On Thu, Jul 30, 2020 at 11:16:50AM -0700, Christian Huitema wrote: > Thanks for the report. I think this relates to our ambivalence about the > requirement for ESNI to not "stick out". That requirement is hard to > meet, and designs have drifted towards an acceptation that it is OK to > stick out as long as a sufficiently large share of the traffic does it. > If that share is large, goes the reasoning, it would be too costly for > censors to just "drop everything that looks like ESNI". Well, given > actors like the Great Firewall, one wonders.
There's nothing wrong with that reasoning, in my opinion. To blend in with a crowd, you can change yourself to match the crowd; or you can change the crowd to match yourself. My feeling is that ESNI is currently easy to block (or to put it in terms I like, *inexpensive* to block) because very few TLS connections use it--nothing valuable depends on it yet. Whereas if encrypted SNI were somehow deployed suddenly and massively such that it became a normal feature of TLS connections both essential and inessential, it would be more difficult (read: expensive) to block. After all, even the GFW is not all-powerful. Surely it would prefer to abolish TLS altogether, but it's too late for that. At this point, blocking TLS would cost too much--not in terms of implementing firewall rules, but in how much essential communication it would damage. Put another way, the GFW itself, and the people who operate/manage it, would feel some of the pain of blocking. I don't mean to imply that coordinated deployment is the only path to success, just saying that if SNI encryption were already widespread, even an obvious tag like 0xffce would not be a useful distinguisher. And though I find it useful to think of these things in terms of the costs of overblocking, it's not an infallible guide. A large organization like the GFW is made up of many conflicting motivations, and it is as prone as any other to making bad decisions and enacting policies that are evidently against its own interests. For that reason I believe it's possible to reduce the risk surrounding the deployment of encrypted SNI, but not eliminate it completely. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
