If you don’t trust the server you’re connecting to, why are you connecting to it in the first place? The only difference between ECH and no ECH is that encryption starts earlier.
The initial post is a somewhat incomprehensible rant but I think the objection is that any number of skeezy websites all have domains pointing to the same Cloudflare IP. So when a malware app opens a TLS connection to one of those domains, the shared IP doesn’t tel you anything, and the ECH prevents you from seeing with Wireshark just whose home the malware is phoning. You have to resort to more drastic methods like intercepting DNS. Better yet, don’t run malware.
If you don’t trust the server you’re connecting to, why are you connecting to it in the first place? The only difference between ECH and no ECH is that encryption starts earlier.
The initial post is a somewhat incomprehensible rant but I think the objection is that any number of skeezy websites all have domains pointing to the same Cloudflare IP. So when a malware app opens a TLS connection to one of those domains, the shared IP doesn’t tel you anything, and the ECH prevents you from seeing with Wireshark just whose home the malware is phoning. You have to resort to more drastic methods like intercepting DNS. Better yet, don’t run malware.
deleted by creator