protected]> wrote:
>
> It might be a bit misguided, since the IP address would reveal enough in most
> cases.
There is a essential difference between IP address and domain. You can change
IP address easily, but it is almost
impossible to change a domain name.
> If you're saying that ECH requires an intermediary, that's true. But it's not
> worse than the status quo. It's in the draft: "Co-located servers with
> consistent externally visible TLS configurations, including supported
> versions and cipher suites, form an anonymity set."
The current design needs an intermediary doe not means the ECH have to require
one.
What ECH really does is offering a mechanism to encrypt some data before the
TLS handshake successfully.
There is no need to depend another (partial) TLS handshake.
Some countries and organizations will block website by SNI. If they want, the
could block all sites protected by
the common outer SNI domain. All the websites not after some intermediary will
be blocked more easily, because
they could not deploy ECH.
This is why I think the current design is not well enough.
Some one may argued the IP address can be blocked as well. But change IP
address is very easy and has no
effect to the customers. But if the domain has been blocked, every thing has
gone.
If the ECH could encrypt all data of ClientHello, why could us let the outer
plain text SNI exposed?
Or is there any issue to verify the new ECH config by DNSSEC mechanism?
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
