Hiya,
On 24/08/2022 02:26, 涛叔 wrote:
Hi, Stephen, I actually has some trouble to understand your point.
Yes, perhaps we're not understanding one another and it might help if you could describe what you think is the win here? What would you like to see?
On Aug 24, 2022, at 08:58, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: Factually, many people do deploy a web server hosted as a VPS by a small hoster, so could benefit from ECH, to some extent. I know in the small part of the world where I live (.ie) there are dozens of such hosters who run probably tens of thousands of web sites. ISTM making accesses to those less easily distinguished from one another brings potential benefits.My point there is some people run their website without intermediaryproxy. They still deserve the protection of ECH.
"Deserve" seems like an odd term to use. If a web site operator wants to benefit from ECH, then they need to be part of a set of web sites where it's hard to distinguish which is being accessed based on the TLS traffic. Perhaps you disagree with some of the content of RFC8744 rather than the ECH mechanism?
So what is you point here?
I think I made my point, perhaps badly, but nonetheless it was made as well as it was:-) I don't think it'd help either of us to only re-iterate.
I think you're wrong to only consider there being two cases of interest. People are fairly inventive in how they use new tools like ECH. But time will tell I guess.I have said there are two cases, but has not stated there are onlytwo cases.
I'm glad we agree there are a bunch of different ways in which ECH could be used. I read your earlier mail as you discounting anything other than the two cases you mentioned. Sorry if that was wrong.
The current design of ECH requires an intermediary proxy with dedicated domain name and SSL certificate to work. And I thinkit is huge burden for indie website.
"Huge burden" seems entirely wrong based on my experience. It's very easy to setup a web site with TLS these days in many different ways. Cheers, S.
So again, what is your point here? Thanks.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls