dennisjackson
commented
12 months ago LGTM. Do you want to add something about untrusted environments? e.g.
"In an environment where the network operator controls the endpoint devices, but is concerned about malware or similar exfiltrating data, the SNI field is unsuitable for use as a control even in the absence of ECH. This is because malware is able to spoof the value in an SNI field already, and can even fool security appliances which try to 'double-check' the websites hosted by the target server. ECH does not materially change this situation."
chris-wood
This lifts text from the ECH deployment considerations draft for inclusion in the ECH draft. It is not uncommon for protocol documents to address deployment considerations head on, and this PR attempts to do so. As always, feedback on the exact phrasing is welcome.
cc @dennisjackson, @davidben, @martinthomson, @cjpatton, @sftcd