> Permit me to be direct: There are sound technical reasons that the
current design of outer-SNI may achieve the exact opposite of what ECH
sets out to do and/or, quite possibly, that outer-SNI has an adverse
effect on the health of the Internet ecosystem.
Marwan,
I find it difficult to understand the point(s) you are trying to make. Can you
remove the philosophical digressions (such as "there's no reason to think the
anonymity trilemma doesn't hold", or "general health of the Internet") and
provide specific examples of your concern?
> find) highly desirable, but here goes: On the basis of the lemma, one
could humbly reason that ECH fails to provide privacy as it should be
because it either offers little-to-no more privacy in some cases, or
achieves some level of privacy strictly by always trading operator
identity.
This assumes that the lemma must hold. As far as I know, a lemma is a *theorem*
and you seem to be treating it as an axiom.
ECH talks about "anonymity set" The end of Section 1 seems to explicitly
discuss, albeit in much plainer language that I can follow, the trade-off that
you seem to be discussing above.
> Moreover, consider authoritative DNS that is not managed or owned by
the operator -- a common setup, for example, used by owners of content
for load balancing [5] across multiple IPs at different operators. In
this case, ECH ‘on-by-default’ in TLS stacks injects risk into the
operator’s reachability
If I understand you correctly, this cannot happen unless the operators allow
it, by implementing ECH. If the owner of the zone puts in DNS information, and
load-balances across multiple providers, they will have to either arrange the
keys to be shared across those providers, or *not do that* for some providers.
Are you concerned that example.com may delegate to Akamai and CloudFlare, for
example, and put in ECH keys that will result in some country blocking other
sites because hosted because they see the target IP?
Sorry to ask you to repeat yourself. But could you do so, in non-academic
language, with fewer words and more concrete examples?
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
