>From the writeups I've seen, what they're blocking is TLS 1.3, not ESNI. Since ESNI can be de-anonymised with a high degree of success (see various conference papers on this) and in any case doesn't matter for the most frequently-blocked sites like Facebook, Instagram, Twitter, etc, it may not even be on the GFW's radar. My guess is that the GFW doesn't have a fast-path mechanism for TLS 1.3 so as 1.3 use grows it's being overwhelmed, therefore they're blocking it until they can upgrade their hardware. The fact that ESNI is also affected is just a coincidence of the blocking of 1.3.
Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
