Hi Marwan, You seem to be concerned that the ECH Public Name might reveal information that is not already disclosed by the destination IP, in cases where the use of a certain IP address by a certain operator is not otherwise known to the observer in question. This is true! In ECH the correct configuration in this case is to assign an unrelated Public Name to each IP pool. This change does not reduce privacy, and avoids revealing a linkage between different IP addresses that are not otherwise visibly linked. If you think this is not sufficiently clear, we can probably add text to the draft describing how to choose good Public Names.
On the topic of smaller hosts: not every IETF specification is equally useful to everyone, and this is fine. ECH provides more benefit when applied to large hosts, but it doesn't _reduce_ privacy for anyone, so it is safe to deploy on essentially any TLS server. On the topic of the "anonymity trilemma": this claim does not apply. ECH is not an "anonymous communication protocol" as defined in this paper (or otherwise), as it does not attempt to conceal the user's intended destination from the ECH operator. --Ben Schwartz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
