Rich, I never said that TLS without ECH provides sufficient privacy. I said it provides sufficient security, and I fully admit that SNI raises privacy concerns.
The difference between us is that I believe that this privacy concern is minor (and almost negligible in the most common case where flows are classified without associating them with particular subscribers) as compared to the much more invasive privacy intrusions of the OTTs. Unlike you I believe that we need to consider the privacy vs. security tradeoff - comparing an almost insignificant privacy intrusion vs. major security threats. I don't recall saying that ECH is itself an attack, but if I did, I humbly rescind that statement. In a perfect world with no malicious sites, ECH is completely innocuous. In a perfect world where antivirus and IDS work perfectly, are always up-to-date, and zero-days don't exist, ECH is completely innocuous. ECH is merely a highly efficient method of hiding the actual attacks from network-based security mechanisms. Y(J)S From: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> Sent: Thursday, July 3, 2025 6:39 PM To: Yaakov Stein <yst...@allot.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [EXTERNAL] Re: New Version Notification for draft-stein-tls-ech-considered-harmful-00.txt External Email: Be cautious do not click links or open attachments unless you recognize the sender and know the content is safe Well, I didn't write this to merely get things off my chest. Well, it sure reads that way. For example, calling it an "attack" is needlessly provocative. Saying that TLS provides sufficient privacy, when the ECH document itself points out that having the SNI in the clear is a privacy concern, shows a poor understanding. You seem to disagree with that concern, which is fine, but your argument in the document is not persuasive. Take this feedback however you want; it's worth what you paid for it. This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
