It's also worth noting that the benefit of ECH goes well beyond encrypting SNI. There are lots of potentially sensitive things that are sent in the ClientHello, e.g., the ALPN value. There's also an important future-proofing aspect to this: We might end up with extensions in the future that inadvertently leak important information in the handshake that we would be better off encrypting.
Chris P.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
