Hiya,
On 24/08/2022 01:11, 涛叔 wrote:
What if there is no small hoster? If a person just buy a VPS to deploy a HTTPS server, what should he do to deploy ECH?
Factually, many people do deploy a web server hosted as a VPS by a small hoster, so could benefit from ECH, to some extent. I know in the small part of the world where I live (.ie) there are dozens of such hosters who run probably tens of thousands of web sites. ISTM making accesses to those less easily distinguished from one another brings potential benefits.
As you say, he could use the example.com <http://example.com/> domain to protect the hr.example.com <http://hr.example.com/>. But how could he protect the entire example.com <http://example.com/>? With the current design, he could either register another domain like example.net <http://example.net/> or deploy his site behind some hoster like Cloudflare or others. The first case will leak example.net <http://example.net/>, which is equivalent to leak example.com <http://example.com/> and make ECH useless. The second case will make the Internet centralized more and more, and make it impossible for home-hosted website to deploy ECH.
I think you're wrong to only consider there being two cases of interest. People are fairly inventive in how they use new tools like ECH. But time will tell I guess. Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
