On 10/13/2022 5:57 AM, Salz, Rich wrote:
I am curious why you think they will be left behind. ECH support is coming to open source TLS stacks, and many DNS servers are already able to allow custom RRsets.
There is a tension between privacy and concentration. Privacy mechanisms like ECH work by "hiding in a crowd". The correlation between the clear text SNI or the server IP address and the actual hidden SNI depends on the size of the "anonymity set", i.e., the number and size of the services who would use the same clear text SNI and IP address. To take an extreme example, if there is only one service at the specified address, then the hidden SNI is easily guessed. So yes, services hiding behind a big service provider like Cloudflare will derive more benefits from SNI encryption than those using small providers or personal servers.
I don't think that the IETF can prevent large services from competing by providing privacy features. What would be the next step after that? Preventing large services from providing DDOS protection? But there may be one tiny thing that the IETF can do. It could establish a common convention for not specifying the SNI at all in the outer header, either because the SNI is found in the ECH data, or because the user is happy with using the default SNI associated with the destination address, or because "an alternative mechanism to indicate the target host is used" (as stated in RFC 9114 for HTTP3). There would be a couple advantages in doing that. Of course, competent filters and censors would just switch to checking IP addresses, but some may not be that competent, and the number of IP addresses to analyze may end up to be very large. But mostly, saying nothing feels better than lying, and also consumes fewer bytes.
-- Christian Huitema _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
