Client Hello is one of the ways firewalls figure out what site you’re going to in order to block it from memory (its possible I’m getting this confused for a different request). Curious to see the impact of this.
Some Anti-DPI measures splitting Client Hello to avoid DPI and it works. I guess it would be more easier for average users to avoid DPI with ECH.
I don’t quite get what the point is. No matter how good you encrypt the server name, the destination IP address will always be visible. Are there that many webservers sharing the same IP, that this makes a noticeable impact? Am I missing something?
It certainly isn’t a silver bullet l, but considering the amount of data that gets served through CDNs like Cloudflare, it should do something.
Yes, especially for simpler/smaller websites there can be hundreds or thousands behind a single IPv4 address.
Or if you have a larger infrastructure provider, use any kind of CDN or “target cloaking” or whatever there could be millions of different hosts on a single publicly visible address. (Or more like multiple shared addresses).
