Thank you for the followon post. Now I understand what you are saying. I
disagree, but at least I understand :)
> 1. At large-operator scale, where SNI is used to block instead IP,
outer-SNI forces 'over-blocking' such that large swathes of the
Internet will be unreachable to many. (I'm purposefully ignoring
IP-specific matters to focus on ECH, itself.)
Perhaps. We don't know what national-scale entities will do. They could block
any connection that has the ECH extension in it, allowing sites to be reached
as long as "they" know the connecting site, and then fallback to SNI-blocking.
I believe such speculation is an idle academic exercise.
> 2. ECH privacy is directly proportional to operator size, which
devalues small operations The only answer to "how to achieve the
benefits of ECH" is to 'hide among the herd', which is achieved only
via larger operators. An Internet that discourages small operations is
not the Internet we value.
I completely disagree with the last sentence, for two reasons. First, as Ben
has pointed out, if a small site adds ECH it causes no additional loss of
privacy as if they didn't implement it. Second, yes, the larger the anonymity
set, the more benefit to "hiding." I suppose if you look at things in a
particular way, you can say that ECH increases the worrisome trend toward
centralization. Oh well.
I am treating ECH as a solution, not a building block. Others may disagree.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
