TL;DR:
I suggest you consider hosting a side meeting at IETF 115 in London.
> **Short setup**: There is more attention than ever on Internet
operations from non-Internet governance and, in this context, it is
possible that ECH presents a greater risk to the Internet than
benefit, if deployed. And as a result, it is possible that servers and
content operators *may* have more reasons not to deploy.
It is *possible* but based on who is participating in the ECH drafting and
discussions, it seems those organizations have probably already done their
analysis. (Have you asked your employer, for example?)
> There are really only two ways to populate the outer-SNI. One way is a
fixed name that easily identifies the content operator
If you don't think that potential attackers know the IP addresses of the
biggest potential ECH sites you're wrong. That kind of large-scale blocking
isn't based on domain name, but rather the IP address.
> In addition, there is an argument to be made that ECH could lead to
the loss of some small operators (e.g. universities and bedroom closet
servers) that feel forced to move their service to larger providers
because ECH offers no additional privacy and squarely leaves small
providers behind.
I am curious why you think they will be left behind. ECH support is coming to
open source TLS stacks, and many DNS servers are already able to allow custom
RRsets.
I am also unclear what you are trying to do. You don't want to stop ECH
development, but what? Add a cautionary tale for would-be adopters? Have you
seen Andrew Campling's draft on the subject?
/r$
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
