Re: [TLS] ECH not protect SNI

Tue, 23 Aug 2022 23:24:19 -0700 


On 8/23/2022 8:58 PM, 涛叔 wrote:

Hi, Christopher,


On Aug 24, 2022, at 11:19, Christopher Patton<cpat...@cloudflare.com>  wrote:

It's true that reverse proxies, like Cloudflare, terminate TLS for a large 
number of names and therefore have the potential to provide a higher degree of 
privacy. But I don't think it's fair to say that smaller TLS servers don't 
benefit from ECH.

I never say the smaller TLS servers don't benefit from ECH. Every one does.
What I said is those standalone small VPS server, working in share mode, will 
prepare to different domain for inter and outer SNI.
ECH can encrypt the ALPN and other parameters. The "QUIC Protected Initials" proposal (https://datatracker.ietf.org/doc/draft-duke-quic-protected-initial) protects the initial QUIC handshake against interference by third parties, and depends on ECH. So, even for an isolated server, ECH has value. 


As there is no common proxy, all the domains are bounded to on site. This makes 
protecting the inner domain useless, because
the outer one has a one-to-one responding to the inner one.
The current design works well for occasion using the intermediary proxy. But we 
could make it one step further to support
the occasion without intermediary proxy.
Yes, the server might tell its clients to use a fake external SNI, and that might fool some of the current censorship services. But that will only work until the next update to these services. If there is no proxy, then the IP address points directly to the isolated server. A lookup of the IP address in the DNS would provide the name of that server. Even if the server does not registers its address in the "in-addr.arpa", we have to assume that the censors run some kind of web spider and memorize the IP addresses of the servers that they want to censor.
If you want to deploy servers that evade censorship, they cannot be isolated. They have to join some kid of pool, and the pool has to be big enough and important enough that censors cannot just block the IP address shared by all pool members. And then ECH will work as expected. 

-- Christian Huitema

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to