Hi, Stephen, > On Aug 24, 2022, at 07:57, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > I don't believe that is the case. A small hoster can choose a > "public_name" and use that for customers. An enterprise of > whatever size can choose a "public_name" like example.com > <http://example.com/> and > then use that and ECH to cover accesses to other internal names like > accounts.example.com <http://accounts.example.com/> or hr.example.com > <http://hr.example.com/>. I know > there are a bunch of people who think by far the main value > of ECH relates to CDNs, and they may be correct, but I tend > to think the above approaches also have value.
What if there is no small hoster? If a person just buy a VPS to deploy a HTTPS server, what should he do to deploy ECH? As you say, he could use the example.com <http://example.com/> domain to protect the hr.example.com <http://hr.example.com/>. But how could he protect the entire example.com <http://example.com/>? With the current design, he could either register another domain like example.net <http://example.net/> or deploy his site behind some hoster like Cloudflare or others. The first case will leak example.net <http://example.net/>, which is equivalent to leak example.com <http://example.com/> and make ECH useless. The second case will make the Internet centralized more and more, and make it impossible for home-hosted website to deploy ECH.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
