On Tue, Aug 11, 2020 at 11:52 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> ... in reference to a question someone else asked about ECH and TLS > 1.3, since it's not defending against anything the censors are doing I > can't > see what its presence or absence would do. Something like ECH seems like > classic inside-out design, "here is our cool piece of crypto trickery, and > whatever it happens to defend against is the threat". > Censors do use the unencrypted SNI. See: https://tools.ietf.org/id/draft-irtf-pearg-censorship-03.html#sni That doesn't mean an encrypted ClientHello will solve all of the problems we've discussed, of course. That said, most of the linked papers I've read could be possibly-overfit ML models that study older TLS versions without ECH. Their underlying point could be correct, but the data is old, and usually not public or reproducible. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
