Hi Rich, These are great questions, and no problem at all. Admittedly I've attempted to be perhaps too diplomatic, since the topic is sensitive _and_ I'm an unknown to many in the wg. Also thanks to the replies that have come in while composing this reply.
[Minor] Fair point on theorem vs axiom, and probably right that I'm treating it as the latter. I suppose I know of no counterexample to the lemma, which is the reason to treat it as a useful reference point. I'm happy to set this aside as a distraction to bear down on the main focus... My own personal _technical_ assessment is that, **at Internet-wide scale**, the outer-SNI (possibly ECH more generally, but that's much harder to assess), cannot be disassociated from a deployment path. Two reasons: 1. At large-operator scale, where SNI is used to block instead IP, outer-SNI forces 'over-blocking' such that large swathes of the Internet will be unreachable to many. (I'm purposefully ignoring IP-specific matters to focus on ECH, itself.) 2. ECH privacy is directly proportional to operator size, which devalues small operations The only answer to "how to achieve the benefits of ECH" is to 'hide among the herd', which is achieved only via larger operators. An Internet that discourages small operations is not the Internet we value. Having said that... ...For the Rest, and more generally: Seeing above I think there is a root cause to all the confusion: We’re treating ECH as a solution to problems when, I think, it is supposed to be just a building block? If that's true, then at least one way forward is to articulate the distinction and how it matters. (A special thanks to the colleague who pointed out this possibility.) For clarity, if ECH is a building block, then perhaps there is a need to specify what that means, what it enables, what might be built on top? But, if we believe ECH is a solution to a problem then ECH’s success depends squarely on deployment models, and every member of this list imagines different deployments. Whether the deployment details are better or worse, right or wrong, they all matter -- which suggests a need to articulate, acknowledge, and address those details. Re-reading the previous paragraph, maybe there is a need for both to happen. (I'm happy to say more, if anything is unclear.) --marwan On Tue, 18 Oct 2022 at 14:23, Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> wrote: > > > Permit me to be direct: There are sound technical reasons that the > current design of outer-SNI may achieve the exact opposite of what ECH > sets out to do and/or, quite possibly, that outer-SNI has an adverse > effect on the health of the Internet ecosystem. > > Marwan, > > I find it difficult to understand the point(s) you are trying to make. Can > you remove the philosophical digressions (such as "there's no reason to think > the anonymity trilemma doesn't hold", or "general health of the Internet") > and provide specific examples of your concern? > > > find) highly desirable, but here goes: On the basis of the lemma, one > could humbly reason that ECH fails to provide privacy as it should be > because it either offers little-to-no more privacy in some cases, or > achieves some level of privacy strictly by always trading operator > identity. > > This assumes that the lemma must hold. As far as I know, a lemma is a > *theorem* and you seem to be treating it as an axiom. > > ECH talks about "anonymity set" The end of Section 1 seems to explicitly > discuss, albeit in much plainer language that I can follow, the trade-off > that you seem to be discussing above. > > > Moreover, consider authoritative DNS that is not managed or owned by > the operator -- a common setup, for example, used by owners of content > for load balancing [5] across multiple IPs at different operators. In > this case, ECH ‘on-by-default’ in TLS stacks injects risk into the > operator’s reachability > > If I understand you correctly, this cannot happen unless the operators allow > it, by implementing ECH. If the owner of the zone puts in DNS information, > and load-balances across multiple providers, they will have to either arrange > the keys to be shared across those providers, or *not do that* for some > providers. Are you concerned that example.com may delegate to Akamai and > CloudFlare, for example, and put in ECH keys that will result in some country > blocking other sites because hosted because they see the target IP? > > Sorry to ask you to repeat yourself. But could you do so, in non-academic > language, with fewer words and more concrete examples? > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
