Closed chris-wood closed 11 months ago
LGTM. Do you want to add something about untrusted environments? e.g.
"In an environment where the network operator controls the endpoint devices, but is concerned about malware or similar exfiltrating data, the SNI field is unsuitable for use as a control even in the absence of ECH. This is because malware is able to spoof the value in an SNI field already, and can even fool security appliances which try to 'double-check' the websites hosted by the target server. ECH does not materially change this situation."
@dennisjackson I worked in your suggested paragraph. Please take another look!
@dennisjackson I worked in your suggested paragraph. Please take another look!
Two small suggestions, otherwise LGTM.
This lifts text from the ECH deployment considerations draft for inclusion in the ECH draft. It is not uncommon for protocol documents to address deployment considerations head on, and this PR attempts to do so. As always, feedback on the exact phrasing is welcome.
cc @dennisjackson, @davidben, @martinthomson, @cjpatton, @sftcd