Hello All,I've been a huge proponent of ESNI (as a consumer, not developer) back when it was introduced as a draft, with firefox support (albeit behind a flag), and it being enabled for Cloudflare customers. For me (and people I introduced it to), the purpose was to bypass SNI based blocking utilized by Jio, an ISP in India. By enabling DoH, ESNI in Firefox, several websites previously blocked by DPI would now work. It was unfortunate when ESNI was "dropped" for working on ECH, since the ESNI trick to bypass the blocks stopped working.
However, now that ECH is nearing completion, I've been trying it out, and was wondering - what is the best way (as either a client / a server operator), to address SNI leaks? Specifically, I am concerned about the "public name" field in the ECHConfig. For services such as cloudflare, they can "hide" everything behind a single domain (e.g. "cloudflare-ech.com"). However, for someone who just owns a single domain (e.g. "hub.com"), what would the "suggested value" be?
Section 6.1.7 implies it should NOT be an IPv4 address. If I do not wish to leak the real domain, is it "acceptable" to use something like "fakedomain.com"?
If the public_name leaks domain in anyway, I think it would be quite unfortunate, at least for bypassing DPI-blocks. From what I understand, the purpose of public_name is only if the server doesn't support ECH, but if a client retrieved an ECHConfig, why shouldn't the client just skip this field? I fear it will become a situation like the initial SNI extension - even when websites do not need it, browsers' TLS stacks send it anyway, causing leakage.
For instance, in India, a popular website, let's call it "hub.com", is blocked via SNI. However, the website itself does NOT rely on SNI, It is possible to open a pure TLS connection to it via IP, it serves the TLS cert for "hub.com" so the handshake can be completed, and then the website will load as normal. I verified this by manually using "openssl s_client", WITHOUT SNI. But since Firefox/Chrome will always send SNI, the ISPs can block it.
Wondering if you guys have any thoughts about the public name field, or perhaps I am misunderstanding it.
Regards, Raghu Saxena
OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
